Wiki Markup
To paraphrase Roland Hedberg, it is high time to seriously address authorization as we work on our (inter-)federation identity and access management (IAM) infrastructures. Two patterns are commonly found today, depending on whether the locus of authorization evaluation is at the IdP or RP and I would argue that there is a third alternative that is worthy of consideration.
...
We have not genrally thought of our (inter-)federation IAM infrastructures as containing PIPs (well, we have started to talk about AAs) or PAPs in addition to IdPs and RPs, but if model 3) is interesting to us, we will need to think those thoughts. --Keith Hazelton (6 September 2012)
We need to hasten the day that attribute authorities (AAs) become first class entities alongside IdPs and SPs. But if each attribute authority offering attributes of potentially global interest has to join each and every R&E federation, that day will not come.
I suspect this is one reason I hear some people talking about the need for more liberal metadata publishing and consumption practices. We can't, of course, throw our federation trust fabrics out on the curb like sets of faded drapes, but a little deep thought about inter-federation scaling problems seems in order here. --Keith Hazelton (6 September 2012)
...