Shibboleth Developers

[Ian Young <>]

I recently noticed that some (but not all) entities in the InQueue and 
InCommon federation metadata files had NameIDFormat elements.  Some IdPs 
and some SPs have them.  They always (perhaps unsurprisingly) contain 
the URN for the Shibboleth format.

I'm wondering what practical effect this has (if any) so that I can 
figure out whether we should be doing the same thing in our metadata.

It doesn't look to me as if the 1.3 C++ SP code actually uses the 
metadata NameIDFormat(s) for the IdP at all (probably not surprising, I 
can see how it might be used in SAML 2.0 but not in 1.1).

So, I don't think that any NameIDFormat elements in IDPSSODescriptor 
elements actually have any function right now.

It looks to me as if the 1.3 IdP code examines the metadata 
NameIDFormat(s) for the SP and uses them as "preferred" formats so that 
a particular format can be selected from among multiple formats 
configured for a particular relying party.

So, I can see some use cases for NameIDFormat in SPSSODescriptor, when 
the default format wasn't the one the SP wanted.  However, explicitly 
naming the Shibboleth format would only have an effect if IdPs were 
configuring something else as the default format; this seems unlikely in 
a Shibboleth context.  I'm tempted to conclude that SP-side NameIDFormat 
metadata probably isn't having much effect in InQueue and InCommon just 
now either.

At this point, if it weren't for the fact that someone has done the work 
to selectively add these elements in InQueue and InCommon, I'd probably 
conclude that we didn't have to bother.  As it is, maybe there is a use 
case I haven't thought of; any ideas?

        -- Ian