In order to gather requirements from Grid and Shibboleth users internationally we have distributed a questionnaire which can be found here.
Please note: The submission date for this questionnaire has now passed and a summary of the results are now available here.
The requirements presented below have been formulated from the questionnaire results summarised above and represent what we feel is a fair representation of the demands of the majority of the participants of the study.
Attribute aggregation must be usable in a variety of ways: Humans via web browsers, Applications via APIs and Grid users via grid clients etc
Privacy protection of user attributes is of high importance and this should be through the use of technical controls, which are independent of legal means.
Service Providers should be able to track users between sessions if required
Service Providers should be able to learn the true identity of users in exceptional circumstances, but only by contacting the user's IdPs.
IdPs should only be able to communicate with each other to link together the attributes of a user with the user's permission.
Service providers should only be able to query multiple IdPs, in order to pull additional attributes for authorisation purposes, with the user's permission.
Should be able to tunnel through firewalls using existing open ports (i.e. use http/https).
The system should use existing standard protocols and only extend them in a standard way if necessary. SAML is the most popular choice for the base protocol.
The proxying of information should be supported through multiple hops/proxies.
The ability to sign assertions should be supported for all exchanges
The SP should be able to require that all assertions are signed by their authoritative sources
It should be easy to use by end-users and require the minimum amount of user interaction