Shibboleth Developers

[Jim Fox <>]

These are my recollections of suggestions for improvement
of our infocard support from Monday's call.


On the SP.

1) Keep session initiator as is.  It might change when SAML
   requests allow attribute specification, but it will continue
   to be similar to the standard SP initiator.

2) To allow self-issued cards we will verify the signature
   (that the assertion was signed by the accompanying keyinfo)
   send the attributes and keyinfo to the app, unfiltered and
   unverified.



On the IdP.

1)  At some point we will want to include support for symmetric
    bindings, as some authn methods may require it.

2)  We would like to include support for self-issued card authn
    for our managed cards.  This requires a registration
    step at the IdP, which will in some way associate the
    keyinfo of the private card with a user of the IdP.
    That mechanism is not yet known.

3)  We would like to allow custom card generation by allowing the
    user, in some way, to select attributes or attribute sets.

4)  At card use we should do some ARP filtering according to the
    RP's identity.

5)  We need to provide configuration elements that can be used
    to associate an RP's location with the RP's entityIDs.
    Scott has suggested an API.  Config element in unknown.


Jim