...
If you have comments/questions on the information presented here please send them to the developer's mailing list.
Current Thinking
A baseline for this feature would be to offload the parts of the delegation flow that involve the SP's configuration (the private key, the IdP's identity and public key) and the original assertion, which happens to encompass the interactions with the IdP and represents an authenticated request for a delegation token. So logically, the client application could interact with the WSP, pass in the AuthnRequest to this extension, get back a Response, and pass that back to the WSP to complete the login process.
...