Comment 7 for bug 1840288

I don't see how a trust ID can be considered public information. A trust ID can be used as a component of an authentication request. It should be protected on the same level as a user ID or an application credential ID. A role ID cannot be used as part of an authentication request, knowing a role ID does not bring you any closer to getting a token.