Versions Compared

Old Version 11

changes.mady.by.user trscavo@internet2.edu

Saved on

compared with

New Version 12

changes.mady.by.user trscavo@internet2.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info
titleUse of TLS Certificates

In addition to message-level signing and encryption, X.509 certificates in metadata are used for TLS back-channel SOAP exchanges, typically on a nonstandard port such as 8443. These certificates are not the same as and have nothing to do with TLS server certificates used for browser-facing transactions over port 443. The latter type of TLS certificates are not contained in metadata.

...

  • A signing key generally refers to a key pair used in conjunction with XML Signature. The private key is used to sign an XML node (such as a SAML response) while the corresponding public key is used to verify the signature. The latter is sometimes referred to as a verification key.

...

  • An encryption key generally refers to a key pair used in conjunction with XML Encryption. The public key is used to encrypt an XML node (such as a SAML assertion) while the corresponding private key is used to decrypt the ciphertext. (That's an over-simplification of XML Encryption, but it will suffice in what follows.) The latter is sometimes referred to as a decryption key.

...