Assurance Levels for Attribute Assertions may not be realistic

There was some discussion going on in some working groups about extending the concept of authentication assurance levels to attribute assurance.

However, the business case might be different. The attribute authority will usually have a different position than an identity provider. The IdP will usually be in a competitive environment, whereas the AP will be in the sole authoritative source. Hence the Relying Party will not have a negotiating position to ask for anything than best effort and compliance to applicable law.

E.g.: A medical society will vouch the role "GP" for a health care professional, or a university will vouch the role "active student" for a student.