Shibboleth Developers

[Tom Scavo <>]

On Tue, 2 Nov 2004 12:01:46 -0800 (PST), RL 'Bob' Morgan
<>
 wrote:
> 
> On Tue, 2 Nov 2004, Tom Scavo wrote:
> 
> > Yes, I asked Peter Alterman @ NIH about that.  One of the feds'
> > requirements is that there be at least two vendor implementations of the
> > technology.  At the time, only SAML 1.0 satisfied that requirement.
> 
> But of course all the vendors support 1.1 now, 

Right, so the E-Auth SAML 1.0 standard doesn't have much meaning.  For
all practical purposes, the base standard is SAML 1.1.

> and as far as I know there
> is no installed base of fed e-auth sites to be interoperable with ...

But there will be...

> > In practice, it's not a big deal though, since SAML 1.0 and 1.1 are so
> > similar.
> 
> Not a big deal, but every additional option is yet another thing to be
> configured and supported.

True, but as far as I can tell there is only one significant change
moving from 1.0 to 1.1 (caching) and it's an addition to 1.1.  Most of
the remaining differences are deprecated elements and such.  Really
quite minor.

> > Have you considered submitting Shib to the E-Auth Interop Lab?  There
> > are only seven vendors on that list so it would be a big feather in your
> > cap (depending on your point of view :).
> 
> We are working closely with them on exactly this.  We think of it as a
> feather in their cap, though.  8^)

Seriously though, being on that list is fairly important since there
are no other conformance tests that I'm aware of (apart from the
annual RSA interop thingy).

>  - RL "Bob"

Tom