Shibboleth Developers

[Paul Hethmon <>]

Title: Single Logout Proposal

Ok, I’ve finally had time to take a look at Andreas’ work at Feide and review the spec a bit. So from that, the discussion on Monday, and my needs, I would see Shib SLO achieving the following:

1. SLO spec compliance per saml-profiles-2.0-os, section 4.4 and saml-core-2.0-os, section 3.7
2. Shib configuration option to enable/disable
3. Shib option to provide the user an option to do a global logout of all sessions similar to the example at http://rnd.feide.no/content/feide-idp-simplesamlphp
   

I think those are the high level parts. There is certainly a lot under there, like do you extend the spec to allow the SP to choose which type of SLO to perform (true spec SLO vs the IdP portal approach).

Anyway, I’ll repeat my offer to spend my time contributing code to Shibboleth to implement this. I can sign and agree to the necessary IP provisions that you would need.

Thanks,

Paul


-----
Paul Hethmon
Chief Software Architect
Clareity Security, LLC
865.824.1350 - office
865.250.3517 - mobile
www.clareitysecurity.com
-----

Give a man a fire and he's warm for the day. But set fire to him and he's warm for the rest of his life.

 -- Terry Pratchett, Discworld