Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Since the use XML attribute is missing on a type 3 key descriptor, such a key may be used for all of the above, that is, for signing, TLS, and encryption.

titleRecognizing an a TLS Key in Metadata

Any <md:KeyDescriptor> element in metadata that has either a use="signing" attribute or no use attribute whatsoever is intended for use with TLS.



Keys in IdP Metadata

In the InCommon Federation, IdP metadata typically contains two role descriptors: an <md:IDPSSODescriptor> element and an <md:AttributeAuthorityDescriptor> element. Normally, each role descriptor contains a single type 1 key descriptor (with use="signing" XML attribute). Although not required, the two key descriptors almost always contain the very same key.