Shibboleth Developers

[Stefan Krist <>]

Hi Everybody,

I'm a Uni student from Germany doing my graduation thesis on constrained
delegation with shibboleth2.

I have to write a solution with which it is possible for a user to
delegate an attribute to another user for either some time or another
constraint. Of course there are other scenarios I do have to support like
SPa accesses resources provided by SPb on behalf of the principal.

I've been reading
https://spaces.internet2.edu/display/SHIB/ShibPortals
and
http://shibboleth.internet2.edu/docs/draft-cantor-saml-sso-delegation-01.pdf
and a lot of other stuff in the dev-list's archive.

I have a few questions:
- Is there a common opinion on how delegation in shibboleth2 should be done
  and if so, where can I find it?
- Is there an implementation of the delegation related Profiles (section
  3 in Scott's draft)? If so, where can I find it and if not - would you
  be interested if I contribute my implementation?

I do realize from what I've read in the dev-list's archive that this is
not an easy topic and there are many different concepts and opinions. I
just thought that I ask you guys before I implement anything proprietary
that only works in our setup (knowing that this is actually deferred to
at least shibb2.1
https://mail.internet2.edu/wws/arc/shibboleth-dev/2006-03/msg00075.html)

Thanks in advance.

Kind regards,
Stefan Krist