Shibboleth Developers

["Scott Cantor" <>]

> Would it be possible to see the conformance doc?

I was waiting for some internal feedback before publishing it.

> It's also unclear how the domain cookie can be updated reliably if there
> are hundreds or thousands of users authenticating and each IdP trying to
> update the cookie at the same time.

I'm not seeing the problem. How can a user be authenticating against 2 IdPs
at the same time? And why care how many users there are? Because of load?
This is an *extremely* lightweight application. It doesn't even maintain
state itself on behalf of users.

> Of course, there's also the issue of users disabling cookies, although
> institutions could insist that cookies be enabled to use the 
> system but how ethical is this?

Try using any SSO system without cookies...it's not very effective. Note
also this doesn't require third party cookies.

-- Scott