The federation's allowed_values on a FederationProperty is not enforced. create_accreditation_to_{accredit,attest} only checks that the property name exists and isn't revoked — the values requested in the accreditation are never compared against the federation's declared allowed_values / shape / allow_any. Root authorities skip even the caller-side compliance check, so they can mint accreditations for any value.
validate_property then mirrors the gap: it trusts the attester's accreditation and never re-checks the value against the federation's property definition
The federation's
allowed_valueson aFederationPropertyis not enforced.create_accreditation_to_{accredit,attest}only checks that the property name exists and isn't revoked — the values requested in the accreditation are never compared against the federation's declared allowed_values / shape / allow_any. Root authorities skip even the caller-side compliance check, so they can mint accreditations for any value.validate_propertythen mirrors the gap: it trusts the attester's accreditation and never re-checks the value against the federation's property definition