Subject Re: Scope spoofing - Scoping Policy Framework?
From Leif Johansson <leifj@xxxxxxxx>
Date Fri, 13 Nov 2015 10:25:26 +0100

> The UK federation considers scopes and entity IDs both to be critical
> and has a requirement that the registrant of an entity owns the domain
> name in the entity ID and/or scope, or if they do not, that the owner of
> that domain name writes a letter to the federation operator granting
> permission to the entity registrant for use of the domain in the entity
> ID and/or scope.
> We do not have any such requirement regarding the domain name in the
> endpoints.
> Sara

We care about scopes primarily in SWAMID - basically we do what UK does.