The validUntil attribute in SP metadata: should we require it?
Cantor, Scott
cantor.2 at osu.edu
Fri Sep 13 10:01:05 EDT 2019
On 9/13/19, 9:43 AM, "users on behalf of shibboleth655 at lewenberg.com" <users-bounces at shibboleth.net on behalf of shibboleth655 at lewenberg.com> wrote:
> I would like to hear what other IdP operators do for validUntil: do they
> require it? encourage it? reasons?
This doesn't get at the trust model you're using. The practical point of validUntil is to manage revocation windows when metadata is provided by a trusted third party. Having a useful validUntil implies frequent, regular re-signing of the metadata by the trust anchor. If that's not happening, there is no point to using it.
-- Scott
More information about the users
mailing list