Dear WG one of the issues with the third party query mode, is how does the AA know that the user has issued consent for his attributes to be retrieved by the grid PEP. I propose that we insert the Consent parameter (see Section 3.2.1 and 8.4 of SAML Core) into the third party query with a value of Implicit. The fact that the user has initiated the grid job request, causing the PEP to pull his attributes, implies that he wants his attributes to be retrieved so that his job can run (otherwise he would get an authorisation failure message response). It therefore seems perfectly reasonable for the PEP to insert the Implicit Consent parameter into the request to the AA regards David -- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************