The openinfocard id selector now validates the signature of an imported information card and checks the validity dates of the signing certificate. The certificate chain and revocation lists are NOT checked. This is one feature that blocks an 1.0 release ;-)
Please make sure that you always use the latest version of the xmldap.jar (if you have an RP or STS that needs it) and xmldap.xpi (the id selector). In April I committed a version of the RP (xmldap.jar) to the svn repository that did not work with DigitalMe. I apologize for that.
Integrity Properties for Federations
2 weeks ago
No comments:
Post a Comment