Shibboleth supports role-based authorisation, in which what you can do depends not directly on who you are but on one or more bits of information about you. These bits of information are called Attributes and are supplied by your IdP.
These attributes don't always need to include your real-world identity. For example to access a resource site-licensed by the University of Cambridge it may be sufficient just to show that you are a member of the University. This is good for you since it protects your privacy, and is good for IdPs and SPs since it saves them from having to process, and therefore protect, personal data.
An IdP can maintain sufficient information to associate each authentication assertion with the user on who's behalf it was made. This allows potential abuse to be investigated even though the SP doesn't know who might have done it.
Where required, Shibboleth can also assert non anonymous attributes – e.g. name and email address to support account provisioning at the SP.
While Shibboleth oftern uses names and meanings from LDAP schema, you don't need an LDAP directory to use Shibboleth [LDAP: Lightweight Directory Access Protocol]