Federated identity protocols like SAML and OpenID Connect enable us to authenticate people in other domains, but trust issues quickly surface. For example, if your organization operates a website with valuable content and someone you authenticated at another domain steals the content, what recourse do you have? If your organization operates an OpenID Provider (OP), and a relying party website (RP) is hacked, potentially exposing your account holders' personal information, do you expect to be notified? What rights do you have to update your personal information at identity providers or websites that you use? These related federated trust considerations are aptly described by Scott David, a legal identity scholar, as the "triangle of trust" (see Figure 10-1).