Subject Re: VO challenges - article
From Nate Klingenstein <ndk@xxxxxxxxxxxxx>
Date Tue, 27 Oct 2015 17:24:55 +0000

> You're right, Paul, which is why (I think) Nate Klingenstein, John Bradley, and others are talking about entity attributes signed by the relying party, not the registrar.

It’s not a focal point of my dogma, but it’s a strong advantage that would be enabled by distributed identity data models, beginning metadata resolution at the counterparty rather than at a central registrar.  I believe we’ll need multiple authorities regardless, which gets to the heart of why I am pushing this point specifically.

But beyond that is the evil bit and Scott’s ultimate question:

How much of what the counterparty tells you should you be able to vet with a mutually trusted authority?  Right now, it’s generally limited to one authority that vouches for the contents of SAML metadata, but nothing beyond that.

Is that the right amount?  Is that the wrong amount?  Is it the right amount, but with the wrong fields?  Do you want more?  Do you want less?

I don’t think there is a universal answer to these questions, and I deliberately left trust resolution fairly open ended to allow multiple models to compete in the marketplace.  There’s a “sweet spot”, and my assertion is that it’s sufficiently different in each use case to allow for this flexibility.

The more that you can “validate”, the harder change management becomes, and the less distributed the infrastructure becomes, but the stronger the resulting trust model.