...
- The simplest use case for attribute aggregation is when an SP/RP wants to supplement identity information received from the authenticating IdP with information maintained by a third-party attribute authority (such as a VO)
- In the more general case, things get more complicated. How is trust established between SPs and a collection of Attribute Authorities? How are identifiers from one assertion mapped to identifiers for the same subject in another attribute authority?