Shibboleth Developers

["Howard Gilbert" <>]

> Because as you said, the IdP and SP share metadata with each other, so
> why wouldn't the IdP's metadata be in one file and the SP's metadata
> be in another.  It reinforces the idea that metadata files are swapped
> and that an entity need not consume its own metadata.

In the long run, I would argue the exact opposite. Metadata is global and
should be shared by everyone, including the Entity that it describes.
However, at some point we should add sanity checks so that an entity
consumes its own Metadata and compares it to the configuration file. An
alarm should go off if, for example, the Private Key in Credentials cannot
be validated against your own Certificates in the Metadata, or if an
AttributeConsumer URL in the SP configuration isn't found in its Metadata. 

However, such a sanity check is not required for correct operation, and
right now we have more pressing matters on the queue. Just because we don't
use it yet doesn't mean we should go out of our way to exclude it.