Shibboleth Developers

[Nate Klingenstein <>]

Shibboleth-developers,

A set of deployers wants to build enhanced user consent for their  
Shibboleth federation.  They have two questions about metadata and  
extension in support of that goal.

1)  They want to express a Terms of Use location that can be displayed  
by an SP.  This is almost-but-not-quite <mdui:PrivacyStatementURL>.   
Something like <mdui:TermsOfUseURL> would be ideal, and that's  
probably a superset that can cover <mdui:PrivacyStatementURL>.  If  
there's another field I'm overlooking, that'd be great, but otherwise  
I'll submit the comment to the SSTC and they'll probably repurpose  
<mdui:PrivacyStatementURL>.

AFAIK, SWITCH's uApprove uses a canned ToU file that is general to all  
SP's and probably represents different legal requirements.  Would  
uApprove want to support behavior like this?

2)  They'd like to include a verbal explanation of why an  
<md:RequestedAttribute> is requested.  This would be useful both to  
the user and administrator, but primarily intended for display to the  
user during consent acquisition.  This would preferably be multivalued  
in order to support multiple locales, but something like:

<md:RequestedAttribute ...>
<mdui:Description lang="en">usage of this attribute</description>
</md:RequestedAttribute>

rather than:

<md:RequestedAttribute mdui:description="usage of this attribute" .../>

apparently involves more extensive modification of OpenSAML.  Either  
way, if others think this would be generally useful, we should try to  
standardize it too.

Thoughts?
Nate.