Shibboleth Developers

["Scott Cantor" <>]

> That's very concise; thanks.

Concise but really annoying. Bugs on top of bugs, and nobody willing to fix
anything.

> Some commercial CAs have really exciting signing chains, though, and 
> several federations already accept certificates from some such CAs. 
> SwissSign (SWITCH use them) and GlobalSign (at least SDSS, Athens and 
> InQueue use them) are examples known to me.  So this boat has sailed, 
> whether chaining seems sensible or not (and I'm not expressing an 
> opinion on that).

Yeah, I know the reasoning, but I'm not really sure people understand the
implications of using those kinds of certificates. The deeper the chain, the
more likely it is that there are no controls on name clashes across the
hierarchy.

This will obviously go in the wiki regardless.

-- Scott