IdP startup issues

Joel Goguen joel.goguen at
Thu Apr 3 12:37:45 EDT 2014

> And the issue with pulling metadata is really about trust, not external vs.
> internal. It's just not secure to ask somebody for their own metadata, it
> doesn't mean anything. It's like asking somebody to create their own
> passport.
> When it's done once, OOB, then that's a choice, but it's not meant to be done
> in real time unless the file is signed and the key has been shared OOB. 
So, I obviously horrifically misunderstand the processes around metadata. Is and its children enough to start reading to fix my understandings or are there other resources I should be reading as well?

More information about the users mailing list