I'm not sure this is the right place to ask this Q but I've been thinking
about trust in a federation.
Would it ever be likely that, say, an IdP could have the same entityID in
two different federations but each federation used the shibboleth method
of trust, i.e. the federation metadata for both federations would contain
the KeyAuthority extensions for root CAs. However, fed1 was the uk
federation, which trusts a lot of root CAs but fed2 is a high security
federation, say medical image sharing and it only trusts one CA, itself.
It issues its own certificates to entities.
Is this ever likely to be seen in the wild? Or should an entity, such as
an IdP, identify itself differently in different federations? i.e. have a
different entityID (providerId) for each federation?
Alistair
--
mov eax,1
mov ebx,0
int 80h
|