Shibboleth Developers

["Scott Cantor" <>]

> > Why implement ePTID at all?  You don't generate any other attributes.
> > If I want to send ePPNs I have to create and manage them myself.
> > Shib will only look them up in SQL or LDAP or wherever and send them
> > to an SP.  Same with affiliations, and entitlements.  Why pick the
> > simgle most difficult to implement attribute and decide to
> > manage that one?  You're going to end up supporting a DBMS and
> > its installation and configuration as well.

I hope we don't do this, actually, but that's the fine line. But regardless,
the fact that it's the hardest is exactly why people want it...if we don't
supply it, nobody else seems to be stepping up to offer a starting point.

Secondly, there's the fact that federated IDs are a new concept for most
people. Their existing systems don't have any support for managing pair-wise
data, and moreover the tuples include values that are really core to the
SAML architecture, and so it becomes a bit of a SAML software problem to
help facilitate that.

> SAML 2.0 persistent identifiers when combined with NameID management 
> protocols require support for this.

And then there's this. It's just part of what has to get done, whether we do
a perfect job initially or not. Probably not.

-- Scott