Versions Compared

Old Version 16

changes.mady.by.user trscavo@internet2.edu

Saved on

compared with

New Version 17

changes.mady.by.user trscavo@internet2.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tip
When you're done with this primer, read the topic on Shibboleth Keys and Certificates.

Terminology

  • KeyDescriptor : An <md:KeyDescriptor> element in SAML metadataKeyDescriptor of type “signing”: An <md:KeyDescriptor use=”signing”> element in ”signing”> element in SAML metadata

  • KeyDescriptor of type “encryption”: An <md:KeyDescriptor use=”encryption”> element in element in SAML metadata

  • Signing certificate: A public key certificate bound to a KeyDescriptor of type “signing” in SAML metadata. A signing certificate is indistinguishable from a back-channel TLS certificate in metadata.

  • Back-channel TLS certificate: A public key certificate bound to a KeyDescriptor of type “signing” in SAML metadata. A back-channel TLS certificate is indistinguishable from a signing certificate in metadata.

  • Encryption certificate: A public key certificate bound to a KeyDescriptor of type “encryption” in SAML metadata.

  • Credential: A private key plus its corresponding public key certificate.

  • Signing credential: A key pair used for XML Signature. The public key is bound to a signing certificate in metadata. The private key is securely held by the party that signs the XML message.

  • Back-channel TLS credential: A key pair used for back-channel TLS authentication. The public key is bound to a back-channel TLS certificate in metadata. The private key is securely held by the party to be authenticated.

  • Encryption credential: A key pair used for XML Encryption. The public key is bound to an encryption certificate in metadata. The private key is securely held by the party that decrypts the XML message.

...