> What I think we can take away from this is that
>
> 1) RADIUS needs to be able to express this at the cross -domain level
> (trivially true)
> 2) Our architecture needs to permit deployments where this distinction
> is reflected into separate SP SAML identities.
That's my preference, yes.
Thanks,
-- Scott
|