shibboleth-dev - RE: example-metatdata.xml
Subject: Shibboleth Developers
List archive
- From: "Scott Cantor" <>
- To: "'Tom Scavo'" <>, "'Shibboleth Development'" <>
- Subject: RE: example-metatdata.xml
- Date: Fri, 24 Jun 2005 17:42:44 -0400
- Organization: The Ohio State University
> Just trying to better understand the example metadata file shipping
> with Shib 1.3. On the IdP side, there are as many as three different
> credentials that might be specified per vhost (signing, 443, 8443).
> Since there is only one KeyDescriptor element listed per vhost, a
> single credential is being used for all three, correct?
It is true that the same key is used for TLS and signing right now. I always
process TLS against signing or unspecified keys. Keys cannot be isolated to
vhosts or endpoints, there is no such notion in the metadata. It's only by
role.
It's worth noting that we code this metadata stuff *way* more formally than
anybody else is. So far my impression of the products from a distance is
it's all "import the metadata" and then screw with everything. And TLS is
totally separate. We have a much more direct approach that is essentially
proprietary at the end of the day.
-- Scott
- example-metatdata.xml, Tom Scavo, 06/24/2005
- Re: example-metatdata.xml, Walter Hoehn, 06/24/2005
- Re: example-metatdata.xml, Tom Scavo, 06/25/2005
- RE: example-metatdata.xml, Scott Cantor, 06/24/2005
- Re: example-metatdata.xml, Tom Scavo, 06/25/2005
- Re: example-metatdata.xml, Scott Cantor, 06/25/2005
- Re: example-metatdata.xml, Tom Scavo, 06/25/2005
- Re: example-metatdata.xml, Scott Cantor, 06/25/2005
- Re: example-metatdata.xml, Tom Scavo, 06/25/2005
- Re: example-metatdata.xml, Scott Cantor, 06/25/2005
- Re: example-metatdata.xml, Tom Scavo, 06/25/2005
- Re: example-metatdata.xml, Walter Hoehn, 06/24/2005
Archive powered by MHonArc 2.6.16.