Shibboleth Developers

[Jim Fox <>]

> > So if someone's needs "outgrow" what's possible with the simple format
> > they'd have to "graduate" to using the resulting XML file? That's fine
> > as long as you're confident the simple format can handle many cases
> > (i.e., are most cases simple? Difficult to find out).
>
> It has to work that way no matter how it's implemented, and the whole basis
> of the addition is that there are enough simple cases worth addressing. If
> not, it's wasted effort (in which case I guess I can stop listening to
> people who say it's too complex now?)
>
> But I need feedback from people about what they're changing, yes. I think
> even my early thoughts go pretty far into the kinds of things people do.

Aside from the virtual host complexity you already mentioned, our
mods are almost all the addition of session initiators.  We generally
use one or more of these:

- direct to our IdP
- to our IdP, but with isPassive
- to our IdP, but with forceAuthn
- to our IdP, but asking for the TimeSyncToken class ref
- through a 1.3 wayf
- through a discovery service (possibly)

The parameters could probably be easily specified in your new file.

> And sadly, a large reason for doing this is to support things in a non-XML
> syntax.

Consider as a model that classic in non-xml simplicity: sendmail's config 
file.

I like the semi-colon as comment.  What's that from? Lisp?  Better yet how 
about
any line ending in, "Just kidding!" is a comment.

Jim