IdP3.2.1 metadata config and requireSignedRoot
putmanb at georgetown.edu
Tue Dec 22 14:27:33 EST 2015
On 12/22/15 12:36 PM, Tom Scavo wrote:
> I had no idea that was referring to a root XML element. I thought it
> was in some way referencing a root certificate.
That potential ambiguity literally never occurred to me. I guess
because the metadata resolvers and filters don't actually have any
knowledge of anything at that level of trust. Anything like that would
be buried in a TrustEngine config, or the criteria you feed to one, or
something like that. Also, I suppose, b/c there's not really AFAIK any
such thing as an unsigned certificate.
More information about the users