Shibboleth Developers

["Tom Scavo" <>]

On 3/6/06, Scott Cantor 
<>
 wrote:
> >
> > 1. Add a default domain to the IdP config
> > 2. Modify the protocol handler to accept domain override from
> > the deployment
> > 3. Add placeholder %DOMAIN% in addition to %PRINCIPAL%
>
> I don't think any of us intend to enhance 1.3 to do this, if that's what you
> had in mind.

I might be foolish, but not that foolish :-)  I'm throwing this out
for consideration in 2.0 (even though we won't be able to take
advantage of it right away).

I don't intend to add this as a 1.3 extension either.  GridShib
doesn't modify the existing Shib 1.3 codebase, it only adds to it.  So
what I can do for my users is offer a single implementation of
NameIdentifierMapping that supports all four SAML 1.1 name identifier
formats.  (This is done except for the unit test.  Again, thanks for
the suggestion.)

> I think the domain default thing is probably something we would want to do
> for 2.0 to reduce duplication of settings, though.

I dearly wish I had this in 1.3.  I need it for the GridShib IdP
metadata generator we have in mind.

> But 2.0 could include other changes to APIs and design that render this
> proposal merely an input proposal, not a final solution.

I realize that, no problem.

Tom