Assurance

[Tom Scavo <>]

> What do you do in this scenario?

I don't think the scenario is very realistic since SAML Web Browser SSO 
usually involves a user in possession of a browser and an authentication 
secret. About the only way I can see this happening is if the browser 
authenticates with, say, an X.509 certificate. Then maybe you can do without 
the user and you can run the scenario unattended. (I'm assuming the private 
key is not protected with a passphrase of course.)

> Would you give InCommon Silver IAQs to the monitoring/automated
> account?

There's nothing to prevent you from deploying an IdP that can assert a Silver 
IAQ any time it wants. If you're asking if that IdP can be in InCommon 
metadata, sure, but the only way that IdP gets a Silver IAQ in metadata is if 
it's Silver qualified. Otoh, there is a silver-test qualifier you could use 
in this case.

Tom