RGalluzzo
commented
8 years ago Excellent point on the example. We will update with your suggestion. We lean towards leaving "last update" in for cases where the attribute has not been verified. At a minimum the RP will understand the last time it was changed or updated.
MITRE:
Minor:
3.2.1.2:
The distinction between Last Update and Last Verification is unclear. Is there some usefulness in knowing that an AAS pushed out the same attributes without verifying them?:
Depends on results of discussion of question above. Also, though, I think a role assignment would be a better example in Last Verification than security clearance; it has broader utility to the audience and it's a chronic problem to take away role assignments.:
Organization: 1 = Federal, 2 = Industry, 3 = Other