SP Key Rollover with IdP encryptAssertions="conditional"

[Cantor, Scott]

On 9/22/11 2:15 PM, "Peter Schober" <peter.schober at univie.ac.at> wrote:

>Would the above (by Christopher) still work without specifying a use
>if the SP never signes requests and the IdP pushes attributes to the
>SP (i.e., no SOAP queries to verify)?

Meaning the SPs keys are only for decryption. Yes, I think so.

I tried (and Tom tried) to document for very general cases, and since it's
not all that many more steps, I haven't tried to make it any simpler for
people with a lot of "if" and "assuming".

-- Scott