Shibboleth MAY be supported. Shibboleth based on SAML 2.0 is RECOMMENDED. Supporting Shibboleth enables higher education institutions to adopt TAS3 with minimal reconfiguration and reinvestment.
Shibboleth does not currently (2009) support Single Logout. As a condition of TAS3 compliance, such support should be added (please contribute any such work to the Shibboleth open source implementation so that this caveat can be deleted). However, a TAS3 compliant Trust Network may waive this requirement after analysis of the impact and a pondered decision (i.e. its easier to implement it than to get lawyers to agree).
Shibboleth does not officially support Well Known Location method of metadata publication, but any Shibboleth deployment can satisfy this requirement by simply hand crafting a metadata file and making it available on their web server at the EntityID URL.
We have not fully validated all use cases with Shibboleth. Specific points of contention include lack of full user identification, e.g. statement that User is a student or staff member of university, without giving out a persistent pseudonym. While a valid approach that better protects the user's privacy than the use of a persistent ID, it may not be able to address all the use cases, especially in the commercial world where service providers wish to link a user's requests together.