How to set the SP metadata expiration date
Cantor, Scott
cantor.2 at osu.edu
Thu Oct 18 15:51:47 EDT 2012
On 10/18/12 3:15 PM, "Yaowen Tu" <yaowen.tu at gmail.com> wrote:
>
>Can you tell me how should I interpret this sentence in SAML spec: When
>used as the root element of a metadata instance, this element MUST
>contain either a validUntil or cacheDuration attribute.
It means that it's expected that any metadata file has to have one or the
other depending on how it's being exchanged and updated.
>You said it depends on my trust model. Could you please elaborate a
>little bit more? When it is a "must" and when it is optional? or just
>give me a simple example?
It depends what you use the metadata for and what the implications of
invalid metadata are and what the threat models from an attacker are.
> I have referred to this
>wiki:https://wiki.shibboleth.net/confluence/display/SHIB2/Metadata, and
>its sub pages, but I didn't find related discussion.
I thought it was more integrated in that topic, but I think it's mainly
here
https://wiki.shibboleth.net/confluence/display/SHIB2/TrustManagement
-- Scott
More information about the users
mailing list