...
- The SWITCH ArpViewer. This extension to Shibboleth 1.3 and 2.0 has several functions, and can be configured to operate in several different modes. In its most basic mode, however, the first time a user visits a new SP the IdP will present the user with a web form listing the attributes that are being released and asking the user to "approve" the release. If the user clicks YES, the ArpViewer remembers the choice and redirects the user to the SP. If the user clicks NO, the process stops. Note that the user cannot individually control attributes and values for release; they can only approve or reject the entire transaction.
- The proposed new AFP matching function. We think this will make use of the SWIC=TCH SWITCH ArpViewer highly scaleable. A site will identify in its filter rules which attributes require user approval before release. Accessing a site requesting one of those attributes will trigger presentation of the ArpViewer.
...