shibboleth-dev - Re: example-metatdata.xml
Subject: Shibboleth Developers
List archive
- From: Tom Scavo <>
- To: Scott Cantor <>
- Cc: Shibboleth Development <>
- Subject: Re: example-metatdata.xml
- Date: Sat, 25 Jun 2005 12:33:11 -0400
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=O8cQesW3zu2xtDUePJlP+wefsz+uoD0Cl6QXDagakj2ofNEU4zjuhjt5YCqFCKkrGSgu2sFSdo3jAlp7DmQ7BrS2bVI2DDOt27N/mtgW+6IE1NFw396akIi/F1frxlJQONjHNOeicC8nnf4q623mW2KSKmgbJhaMxkk8rxNtg/4=
On 6/24/05, Scott Cantor
<>
wrote:
> >
> > Since there is only one KeyDescriptor element listed per vhost, a
> > single credential is being used for all three, correct?
>
> It is true that the same key is used for TLS and signing right now. I always
> process TLS against signing or unspecified keys. Keys cannot be isolated to
> vhosts or endpoints, there is no such notion in the metadata. It's only by
> role.
In practice, does it make more sense for the AA (a back-channel
component) to have a credential separate from the SSO service (a
browser-facing component)? Same question for the artifact resolution
service (another back-channel component)?
Thanks,
Tom
- example-metatdata.xml, Tom Scavo, 06/24/2005
- Re: example-metatdata.xml, Walter Hoehn, 06/24/2005
- Re: example-metatdata.xml, Tom Scavo, 06/25/2005
- RE: example-metatdata.xml, Scott Cantor, 06/24/2005
- Re: example-metatdata.xml, Tom Scavo, 06/25/2005
- Re: example-metatdata.xml, Scott Cantor, 06/25/2005
- Re: example-metatdata.xml, Tom Scavo, 06/25/2005
- Re: example-metatdata.xml, Scott Cantor, 06/25/2005
- Re: example-metatdata.xml, Tom Scavo, 06/25/2005
- Re: example-metatdata.xml, Scott Cantor, 06/25/2005
- Re: example-metatdata.xml, Tom Scavo, 06/25/2005
- Re: example-metatdata.xml, Walter Hoehn, 06/24/2005
Archive powered by MHonArc 2.6.16.