The validUntil attribute in SP metadata: should we require it?

shibboleth655 at shibboleth655 at
Fri Sep 13 09:38:30 EDT 2019

We run a local federation for on-campus SPs. These SPs are both 
locally-run applications as well as third-party cloud applications. Some 
of the submitted SP metadata has the validUntil attribute, most does not.

Many (most?) of our SPs would rather omit it entirely as it is just one 
more thing that can get in the way of their application working.

When an SP operator asks why they should include the validUntil 
attribute I say that it if they don't have their own reasons for using 
it, it _does_ force life-cycle management.

I would like to hear what other IdP operators do for validUntil: do they 
require it? encourage it? reasons?

More information about the users mailing list