Shibboleth Developers

["Scott Cantor" <>]

> In 2.0, the appropriate Format would be
> 
> urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted
> 
> would it not?  Isn't this what Booz-Allen-Hamilton is using?

No, not at all, sorry. This has nothing to do with external encryption. It's
a way of generating transients/handles using crypto to handle shared state.
It's just an alternate implementation of the shared memory handle.

> The problem with that is other attribute requesters will need a
> separate AA endpoint to use the X509SubjectName format.

Not unless they have multiple mappers for that format. Most people should be
able to live with one plugin per SAML format. Multiple plugins is fine as
long as each one is for a different format.

-- Scott