Shibboleth Developers

[Ian Young <>]

Scott Cantor wrote:

> You should probably at least consider whether to bother hacking in support
> for 1.1. We really need people to get off it so we can get rid of all this
> legacy code, but we're not forcing people to upgrade. It wouldn't be
> entirely unreasonable to require 1.2 for your application.

Has a definite decision been made yet about version compatibility going 
forward?  In particular (given availability of suitable metadata, take 
that as given):

(a) when there is a 1.3, will it interwork with 1.2?

(b) when there is a 1.3, will it interwork with 1.1?

I'd like to know that the answer to (a) was "yes", so that we can build 
federations and not have to persuade everyone to have a single "flag day".

I think, though, that I'd like to know that the answer to (b) was "no", 
as I have some concerns about version rollback attacks and the sheer 
complicated business of keeping the number of protocol variants in 
check.  Not perhaps the most important reasons, but removing the legacy 
code (and the documentation of the legacy modes of working) seems to me 
to be a real plus.

Are there definitive answers to these questions yet?

        -- Ian