Paul writes about attributes and how they won't be trusted for self assertion when the value of the attributes is used to distinguish levels of service. In the context of any given application, a Relying Party will be unwilling to accept a self-asserted identity attribute without verification if there exists the possibility of differentiated advantage to the user in claiming one value for that attribute over another. And follows with the corollary: For any given identity attribute, there exists an
Read More...