Shibboleth Developers

["Scott Cantor" <>]

> I agree.  The profile tries to sneak in under the radar as a SAML
> profile but really this is a Shibboleth profile and should be called
> out as such.

No it isn't. It has *nothing* to do with Shibboleth. It's unfortunate that
part of the attribute designator for these attributes contains a Shibboleth
URN, but that doesn't make this a Shibboleth profile, and it's not something
that can be changed. If we changed that, we'd just switch to OID names for
all of the attributes because we'd be breaking every deployment anyway.

> Also, I'm not clear on what problem the alternative representation of
> eduPersonTargetedID is supposed to solve.  In SAML2,
> eduPersonTargetedID becomes a name identifier, so doesn't the problem
> more-or-less go away?  Is eduPersonTargetedID (as an attribute)
> totally obsolete with the arrival of SAML2?

I'm not prepared to preclude the transmission of that information using an
attribute. I see no reason to do so. But I do believe the syntax ought to
converge regardless of where it shows up.

The 2.0 profile should call out the fact that it can be used in both places,
though, you're right. It was late, and I'm more concerned about the 1.x
profile at this point. There's plenty of time to tweak the other one.

-- Scott