Metadata Typo Causes Integration Headaches
Marvin Addison
serac at vt.edu
Tue Sep 18 09:20:28 EDT 2018
On Tue, Sep 18, 2018 at 9:10 AM Cantor, Scott <cantor.2 at osu.edu> wrote:
> what I would certainly suggest is schema validating. It doesn't catch every metadata mistake but it certainly catches this sort of thing in most cases.
Wholeheartedly agree that schema validation is a best practice for
catching simple mistakes, but avoiding hand-editing XML is my goal for
commonplace integrations.
> > 2. Metadata-based credential resolution is complicated by filtering
> > that can reduce the effective key set from what's patently defined in
> > metadata XML files.
>
> Not sure I followed that.
Not surprised -- I was groping for words. Let me try again: just
because you have what appears to be the right certificate defined in
your metadata, there's some complex policy machinery that can
effectively remove it from consideration: usage constraints, algorithm
constraints, etc. Frankly I'm not even certain of all the ways that a
credential can be filtered out from consideration, but I convinced
myself there's a lot of machinery there that I didn't fully appreciate
and still don't fully understand.
M
More information about the users
mailing list