...
Tip |
---|
When you're done with this primer, read the topic on Shibboleth Keys and Certificates. |
Terminology
KeyDescriptor : An
<md:KeyDescriptor>
element in SAML metadataKeyDescriptor of type “signing”: An A<md:KeyDescriptor use=
”signing”> element in”signing”>
element in SAML metadataKeyDescriptor of type “encryption”: An A
<md:KeyDescriptor use=”encryption”>
element in element in SAML metadataSigning certificate: A public key certificate bound to a KeyDescriptor of type “signing” in SAML metadata. A signing certificate is indistinguishable from a back-channel TLS certificate in metadata.
Back-channel TLS certificate: A public key certificate bound to a KeyDescriptor of type “signing” in SAML metadata. A back-channel TLS certificate is indistinguishable from a signing certificate in metadata.
Encryption certificate: A public key certificate bound to a KeyDescriptor of type “encryption” in SAML metadata.
Credential: A private key plus its corresponding public key certificate.
Signing credential: A key pair used for XML Signature. The public key is bound to a signing certificate in metadata. The private key is securely held by the party that signs the XML message.
Back-channel TLS credential: A key pair used for back-channel TLS authentication. The public key is bound to a back-channel TLS certificate in metadata. The private key is securely held by the party to be authenticated.
Encryption credential: A key pair used for XML Encryption. The public key is bound to an encryption certificate in metadata. The private key is securely held by the party that decrypts the XML message.
...