Shibboleth Developers

["Scott Cantor" <>]

> The code for evaluating signed objects isn't used by the 1.x.x IdP.   
> It was added for the original stalled Java SP development.  Some  
> variation of it will be used in the 2.0 IdP, though.

This isn't 100% true in the sense that it was in part added to support SAML
artifact lookup using signed requests from SAML products, and I had to use
that at Catalyst with some people that couldn't do TLS.

So, the code is functional for artifact requests, but not for attribute
queries (the authentication processing was more complex there and I didn't
want to screw anything up for Shibboleth changing it).

> I agree.  I'd really like to dump the useless baggage here. The dsig  
> XML format of RSA keys is a total pain for regular humans,  
> unfortunately.  Heck, if we can get acceptable performance using  
> encryption, I'd just as soon use pgp keys.

I think the XMLSig syntax for PGP may be worse...

-- Scott