quick expiry of SP Meta data

Lalith Jayaweera ljayaweera at gmail.com
Sun May 5 21:30:30 EDT 2019

I will discourage this, however if we can come up with some meta data
signing process with the SP,

Then I believe that is the way to go? correct?

On Sat, May 4, 2019 at 2:10 AM Tom Scavo <trscavo at gmail.com> wrote:

> On Fri, May 3, 2019 at 4:08 AM Lalith Jayaweera <ljayaweera at gmail.com>
> wrote:
> >
> > Please let me know how to proceed on this.
> The question how to manage untrusted metadata comes up periodically so
> I contributed a solution. [1] Basically the process consists of
> downloading the new metadata and comparing it with the old metadata.
> If there's no change (apart from the validUntil attribute), simply
> move the new metadata into the source directory. Otherwise, notify a
> human that the new metadata needs to be reviewed. Except for the
> review process, all of this can be scripted.
> Hope this helps,
> Tom
> [1] https://wiki.shibboleth.net/confluence/x/FoWqAg
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190506/95db2fc5/attachment.html>

More information about the users mailing list