Subject Re: VO challenges - article
From David Chadwick <d.w.chadwick@xxxxxxxxxx>
Date Wed, 28 Oct 2015 00:14:04 +0000

If you revert to the 'real' world of plastic cards, you will see that
AAs issue plastic cards to me, and I use them at any SP I wish to (that
will accept them) and the AA often has zero liability in this (e.g.
flashing a frequent flyer card in a hotel and getting a discount or some
points). This model could not work if the AA accepted liability
everytime I used my card somewhere. They simply would not give me the
card anymore. So we do have a working model to refer to



On 27/10/2015 22:38, Tom Scavo wrote:
> On Tue, Oct 27, 2015 at 3:24 PM, Warren Anderson <wganderson12@xxxxxxxxx> wrote:
>> So, is there something we can have the R&S SPs do to mitigate the perceived risk?
> Yes, I think there is. The current model forces the IdP operator to
> assume the risk but clearly the SP owner is the benefactor of
> attribute release. It seems to me that the SP owner must *explicitly*
> accept the risk of attribute release. That requires a different model,
> I'm afraid.
> Tom