The Shibboleth software implements the OASIS SAML v1.1 specification, providing a federated Single-SignOn and attribute exchange framework. Shibboleth also provides extended privacy functionality allowing the browser user and their home site to control the Attribute information being released to each Service Provider. (http://shibboleth.internet2.edu/)

To briefly address the points you quoted:

Verifiable
Verification is based on a formal trust framework — either a bilateral trust between the identity provider and the service provider or as part of a trust federation of which both the identity provider and the service provider are members.

Minimal
Shibboleth excels in this area. The user and/or the user’s identity organization can decide what attributes about an individual (that I am over 21 years of age or that I am a resident of Ohio) are given to the service provider.

Unlinkable
If a unique id is required by the service provider (say, for instance, to provide some site customization) the identity provider can provide an opaque string, called a “targeted ID”, that is unique for user/service-provider pairing yet in no way reveals the actual identity of the user and is meaningless outside of the user/service-provider pair.