...
If you don't refresh your metadata regularly, it is likely your software implementation will fail at some point since the XML document carries an expiration date (validUntil) that causes the metadata to expire in three weeks. InCommon strongly recommends that you do not rely on the actual length of this validity interval in any way, and in fact, we reserve the right to shorten the validity interval with little or no notice.
...
Expiry Verification
Federation metadata is also limited in validity period, much as a certificate or certificate revocation list would be in a PKI-oriented systemhas an expiration date, much like an X.509 certificate. It is important that expired metadata not be accepted, but it is equally important that metadata without , otherwise an attacker would be able to substitute expired metadata in conjunction with a metadata refresh. In particular, a metadata file should not be accepted if any of the following conditions are true:
- If the metadata file does not have a
validUntilattribute on the root element. - If the
validUntilattribute on the root element is expired. - If the
validUntilattribute on a child element is expired.
also not be accepted.Such metadata, if properly signed, could be used by an attacker in conjunction with the prevention of proper metadata refresh, and older InCommon metadata from the early years of the federation lacks an expiration. A metadata reload process should check for and ensure that a validUntil attribute is present, and reasonable, each of the above conditions before accepting the metadata.
...