Shibboleth Developers

["RL 'Bob' Morgan" <>]

> We have a circumstance in which it makes sense to have an image button on a 
> web page that just goes directly to our WAYF, like this:
>
> <form action="https://wayf.sdss.ac.uk/shibboleth-wayf/WAYF";>
>   <input id="Shib" type="image" src="..." title="..."/>
>   <input type="hidden" name="shire" value="...">
>   <input type="hidden" name="providerId" value="...">
>   <input type="hidden" name="target" value="...">
> </form>
>
> This works fine, by the way, that isn't the question :-)  The question 
> is whether it is *supposed* to work, according to the Shibboleth 
> architecture.

As a different but somewhat related example of what you can do, consider 
this demo page put together by my clever colleague Jim Fox:

  https://mao.u.washington.edu/chooser/

(disclaimer:  just a demo, may not work when you go to look at it).  This 
box is an SP, so this is SP-first, but the links on it are crafted up to 
take the user either to the InCommon WAYF, direct to the UW IdP/HS, or 
direct to the Internet2 IdP/HS.  He did this as an example for a vendor 
we're working with to be a Shib SP, to show that they could come up with 
pages that would be per-customer, or per-federation, or whatever.  To tie 
this more closely to your point, the "target=" in the links on that page 
could just as easily be for other SPs.  You might call this "benevolent 
cross-site scripting" ... 8^)

> Step 1 in this diagram is described as a required interaction.

I suppose the easiest thing would be just to make step 1 optional also in 
that sequence diagram.

I suppose the right thing is to describe several different sequences, to 
show the range of possibilities.  I think this would be done in our 
proposed Shib overview doc rather than in protocols/profiles spec.

 - RL "Bob"