How can a user know that the PDP has user profiles so they can limit the
promulgation of their profile data?
As pointed out in the thread on Authentication Requirements, how does the
PROTOCOL limit traffic data from being sent to third parties? How does the
PROTOCOL know the difference between a server run by the service provider
and a server run by a third party?
In the real world, the user and the service provider enter into a trust
agreement (outside of the protocol). Part of that agreement is that the
service provider can or cannot let third parties do work on their behalf.
This, again, is outside of the protocol. POLICY dictates whether a service
provider may or may not send traffic data to third parties.