OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] Same certificate for https and SAML signing

* Vasu Y <vyal2k@yahoo.com> [2014-03-10 17:51]:
>  We already have an (SSL) certificate to make our app available on
> https. Any thoughts (best practice) on using the same key-pair for
> SAML signing and encryption purpose or go with a new one?

That depends on the relying-parties you're intending to federate with,
as well as the trust model. E.g. if you can get by with a self-signed
certificate for securing SAML messages (e.g. following
https://wiki.oasis-open.org/security/SAML2MetadataIOP) -- that's often
preferrable since you can then roll over keys on your own terms,
instead of those imposed by the CA -- you'll end up with different key
pairs for TLS/SSL/HTTPS and SAML.
-peter

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]