Shibboleth Developers

["Tom Scavo" <>]

On 10/31/07, Scott Cantor 
<>
 wrote:
> > I don't think this will solve the problem.  Unless the core Shib
> > developers implement, document, and support ePTID (or a
> > non-reassignable version of persistent NameID), the problem will
> > remain.
>
> If everything in Shibboleth has to be done by the core team, we can probably
> stop now because the project isn't going to be sustainable. We can't do
> everything.

That's true, but I think this is one thing you have to do.  If you
don't fully support ePTID (and by that I mean figure out how to use it
on a production system), then there's no hope.

I'm working on a large project right now that very much wants to
"federate identity" (although they're not quite sure what that means).
 I haven't had the heart to burst their bubble with the fact that
"Federation IdPs either will not or can not provide persistent,
non-reassignable identity."  The way it looks right now, the project
will have to rely on a service like ProtectNetwork to avoid having to
manage credentials at our portal.  ProtectNetwork is a super service,
but users are going to be disappointed when they can't use their
campus credentials to access our resources.

Tom