Shibboleth Developers

[John-Paul Robinson <>]

I've been thinking along these lines and also adding something like a 
"sponsored" catagory where poeple with a useful id from and IdP in 
InCommon or the like, could vouch for an identity on this service.  This 
would be a moderated identity in a sense.  I'm not sure if it makes sense 
to add this feature at the IdP, since the moderation could be done at the 
SP (eg. no. you're not on the list of those allowed in.), but it seems 
like an interesting category in the spirit of the PKI-buddy systems 
(simlar to cacert.org http://www.onlamp.com/pub/wlg/5142)

~jpr

On Wed, 18 May 2005, Scott Cantor wrote:

> > Is there a specification for such a service?  (Even a short
> > explanation would help :)
> 
> Well, Yahoo definitely gets at the flavor. Basically, some Java or PHP or
> whatever with a database that manages self-registration with various options
> like zero-assurance, and email-verify-loop, stuff like that.
> 
> The goal is to try and show that applications that need "local
> authentication" could just as easily ship something like this in the box,
> and the app could stop doing authentication itself and rely on the web
> server.
> 
> My choice would be to put the "local" accounts behind a SAML IdP, but that's
> a personal choice. The main thing is just to provide some infrastructure for
> apps to use instead of building it in.
> 
> -- Scott
> 
>