Skip to Content.
Sympa Menu

shibboleth-dev - Re: [Shib-Dev] SP 2.4.2 & Novell Access Manager 3.1.3

Subject: Shibboleth Developers

List archive

Re: [Shib-Dev] SP 2.4.2 & Novell Access Manager 3.1.3


Chronological Thread 
  • From: Dan McLaughlin <>
  • To:
  • Subject: Re: [Shib-Dev] SP 2.4.2 & Novell Access Manager 3.1.3
  • Date: Wed, 20 Apr 2011 08:07:45 -0500
Good to know. We will go back to the old way of publishing our metadata.

--

Thanks,

Dan McLaughlin
Technology Consortium, LLC

http://www.tech-consortium.com

NOTICE: This e-mail message and all attachments transmitted with it
are for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure or distribution is strictly prohibited. The contents of
this e-mail are confidential and may be subject to work product
privileges. If you are not the intended recipient, please contact the
sender by reply e-mail and destroy all copies of the original message.



On Wed, Apr 20, 2011 at 7:38 AM, Cantor, Scott E.
<>
wrote:
> On 4/20/11 1:32 AM, "Dan McLaughlin"
> <>
> wrote:
>>It is my finding that as of Shibboleth SP 2.4.2 the default behavior
>>of the MetadataGenerator no-longer complies with the GFIPM
>>Cryptographic Trust Model requirements:
>
> The metadata generator is a tool to assist in the initial generation of
> metadata. It's only obligation is that the results be valid, and nobody
> should ever rely on it directly within a production process that doesn't
> allow for intervention, because that would prevent safe key rollover,
> among other reasons.
>
> It isn't possible for the SP to be compliant or not with a profile on the
> basis of what the generator does. It's just not involved, because the SP
> doesn't use its own metadata.
>
> -- Scott
>
>

Archive powered by MHonArc 2.6.16.

Top of Page