shibboleth-dev - Re: Comments on the new configuration
Subject: Shibboleth Developers
List archive
- From: Scott Cantor <>
- To: Tom Scavo <>
- Cc: Howard Gilbert <>,
- Subject: Re: Comments on the new configuration
- Date: Mon, 23 May 2005 17:19:45 -0400
Yes, which seems to suggest separate metadata files for the IdP and SP.
Why?
One or more KeyDescriptors tell SPs how the IdP will authenticate itself. A
single descriptor can be used for both signing and for server-TLS.
That may be true, but it's not clear by looking at the metadata
examples (or even reading the metadata spec) how to write such a
KeyDescriptor. Indeed, it doesn't seem like the 'use' attribute is
all that 'use'ful.
It's not, but then I never claimed it was. The main purpose is to identify KEKs (key wraps), which tend to be different.
Aside from that, the only thing hard about it is that KeyInfo is completely unspecified everywhere. Sorry, nothing I can do about that.
-- Scott
- Comments on the new configuration, Howard Gilbert, 05/23/2005
- Re: Comments on the new configuration, Scott Cantor, 05/23/2005
- RE: Comments on the new configuration, Howard Gilbert, 05/23/2005
- RE: Comments on the new configuration, Scott Cantor, 05/23/2005
- RE: Comments on the new configuration, Howard Gilbert, 05/23/2005
- Re: Comments on the new configuration, Tom Scavo, 05/23/2005
- Re: Comments on the new configuration, Scott Cantor, 05/23/2005
- Re: Comments on the new configuration, Tom Scavo, 05/23/2005
- RE: Comments on the new configuration, Scott Cantor, 05/23/2005
- RE: Comments on the new configuration, Howard Gilbert, 05/24/2005
- Re: Comments on the new configuration, Tom Scavo, 05/24/2005
- Re: Comments on the new configuration, Tom Scavo, 05/23/2005
- Re: Comments on the new configuration, Scott Cantor, 05/23/2005
- Re: Comments on the new configuration, Scott Cantor, 05/23/2005
Archive powered by MHonArc 2.6.16.