shibboleth-dev - Re: example-metatdata.xml

Subject: Shibboleth Developers

List archive

Re: example-metatdata.xml

From: Scott Cantor <>
To: Tom Scavo <>
Cc: Shibboleth Development <>
Subject: Re: example-metatdata.xml
Date: Sat, 25 Jun 2005 13:39:47 -0400

Tom Scavo wrote:

In practice, does it make more sense for the AA (a back-channel
component) to have a credential separate from the SSO service (a
browser-facing component)? Same question for the artifact resolution
service (another back-channel component)?

The credential the SSO service uses is only for signing, not TLS. It's SSL certificate isn't necessarily in the metadata at all.

In practice, signing and TLS are supposed to have separate certificates anyway, but in reality I'm sure not going to encourage people that barely know what a private key is to generate more than one and keep them straight.

If you think your audience is more informed, you're welcome to suggest it. ;-)

-- Scott

example-metatdata.xml, Tom Scavo, 06/24/2005
- Re: example-metatdata.xml, Walter Hoehn, 06/24/2005
  - Re: example-metatdata.xml, Tom Scavo, 06/25/2005
- RE: example-metatdata.xml, Scott Cantor, 06/24/2005
  - Re: example-metatdata.xml, Tom Scavo, 06/25/2005
    - Re: example-metatdata.xml, Scott Cantor, 06/25/2005
      - Re: example-metatdata.xml, Tom Scavo, 06/25/2005
        
        Re: example-metatdata.xml, Scott Cantor, 06/25/2005

List archive

Re: example-metatdata.xml