Shibboleth Developers

["Scott Cantor" <>]

> Additionally to your list, the following would be useful:
> - certificate(s) configured for shibd including certificate chain

That was in my list, I forgot to include it. I have this working already in
the handler that generates approximate metadata from the SP configuration,
so I think if it's able to generate the KeyDescriptor content that should be
the same code.

> - Shib SP version

I'd probably return this in all the status responses, which is another
reason I want to use XML.

> Another topis: What about metadata retrieval from a URL? Will there be a
> functionality similar to the one in the IdP?

At least as much as the IdP has is already implemented:

- bulk retrieval from fixed URL with optional local backing file and
periodic refresh in the background
- dynamic cached resolution of entityID URL
- signature verification via known key/cert, a static CA list, or any trust
engine
- whitelisting
- blacklisting

-- Scott