Shibboleth Developers

A couple of big changes:

http://stc.cis.brown.edu/~stc/Projects/LionShare/Architecture/Federation/UseCases-03.html

1) Introduction of the "incremental Attribute PUSH Model". Both 
One-time-ARP and the original Attribute PUSH have been removed. In 
the original Attribute PUSH, the LS client, at startup, obtained all 
attributes relevant to the user from the local Attribute Authority 
and cached them. When it connected to a target, it removed the 
required  Assertions from its local cache and PUSHed them. People 
were very concerned about the process of obtaining "all  relevant 
attribute assertions".

Derek Morr  from psu has proposed an "incremental Attribute PUSH 
Model". The LS client would know what attributes and values have to 
be provided to a target. It would look in its local cache for the 
required Attribute Assertions. It would use any it found there; if it 
needed  others, it would contact the local  AA and ask for those 
specific Assertions (and only those). Any newly obtained Assertions 
would be cached by the LS client. This should significantly narrow 
the scope of requests to the  local AA.

2) Since the target is no longer contacting the origin site AA and 
asking for  attributes, we no longer need a Shib Handle in the client 
cert ...... can anyone think of a reason?