Skip to Content.
Sympa Menu

shibboleth-dev - Re: [Shib-Dev] SP 2.4.2 & Novell Access Manager 3.1.3

Subject: Shibboleth Developers

List archive

Re: [Shib-Dev] SP 2.4.2 & Novell Access Manager 3.1.3


Chronological Thread 
  • From: "Cantor, Scott E." <>
  • To: "" <>
  • Subject: Re: [Shib-Dev] SP 2.4.2 & Novell Access Manager 3.1.3
  • Date: Wed, 20 Apr 2011 12:38:13 +0000
  • Accept-language: en-US
On 4/20/11 1:32 AM, "Dan McLaughlin"
<>
wrote:
>It is my finding that as of Shibboleth SP 2.4.2 the default behavior
>of the MetadataGenerator no-longer complies with the GFIPM
>Cryptographic Trust Model requirements:

The metadata generator is a tool to assist in the initial generation of
metadata. It's only obligation is that the results be valid, and nobody
should ever rely on it directly within a production process that doesn't
allow for intervention, because that would prevent safe key rollover,
among other reasons.

It isn't possible for the SP to be compliant or not with a profile on the
basis of what the generator does. It's just not involved, because the SP
doesn't use its own metadata.

-- Scott


Archive powered by MHonArc 2.6.16.

Top of Page