I'd like to propose another "interim requirement" for the assertion
[R-AuthorityScoping] Support for scoping for what assertions an
authority is trusted
For example, I might want to allow a third party to issue assertions
granting POST access to part of my web server (but not the whole web
server). Another example would be to allow a third party to issue
assertions granting access to a subset of the operations available in
a particular (CORBA) interface.