Shibboleth Developers

[Chad La Joie <>]

Tom Scavo wrote:
> > This release will be interoperable with Shibboleth 1.2 and 1.3 service
> > providers, but will drop support for Shibboleth 1.1.
>
> I assume you mean the Shib 2.0 IdP will interoperate with all SPs
> (except 1.1), but that the Shib 2.0 SP will only interoperate with the
> Shib 2.0 IdP.  Will the Shib 2.0 SP consume SAML 1.1 assertions?

Nope, the 2.0 SP will work with IdP versions 1.2 and 1.3

> >     * New eduPersonTargetedID implementation that supports
> >     database/directory backend in conjunction with support for SAML 2.0
> >     persistent identifiers
>
> Please don't let anyone talk you out of this important feature.  In
> fact, it is likely we will backport this feature to 1.3, so the more
> modular you make it, the better.

It's likely you won't have to backport it.  I don't imagine the data 
connector interface will change in 2.0 so this should work with 1.3 (on 
for attributes, obviously the persistent NameIDs is just a SAML 2.0 thing).

> > Service Provider
> > This release will provide both a C++ and Java (Servlet 2.3 or better)
> > service provider with similar feature sets.
>
> Awesome!  If the Java SP can consume SAML 1.1 assertions, we will
> almost certainly find use for it in our project.

Like I mentioned above, the SPs will work with SAML 1.1

> > Unassigned Features
> >
> >     * ARP and Attribute resolver management UI
>
> How is this different than MAMS ShARPE?

ShARPE doesn't do resolver management and as of yet does not have a 
release timeline.

> Can you add these to the "Unassigned Features" list?
> - Support for AuthnRequest/@IsPassive [Shib 2.1 feature?]

Quite possibly 2.0.

> - Support for LOA attributes

Not to get into this argument again but LOA can't reasonably be 
expressed as an attribute.  If, however, you wish to do that, you should 
be able to use script data connector and create such an attribute based 
on the AuthnContext info.