ADFS, SharePoint, and InCommon?
Cantor, Scott
cantor.2 at osu.edu
Fri Nov 16 18:44:41 EST 2012
On 11/16/12 6:14 PM, "THIA Jean-Marie" <jean-marie.thia at upmc.fr> wrote:
>I don't have much time to browse the wiki for good practice in checking
>the metadata file. So if you have ideas or pointers to what should be
>done make the script better I will do my best.
If you're going to use the trust model we use, you can't only check
validUntil, but must ensure that a validUntil exists of no more than a
specified duration from the time of evaluation. Otherwise you're open to
being fed metadata that's valid forever and that makes key revocation
impossible.
-- Scott
More information about the users
mailing list