X509 authn based attribute protocol profile

["Conor P. Cahill" <concahill@aol.com>]

I have several concerns with this profile:

• The use of the x509 cert to authenticate at multiple SPs sheds some of the potential user's privacy blanket as those providers will all know the user by the same ID.  We should at least note this somewhere in some considerations for the use of the profile.
• There doesn't appear to be any tying of the DN presented by the SP to an actual authentication event at the SP (e.g. the SP can remember the DN for days, weeks, years and reuse it whenever it wants).    In fact, the SP could just make up a DN and try it to see if it works or the SP could have gotten the DN from another SP.  Either we should solve this problem or we should say that this has nothing to do with authentication and just say it is DN based attribute lookup (we don't care how the DN got to the SP as far as I can tell in the protocols).
  
• There doesn't appear to be any discussion on the fact that the IdP should be extremly careful about who it allows to submit such requests (which SPs) and that it should have some measure of trust in the SP.
• There probably should be some discussion about the fact that the IdP may want to give the principal some level of control over which SPs can query which data from them (and/or have some means of optaining real-time consent when the request is made).

Conor