mace-opensaml-users - Looking for "best practices" regarding handling of keys/certificates
Subject: OpenSAML user discussion
List archive
- From: "Shannon Kendrick" <>
- To: <>
- Subject: Looking for "best practices" regarding handling of keys/certificates
- Date: Wed, 26 Feb 2003 12:49:14 -0500
Being new to SAML and XML Signatures, I'd like to find out what the "best
practices" are for signature validation of a SAML Response (Browser/POST
profile). I'm implementing a SSO solution, and I'm trying to understand the
whole sign/verify process. Eventually my site will only need to be the
recipient of the SAML Response, but initially I'm also creating a SAML
Response to prototype the SSO functionality.
I'm currently unclear where to get the public key to validate the signature.
Is it typically sent in the SAML Response? If so, how do I know it's a valid
key? Or should I retrieve the key from a Java KeyStore on the filesystem?
Should I worry about revocation lists?
I realize my questions are not specifically about OpenSAML, but I'm hoping
that someone on this list has already answered some of my questions.
Thanks in advance,
Shannon Kendrick
---------------------------------------------------mace-opensaml-users-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at
http://archives.internet2.edu/
---------------------------------------------------mace-opensaml-users--
- Looking for "best practices" regarding handling of keys/certificates, Shannon Kendrick, 02/26/2003
- RE: Looking for "best practices" regarding handling of keys/certificates, Mark Wilcox, 02/27/2003
- RE: Looking for "best practices" regarding handling of keys/certificates, Scott Cantor, 02/28/2003
- RE: Looking for "best practices" regarding handling of keys/certificates, Scott Cantor, 02/27/2003
- RE: Looking for "best practices" regarding handling of keys/certificates, Mark Wilcox, 02/27/2003
Archive powered by MHonArc 2.6.16.