Skip to Content.
Sympa Menu

shibboleth-dev - Re: [Shib-Dev] lessons learned from AD FS 2.0

Subject: Shibboleth Developers

List archive

Re: [Shib-Dev] lessons learned from AD FS 2.0


Chronological Thread 
  • From: Tom Scavo <>
  • To:
  • Subject: Re: [Shib-Dev] lessons learned from AD FS 2.0
  • Date: Mon, 25 Oct 2010 19:42:33 -0500
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=WNLvgSPdW850zcEfuV8/tBWgeQldTuy1zka6siQYDZPyh2HWJXj6IAQiED96XIy8J/ gS8YeFVW2BP5AeE9dgfazf/DWndqUnN8kw1/mQk04xxxqnOJvdecymOmMS4QrNFujQ5i 2a2SnDNLXc7nJf/bhR/ZvdErj8SQlbKzGVkGs=
On Mon, Oct 25, 2010 at 7:05 PM, Scott Cantor
<>
wrote:
>
> The power comes from controlling the attribute, period, so
> that the keys can be manipulated as needed.

Yes, well said, that is the goal.

> But that takes understanding,
> and is prone to mistakes. That's what's more complicated about it.

Yes, but it's not too complicated after all. It boils down to being
able to convert a <md:KeyDescriptor> element to redundant
<md:KeyDescriptor use="signing"> and <md:KeyDescriptor
use="encryption"> elements (and vice versa) at the appropriate time,
as needed.

Tom

Archive powered by MHonArc 2.6.16.

Top of Page