...
While this proxy model has some advantages (scalable, easy deployment from SP perspective, no SP discovery needed), it also has some weaknesses that it share with all proxy models (IdP must trust proxy, conflict with data minimization). The following specification of an Identity Assurance Service Attribute Authority is an alternative approach making use of SAML Attribute Authority, which shares some of the advantages of the proxy model but has a fewer weaknesses.
Architecture
High level architecture
FIXME: Image + Description
Identity Assurance AA Architecture
The Identity Assurance AA consists of a
...