Shibboleth Developers

["Rod Widdowson" <>]

I'd like to provoke a brief discussion of 
https://bugs.internet2.edu/jira/browse/SDSJ-92.

The basic idea is that the DS stores two cookies:

1) The traditional _saml_idp one which is used to populate the "you have 
previously visited" list.  This would be as per the spec
and would usually be persistent.

2) A new cookie which is non persistent, and stores a single IdP, being the 
one that was selected last time through.  If this is
present the DS would not show a screen at all, but just pass the request on 
as appropriate.  The idea is that within one session a
user will only see the DS once.  My choice would be to not call this anything 
like __saml_idp.  I think this can also be done as a
new plugin to work in parallel with or separately from the saml_idp plugin.

My immediate instinct is that would really help the usability of centralized 
DS, potentially at the cost of SP's which do
(multi-IdP) attribute aggregation (and who I'd assume would need to do their 
own discovery), but I'd like to get your input...

Note that at this stage I cannot make a commitment that this work will be 
done (this could be considered as new function and no new
major rev DS is currently planned), but I would like to understand the 
world's feel for this.

Rod