Shibboleth Developers

["Scott Cantor" <>]

Tom provided some quick feedback, so I turned around new drafts this weekend 
for review.

Major changes:

Merged attribute sections into one profile covering exchange and syntax 
(enough here to warrant profile status, particularly the use
of the Resource attribute in queries, since that's not remotely interoperable)

Added optional use of AuthnAuthorityDescriptor to metadata profile

Extended discovery profile after list exchange to include both the SAML 
notion of an IdP/SP-controlled endpoint in common domain,
and our concept of an independent WAYF, which seems to require additional URL 
specification for get/set operations. None of this is
implemented, so it needs review and probably prototyping.

I think it matches an earlier discussion we had with EBSCO and some other 
vendors about providing a silent redirect through the WAYF
to detect the existence of SAML credentials. I think the "get" interface I 
specified would satisfy that criteria, since I included
language prohibiting user agent interaction.

-- Scott