Shibboleth Developers

["Josh Howlett" <>]

> > We've been thinking in terms of phoning up the contact and 
> confirming 
> > the certificate fingerprint with them.
> 
> FWIW, I do this with the CSR now, when I issue certificates 
> (I just use a hash), but that's what I would move to once I 
> stop issuing them. But that's because I don't have a web interface.
> 
> I maintain that the ACS location is a much bigger deal. If 
> you don't care about that (beyond just accepting what they 
> give you if it looks sane), I don't see why the cert matters.

Could you elaborate on this? Do you mean that the federation operator
should authenticate the credentials presented by the TLS peer at the ACS
URL before adding the entity to the federation metadata?

josh.

JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG