Hi David, It is mostly a philosophical question whether privilege verifier is part of relying party. I do not believe it is stated anywhere in X.509. I believe an innocent reader will be confused when the whole section talks about privilege verifier and suddenly see relying party as synonym. Regards, Erik -----Original Message----- From: x500standard-bounce@xxxxxxxxxxxxx [mailto:x500standard-bounce@xxxxxxxxxxxxx] On Behalf Of David Chadwick Sent: Tuesday, April 08, 2014 7:02 PM To: x500standard@xxxxxxxxxxxxx Subject: [x500standard] Re: relying party or privilege verifier Hi Erik they are the same entity, arent they? The privilege verifier is a component of the relying party regards David On 08/04/2014 15:45, Erik Andersen wrote: > The second to the last paragraph of clause 13 of X.509 says: > > > > In both deployment models, the SOA issues attributes/privileges to > subordinate AAs. The AAs then request the DS to issue a subset of > these privilege attributes to other holders. In the second deployment > model, the DS can check that an AA is delegating within the overall > scope set by the SOA; in the first deployment model, the DS cannot > check and the relying party will have to check that delegation was performed correctly. > > > > I assume that it should say "privilege verifier" instead of "relying > party". Right? > > > > Erik > > > > > ----- www.x500standard.com: The central source for information on the X.500 Directory Standard. ----- www.x500standard.com: The central source for information on the X.500 Directory Standard.