Shibboleth Developers

[Peter Williams <>]

If all the extensions do is make the infocard message formats bear shib 
signals, have we really made any progress? The language/protocols between 
IDP/SP might as well be klingon, if all it does it say the same thing as the 
last extension.

Leaving issues of legitimacy aside, we know that Shib over SAML1 and SAML2 
implementations conceive of a world that is exclusively "pairwise". I.e. 
Proxying is an alien concept, at either IDP or SP side. We also know that 
Shib over WS-Fed differs from ADFS native, in that ADFS can (optionally) rely 
on a trusted directory to enforce nameid semantics. (For Shib, a nameid is 
limited semantically to being just another form of an attribute.) For 
cardspace, we know the big differentiator defined by the very concept its the 
ability of the RP to rely on a specifcally trusted intermediary (trusted in 
the Oragne Book sense) - which allows websso to embody user-centric intent 
and involvement (in a way that is almost un-federation; un-SAML2).

No untoward criticism intended.
________________________________________
From: Jim Fox 
[]
Sent: Sunday, June 29, 2008 2:33 PM
To: 

Subject: Re: [Shib-Dev] SHIB Status call -- 6/23/2008)  -- 12:00 pm EDT, 9 am 
PDT

>
> I'd like to particularly spend some time of Information Cards, and see if we
> can agree on what we'd like to deliver, and on the next steps.
>

I had promised to provide a summary of some of the issues that
were encountered when implementing the alpha version of the
infocard extension.  These are on the contrib section of the wiki:

IdP:  https://spaces.internet2.edu/x/Mik

SP:   https://spaces.internet2.edu/x/Nik


Jim