FAL2 Trust Agreements and IPSIE

[dhs-BI]

FAL2 compliance requires trust agreements as documented in #71. Opening this issue to move the discussion forward on how IPSIE should approach trust agreements.

chair hat off
For enterprise use cases, I do not believe trust agreements should be a part of IPSIE. These are business agreements between organizations and not definable security controls that the IPSIE WG should tackle.
chair hat on

[deansaxe]

Per the notes from the 2025-05-13 meeting, we will not address this in SL1 for interop this year. As discussed, I will provide a PR to the levels doc to update the description of FAL2 to provide clarity that the scope of FAL2 compliance is technical controls that improve the security of federations.

We will revisit this issue at a later date, therefore, I'm untagging this from SL1.