OpenSAML user discussion

[Walter Hoehn <>]

My experience is that most folks just pretend that CRLs don't exist  
and go merrily on their way.

Are you authenticating users or system entities with your  
certificates?  If it's the latter, I think it's easier just to dump  
the PKI and use bi-lateral trust.

-Walter


On Apr 21, 2006, at 6:54 AM, 

 wrote:

> Hi all,
>
> We have implemented with opensaml the authentication mechanism of  
> our website. However, the time for the authentication is pretty  
> long (it takes about 20 seconds). We would like to cache the CRLs  
> in order not to connect to them every time via http.
>
> One possible solution is of course to download them and heep them  
> locally, but then we have the problem of the "next update" date. I  
> mean, we have to update each CRL regularly or when "next update"  
> indicates.
>
> has anyone had this situation and found maybe a solution?
>
> Thanks,
> Miro