OpenSAML user discussion

["Gina Choi" <>]

Hi Scott,

Thank you so much for your advice. I need to verify two more things before I
start on(hopefully doesn't bother you more on same question).

1. Do you recommend me verifying NotBefore timestamp in both
SubjectConfirmation and Conditions? I should, correct? Even one is enclosed
by the other(time range wise), but they have different meanings as you said.
2. Where can I get technical description about 5 min and 1 hour? I just want
to have a supportive document when later asked by others.

Thanks again. When you have a chance to come to Boston, please let me know. I
should take you out for lunch.:)

Gina Choi

-----Original Message-----
From: 

[mailto:]
 On Behalf Of Cantor, Scott
E.
Sent: Monday, May 02, 2011 1:50 PM
To: 

Subject: Re: [OpenSAML] Difference NotOnOrAfter in <SubjectConfirmationData>
and <Conditions>

On 5/2/11 1:44 PM, "Gina Choi" 
<>
 wrote:

>1. How do I force clock synchronizations between two servers?

By configuring all servers with a good time source. This is basic server
admin 101.

>2. Could you recommend correct way of verifying NotOnOrAftr timestamp?

Allow a configurable amount of clock skew of 3-5 minutes or so and then
apply that to the value you're comparing to in the conservative direction.

-- Scott