Shibboleth Developers

["Scott Cantor" <>]

> This doesn't necessarily answer the SAML-2.0-only question (since Shib 2.0
> will support both SAML 2.0 and 1.1 protocols), but presumably the same
> why-do-it-twice argument would apply?

It probably depends on the mechanics. The SP (and I suppose IdP) internals
are a bigger factor. If the protocol support is something SAML 1 can
accommodate, that's not a problem.

> I suppose someone might also want it to work with WS-Fed, since that's a
> supported protocol in Shib ...

It should (and probably can) be done in an assertion-centric manner, so it
would work in any of the protocols that carry them.

Obviously if it's just an attribute, there's no issue. If there are
additional protections needed or desired, that might be SAML version
specific.

-- Scott