Skip to Content.
Sympa Menu

shibboleth-dev - Re: Finding the AA from an assertion

Subject: Shibboleth Developers

List archive

Re: Finding the AA from an assertion


Chronological Thread 
  • From: Walter Hoehn <>
  • To: Ian Young <>
  • Cc: Scott Cantor <>,
  • Subject: Re: Finding the AA from an assertion
  • Date: Tue, 5 Oct 2004 12:25:25 -0500

On Oct 5, 2004, at 12:01 PM, Ian Young wrote:
Has a definite decision been made yet about version compatibility going forward? In particular (given availability of suitable metadata, take that as given):

(a) when there is a 1.3, will it interwork with 1.2?

Definitely.


(b) when there is a 1.3, will it interwork with 1.1?

Probably. We would strongly prefer to deprecate 1.1 support as soon as possible, but don't want to pull the rug out from under anyone. So, we intend to leave 1.1 support in the 1.3 code unless we can verify that our core constituencies are all off of 1.1 by the release.

Going forward, a 2.0 release would, I'm sure, support interoperability 1.2/1.3 but not 1.1.


I'd like to know that the answer to (a) was "yes", so that we can build federations and not have to persuade everyone to have a single "flag day".

I think, though, that I'd like to know that the answer to (b) was "no", as I have some concerns about version rollback attacks and the sheer complicated business of keeping the number of protocol variants in check. Not perhaps the most important reasons, but removing the legacy code (and the documentation of the legacy modes of working) seems to me to be a real plus.

Are there definitive answers to these questions yet?

-- Ian

Attachment: smime.p7s
Description: S/MIME cryptographic signature




Archive powered by MHonArc 2.6.16.

Top of Page