simpleSAMLphp (http://rnd.feide.no/simplesamlphp) is a SAML-bridge (among many other things), used in WAYF (http://www.wayf.dk) which connects institutions and web services - for the first time introducing role based access control on a larger scale in the DK sector for education and research.

The individual users must consent to any data exchange - a non trivial task which also includes the right to later withdraw the consent. The exiting rudementary functionalities will be further developed and enhanced. The resulting code will be part of the official release of simpleSAMLphp

All services are available to the connected institutions. I an institution does not want its' users to access a given service it can contact WAYF in order to close the data flow. This involves a series of administrative steps that will be covered by a new self service module.

The high performance of modern networks provides opportunities for building (redundant) infrastructure in a more resilient and geographically dispersed setups. This is expected to be more common - even for systems with shared sessions etc. like the one WAYF is planning to operate. Multiple instances of a shared simpleSAMLphp installation, on different sites will be tested and documented.