>>>>> "Alan" == Alan Buxey <[log in to unmask]> writes: Alan> How does putting the realm at the end of the ID stop Alan> impersonation? Enforcement by the Trust Router? Surely the Alan> service provider knows the iDP from the users anonymous ID and Alan> can log/record/store the CUI related to that request. I don't Alan> see what adding that realm to the end does. .. apart from Alan> leaving trackable non-anonymous parts lying around as I've Alan> already said alan We had a long discussion on this. By the time that the realm gets to the RP, it needs to have a scope. People *won't* log and check the scope unless it's in the attribute at the point where they put the attribute on ACLs. We discussed options of adding the scope close to the IDP and close to the RP. Rhys and Stefan preferred adding the scope close to the IDP. Especially if there are going to be multiple attributes, I tend to agree with them.