Interfederation

[John Krienke <>]

On 5/28/13 6:40 PM, Cantor, Scott wrote:
> > "Compromised keys MUST be removed from an entity's metadata."
> > >
> > >This is a policy statement for the MD Producer to follow.
> IOP is not trying to talk about how you construct the metadata, but rather
> what it means, but unfortunately politics around PKIX meant that this was
> very hard to get across without people complaining.
>
> If the key is present, the consumer is obligated to treat it as valid.

I see. MD-IOP is really trying to say something like, "A key in published MD is 
always considered valid."

It seems then, that Relying Parties of IdP or SP metadata still assume somewhere 
that,
"a private key associated with a published public key in metadata is under the 
exclusive control of the named metadata owner" (where control could be defined 
as including an authorized outsourced subcontractor). That's a policy assumption 
though, and it might include a statement about compromised keys and the 
reasonable timing of their removal from published MD. That document might be an 
RPS rather than this MD-IOP. Some minimal -- very minimal -- number of policy 
statements like this seem critical to scaling interfederation.

john.