using the code from my safari-licensed copy of the WIF book.
What we have not seen is any sample of an RP that really showcases use of the Actor field – recalling that the identity therein is that of the webapp itself (vs. the user authenticating to the webapp).
Id expect, for this use case, that the user identity is pretty “generic” – being from any IDP. The RP is happy to handle such identities. However, it wants to do so only when responding to requests from particular tenants of a given webapp.