Shibboleth Developers

["Scott Cantor" <>]

> That's true, but I think this is one thing you have to do.  If you
> don't fully support ePTID (and by that I mean figure out how to use it
> on a production system), then there's no hope.

And a production system is site dependent. We are not a database project and
we shouldn't be one. We can do a JDBC plugin but the replication
configuration would have to come from Sequoia, and not every site will want
that.
 
Anybody with pretty basic Java skills can do a JDBC plugin, so I don't see
why we have to do it for it to get done or how we're standing in anybody's
way. It's very telling to me that nobody has done one so far in literally
years.

> I'm working on a large project right now that very much wants to
> "federate identity" (although they're not quite sure what that means).
>  I haven't had the heart to burst their bubble with the fact that
> "Federation IdPs either will not or can not provide persistent,
> non-reassignable identity."

Many sites use EPPN that way, name changes and all. It's the privacy of that
that's in question, but that isn't always a problem. Ultimately it must be
the site that decides whether privacy is worth their effort. It's a valid
test to me.

I also fail to see how PN's IDs are any different than a typical EPPN.
 
-- Scott