Assurance

["Cantor, Scott" <>]

> That's my feeling as well, though from the vendor's PoV they are testing
> communication between my IdP and their SP, so I know they'll complain
> about running a different IdP (and even if they did, I don't see how they
> could assert Silver IAQ from their own IdP).Obviously, this vendor hasn't 
> built
> any backdoor for the monitoring application to use either.

The problem is that it makes no sense at scale. They're not going to run 
monitors against every IdP they ever support to make sure the whole stack 
works. That can't be a requirement of federation.

One of the purposes of a general trust framework using metadata is that it 
allows one to generalize from A to B. Using point to point SAML, you don't 
really have any way to know if one IdP working implies that another will 
(absent a problem with the IdP), but with Shibboleth and a couple of others 
you can.

-- Scott