Metadata expiry and computing a new expiration time.
Peter Schober
peter.schober at univie.ac.at
Fri Sep 18 05:27:05 EDT 2015
* Simon Fraser <srf at sanger.ac.uk> [2015-09-18 11:12]:
> It's not updating the expiry time in the local copy of the file when it
> checks for a new version and there isn't one, I don't know if that's
> necessary or not
What should it update when there's no new metadata?
> what happens when there isn't a new version within 14 days?
The locally cached metadata will expire and all entities in there will
become unkown to the IDP, i.e., it will lose everything in there.
That protects you from potentially "revoked" entities (you don't hold
on to entities that may have been removed meanwhile), at the price of
the federation operator having to constantly re-sign and re-publish
metadata.
https://wiki.shibboleth.net/confluence/display/CONCEPT/TrustManagement
-peter
More information about the users
mailing list