Skip to Content.
Sympa Menu

interfed - Re: [inc-interfed] Apr 30 agenda / Apr 16 notes

Subject: Interfederation

List archive

Re: [inc-interfed] Apr 30 agenda / Apr 16 notes


Chronological Thread 
  • From: Ian Young <>
  • To:
  • Subject: Re: [inc-interfed] Apr 30 agenda / Apr 16 notes
  • Date: Wed, 17 Apr 2013 08:42:40 +0100
  • Authentication-results: sfpop-ironport01.merit.edu; dkim=pass (signature verified [TEST])


On 16 Apr 2013, at 22:19, Tom Scavo
<>
wrote:

> On Tue, Apr 16, 2013 at 3:03 PM, Jim Basney
> <>
> wrote:
>>
>> The validUntil in metadata is hop-by-hop. Want eduGAIN to validate
>> validUntil that it pulls, then include validUntil in eduGAIN published
>> metadata aggregate.
>
> Wouldn't it be better for the aggregator (eduGAIN in this case) to tag
> the aggregate with a validUntil date that is the MINIMUM of all the
> individual validUntil dates?

No. The function of validUntil is to protect against replay attacks in which
a once valid aggregate is presented to the same consumer in order to bring
compromised entity credentials back into use. It's applied independently at
each producer and verified by the corresponding consumer. There is no need
for any pass-through behaviour to implement this protection.

Doing arithmetic on validUntil does not improve the hop-by-hop protection,
and puts you in a position where any of the upstream aggregates can control
the validity interval for the entire downstream aggregate, whether
deliberately, accidentally or by going offline for a long period. This is
clearly undesirable, and aggregators should simply not overthink this.

InCommon operates as an aggregator when it generates its production aggregate
from individual entity descriptors. I don't think you'd want to allow a
global property of the aggregate (such as validUntil, but this applies
generally) to be influenced by those individual contributions.

-- Ian



Attachment: smime.p7s
Description: S/MIME cryptographic signature




Archive powered by MHonArc 2.6.16.

Top of Page