IdP startup issues

Thu Apr 3 12:24:15 EDT 2014

On 4/3/14, 12:20 PM, "Joel Goguen" <joel.goguen at unb.ca> wrote:
>
>Would that still apply if the metadata backingFile is present and still
>valid according to its validUntil rules? For our internal services, we've
>never had problems; it's entirely external services where we can't manage
>the SP at all that have caused us problems.

Does what still apply?

And the issue with pulling metadata is really about trust, not external
vs. internal. It's just not secure to ask somebody for their own metadata,
it doesn't mean anything. It's like asking somebody to create their own
passport.

When it's done once, OOB, then that's a choice, but it's not meant to be
done in real time unless the file is signed and the key has been shared
OOB.

-- Scott