Shibboleth Developers

[Scott Cantor <>]

Alistair Young wrote:
> Seems really compilcated when the SP could just opt of Shibboleth and
> provide a login service. Then again, Shibboleth doesn't support this so is
> such a profile on the cards?

Issuing authentication credentials is a lot harder than maintaining a 
database of user information.

Most SPs that are open access don't bother. Self-registration of a name 
and password like Amazon does is not strong authentication. It's merely 
a convenience for the user to access their local account later. Amazon 
couldn't care less if you're actually that person, since all that the 
account does is access information you've stored there.

The IRS scenario is very different. They need assurance that you're a 
particular human, which means authentication, and that's much harder. 
Federation is a possible way for them to leverage somebody else's 
process if they trust it.

There are probably better lists to review concepts of authentication and 
federation on than this one, however.

-- Scott