When the Authz-Consent Option is used, the X-Service Provider may utilize the Authz-Consent values in local policy for access control decision making. The values are informative to the X-Service Provider which may choose to ignore the values.
151
3.40.4.1.3.2
Note: All assertions for this AIPO are stated as "may" in the TF documentation. The CASC XUA tests will need to document a policy regarding the purpose-of-use codes and write a test to have the Provider enforce the policy.
REVIEWED
false