OpenSAML user discussion

[Scott Cantor <>]

Mike Klein wrote:
> I am using routines documented on this page to verify signer of identity
> document and to verify/sign assertions. Code seems to work fine and
> messages are tamper-proof.

Yes, as long as your use case is simple enough that a single
predetermined certificate is available for each signer and you do the 
mapping between who the signer is and where the certificate is.

> Grabbing a public cert from a keystore can be done in 3 lines of code or
> so...this isn't an issue. OpenSAML won't provide you an uber-keystore
> concept or anything I think so you'll need to load and cache them yourself.

Actually, that's pretty much exactly what it does, or will do, along with 
support for TLS/SSL connection management with the same trust facilities.

-- Scott