...
One way to delegate responsibility for identity proofing is to use a SAML identity federation to request authentication from any of the member organizations of that federation. Technically the SAML federation is a trust bridge using signed XML metadata documents to convey that a federation operator has vetted the identity management processes against a policy defined by the federation. In other words the members of the federation (which in our case would include the NorduGRID CA) can trust that identity proofing process is equally good (or bad depending on the policy) by at all members of the federation.
...