metadata-support - RE: [Metadata-Support] Question on updating metadata with new certificates
Subject: InCommon metadata support
List archive
- From: Brad MacDonald <>
- To: "" <>
- Subject: RE: [Metadata-Support] Question on updating metadata with new certificates
- Date: Thu, 26 May 2016 16:41:01 +0000
- Accept-language: en-US
Thanks Scott and Tom for your responses on this. Luckily we only have 6
IdP's that are in this configuration so maybe we will be able to coordinate
the effort with the least amount of downtime.
Brad MacDonald
Skillsoft | phone: 613.963.0332 | mobile: 613.858.7414
Senior Platform Engineer, Hosting
| www.skillsoft.com
-----Original Message-----
From:
[mailto:]
On Behalf Of Cantor, Scott
Sent: Thursday, May 26, 2016 12:36 PM
To:
Subject: RE: [Metadata-Support] Question on updating metadata with new
certificates
> I'm afraid that's the answer to your original question. If your
> software does not support multiple decryption keys, it's not possible
> to migrate an encryption certificate in metadata without loss of
> service.
Modulo the obvious:
- flag days
- forcing all IdPs to disable encryption ahead of time
If your software is like this, I would advise you not support encryption
because, well, you really don't. Supporting things like encryption badly are
generally worse for the IdP than not supporting them, since they just end up
creating problems later.
I tend to ask about this when I'm dealing with vendors and this is one of my
red flags for asking if I can turn off encryption for their service.
-- Scott
- [Metadata-Support] Question on updating metadata with new certificates, Brad MacDonald, 05/26/2016
- [Metadata-Support] RE: Question on updating metadata with new certificates, Cantor, Scott, 05/26/2016
- Re: [Metadata-Support] Question on updating metadata with new certificates, Tom Scavo, 05/26/2016
- RE: [Metadata-Support] Question on updating metadata with new certificates, Brad MacDonald, 05/26/2016
- Re: [Metadata-Support] Question on updating metadata with new certificates, Tom Scavo, 05/26/2016
- RE: [Metadata-Support] Question on updating metadata with new certificates, Cantor, Scott, 05/26/2016
- RE: [Metadata-Support] Question on updating metadata with new certificates, Brad MacDonald, 05/26/2016
- RE: [Metadata-Support] Question on updating metadata with new certificates, Cantor, Scott, 05/26/2016
- RE: [Metadata-Support] Question on updating metadata with new certificates, Brad MacDonald, 05/26/2016
- RE: [Metadata-Support] Question on updating metadata with new certificates, Cantor, Scott, 05/26/2016
- Re: [Metadata-Support] Question on updating metadata with new certificates, Tom Scavo, 05/26/2016
- RE: [Metadata-Support] Question on updating metadata with new certificates, Brad MacDonald, 05/26/2016
Archive powered by MHonArc 2.6.16.