metadata-support - Re: [Metadata-Support] MDQ format options?
Subject: InCommon metadata support
List archive
- From: "Cantor, Scott" <>
- To: "" <>
- Subject: Re: [Metadata-Support] MDQ format options?
- Date: Wed, 7 Dec 2016 23:56:24 +0000
- Accept-language: en-US
- Authentication-results: spf=pass (sender IP is 164.107.81.222) smtp.mailfrom=osu.edu; incommon.org; dkim=none (message not signed) header.d=none;incommon.org; dmarc=bestguesspass action=none header.from=osu.edu;
- Ironport-phdr: 9a23:khDyOBRMTucp06sPAA1GDPqrT9psv+yvbD5Q0YIujvd0So/mwa6zZR2N2/xhgRfzUJnB7Loc0qyN4vumBDdLucnJmUtBWaQEbwUCh8QSkl5oK+++Imq/EsTXaTcnFt9JTl5v8iLzG0FUHMHjew+a+SXqvnYdFRrlKAV6OPn+FJLMgMSrzeCy/IDYbxlViDanb75/KBu7oR/Ru8QYjoduNqQ8wQbVr3VVfOhb2XlmLk+JkRbm4cew8p9j8yBOtP8k6sVNT6b0cbkmQLJBFDgpPHw768PttRnYUAuA/WAcXXkMkhpJGAfK8hf3VYrsvyTgt+p93C6aPdDqTb0xRD+v4btnRAPuhSwaMTMy7WPZhdFqjK9DoByvuQFxw5Labo+WOvpxfKLdcs8VS2VORctRSzdOAoagY4cTE+YMP+BVpJT9qVsUqhu+ABGhCO3xxzBSgH/2wao60/45HQrbwQIvA9UOsGjIrNn7KawfVvy6w7POzTXfaPNWwy3x5JbTfxAmuvGMQKh8ftTMxkkyDg7IiEibp4/9Pz6Ny+gBr2eW4/BvWO+tkWIqpQ98riKyysswiITFnp8Zxk7H+Clj3Yo4Kty1RFR/bNOrCpddti6XO5N4Qsw8QGxkpCM3x7gItJO/fSUG1JEqyAPCZPGEcoWF5wnsW/yPLTp9nn1qZayzihe0/EO90OPzTNO030xPriddktnDqHQN1xvL58afVvZz+Vut1SuW2w3O8u9JL1k4la3AJJE/2LIwkYcTsVjYES/xhUX2irKZel88+uiy7OTnfqvpqYOAN491jQH+NL4imsuiAeQkNggOWG+b+eem2LL/+k35Ra1GjvwwkqbHrJDXPdkXqrK2DgNP3Ysu6QyzAjmo3dgCgHULMFBIdAqCj4fzOlHOJP74De24g1SpiDpk2+rJPrv9ApXKNHjPiqntcK16605H1Qo/185Q6I9JCr0ZOvL8RlfxtMDEDh8+KwG0wuDnB8l61oMbXGKPBamZPLnVsV+S6eIjOuyMa5EJuDnnNvcq/eLugmUglV8GYKmpxYMXaHeiHvR6OEiZZXvsgswdEWcRoAYyVu3qiFueUTFNfXayWbwz5i0lBI68E4jMW52t0/S923LxG5BKb2xPFlnJCmrwb4KeR98NbimVJ8pmlHoDT7frA9sk2A2nuAbmwv98M/LM/TcEnZPl399w4urV0xYo+monId6a1jTHZGhygmQSA3cN16djvQY1nlyK17R/mboCPdtI+rVEXhpsZs2U9PBzF92nAlGJRdyOUlvzGtg=
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
On 12/7/16, 6:47 PM,
"
on behalf of Tom Poage"
<
on behalf of
>
wrote:
> I sense there’s also not much middle ground (vs. dichotomy) to make it
> relatively easy for Right Thing deployers to do just
> that, and to present a semi-surmountable obstacle to Wrong Thing deployers
> to do, well, just that.
I think a non-commercial trust path for the TLS layer does exactly that, as
best it can be done.
Those verifying signatures can frankly ignore the TLS part if they like and
they'd still be better off than using http alone. Those not verifying
signatures either do nothing (which they'll do regardless) or just choose to
trust the cert, it's not that hard.
I don't think it's a burden to install a CA. On Windows it's a double click.
If you claim as a vendor that it's against your security policy, that's
laughable when none of the CAs you already trust have any business certifying
SAML metadata.
-- Scott
- Re: [Metadata-Support] MDQ format options?, (continued)
- Re: [Metadata-Support] MDQ format options?, David Langenberg, 12/06/2016
- Re: [Metadata-Support] MDQ format options?, Tom Poage, 12/07/2016
- Re: [Metadata-Support] MDQ format options?, Klingenstein, Nate, 12/07/2016
- Re: [Metadata-Support] MDQ format options?, Cantor, Scott, 12/07/2016
- Re: [Metadata-Support] MDQ format options?, Tom Scavo, 12/07/2016
- Re: [Metadata-Support] MDQ format options?, Cantor, Scott, 12/07/2016
- Re: [Metadata-Support] MDQ format options?, Tom Scavo, 12/08/2016
- RE: [Metadata-Support] MDQ format options?, Cantor, Scott, 12/08/2016
- Re: [Metadata-Support] MDQ format options?, Tom Scavo, 12/07/2016
- Re: [Metadata-Support] MDQ format options?, Tom Scavo, 12/07/2016
- Re: [Metadata-Support] MDQ format options?, Tom Poage, 12/07/2016
- Re: [Metadata-Support] MDQ format options?, Cantor, Scott, 12/07/2016
- Re: [Metadata-Support] MDQ format options?, Nick Roy, 12/08/2016
- Re: [Metadata-Support] MDQ format options?, Tom Poage, 12/07/2016
Archive powered by MHonArc 2.6.19.