Per previous discussion with Scott, I would like the IdP to allow me to stuff already-resolved attributes back into the context, when external authentication is used, and request is delegated to a system that handles all of that. In most Shib/CAS integrations where Shib is layered over an external CAS instance, CAS handles the production and consumption of the authentication context class and principal attributes. Since the adopter in this type of deployment only uses the IdP invisibly to handle the production of SAML assertions, and makes no attempt at configuring the IdP to handle attribute resolution, etc (and wouldn't want to duplicate config anyway, since all of that is already put into the CAS config already) there would need to be a way to pass back attributes from CAS back to the IdP context tree.
Scott did explain to me that passing back the context class is entirely possible now but there may need to be a few changes to the API to allow the actual principal to carry attributes with it right inside the object, rather than creating a new context class, etc.
Seemed like this type of change might fit into the 3.2 roadmap, but it can obviously wait.