[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] EntitiesDescriptor/@ID value
On 11/14/14, 6:55 PM, "Peter Schober" <peter.schober@univie.ac.at> wrote: >A question in our community arose, whether a dynamically changing >md:EntitiesDescriptor/@ID value in SAML metadata had any advantages, >esp. security-related ones, where the md:EntitiesDescriptor is signed >and the ID value is used as reference for signing (ds:Reference/@URI). Nope. >If doing so provides no real benefit (as some have claimed) a static >value would allow some metadata consumers to match on the ID value for >other, internal purposes. There's certainly no normative meaning attached to it, so I'd be leery of anything that wasn't just about the authoring process. >Though keeping the ID static at all times, even when the document >changes (e.g. <md:EntityDescriptor>s being added or removed or >changed), might also have/cause other issues? Nothing I'm aware of. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]