shibboleth-dev - Re: Finding the AA from an assertion
Subject: Shibboleth Developers
List archive
- From: Ian Young <>
- To: Scott Cantor <>
- Cc:
- Subject: Re: Finding the AA from an assertion
- Date: Tue, 05 Oct 2004 18:01:15 +0100
Scott Cantor wrote:
You should probably at least consider whether to bother hacking in support
for 1.1. We really need people to get off it so we can get rid of all this
legacy code, but we're not forcing people to upgrade. It wouldn't be
entirely unreasonable to require 1.2 for your application.
Has a definite decision been made yet about version compatibility going forward? In particular (given availability of suitable metadata, take that as given):
(a) when there is a 1.3, will it interwork with 1.2?
(b) when there is a 1.3, will it interwork with 1.1?
I'd like to know that the answer to (a) was "yes", so that we can build federations and not have to persuade everyone to have a single "flag day".
I think, though, that I'd like to know that the answer to (b) was "no", as I have some concerns about version rollback attacks and the sheer complicated business of keeping the number of protocol variants in check. Not perhaps the most important reasons, but removing the legacy code (and the documentation of the legacy modes of working) seems to me to be a real plus.
Are there definitive answers to these questions yet?
-- Ian
- Re: Finding the AA from an assertion, Ian Young, 10/05/2004
- Re: Finding the AA from an assertion, Walter Hoehn, 10/05/2004
Archive powered by MHonArc 2.6.16.