Federation - Support for Runtime Decisions on Release of Subscriber Information to Dynamically Registered RPs, v1.0

Identity Providers that support dynamically registered RPs must allow subscribers to authorize these RPs before releasing user information to them.

Assessment Step

Dynamic Registration User Release (DynamicRegistrationUserRelease)
Does the IdP allow the subscriber/user to control whether the IdP trusts dynamically registered RPs with their information?
Provide evidence (e.g. policies, operational samples, screenshots) that the IdP requires the subscriber/user to approve the RP before sending them user information.

Conformance Criteria (1)

IdPs SHALL require runtime trust decisions to be made by an authorized party (such as the subscriber) before releasing user information.
NIST SP 800-63C
Section 5.1.2, Paragraph 4