Shibboleth Developers

["Scott Cantor" <>]

> Can we have support for clearing your selection? For users who have
> multiple IdPs for the same SP and consequently different levels of access
> to resources.

Well, that kind of sounds more like a use case for attribute aggregation
than using a different IdP. Secondly, if the SP knows enough to clear the
cookie that's nice, but the DS won't know enough to get the user to select a
different IdP than he chose to begin with.

That kind of use case is best handled at the SP, not with a centralized
WAYF.

Ian's point about this being deployable at an SP is correct, but it doesn't
mention the fact that if you have that kind of situation, you don't usually
need a standard protocol. You just build your own flow locally.

We will have a code base from Rod that people can easily extend to support
richer exchange if they want to do that, but the protocol itself can stay
simple.

-- Scott