No. I am talking about metadata used to exchange out-of-band information about what asserting party a relying party should trust and what relying party an asserting provider should issue tokens for.
Currently, in CXF you establish trust between the relying party and the asserting provider (i.e. service provider and identity provider) by exchanging certificates out-of-band. This gives the service provider a way to ascertain that the SAML token was not tampered with. However, the service provider may want to validate other aspects of the assertion such as the issuer id and audience restriction. Conversely, you may want to tightly control what relying parties an STS will issue tokens for. You may also want to associate a public certificate with the relying party so that the STS can encrypt parts of the assertion so that only the relying party can use them. The SAML metadata specification describes a "standard" way to share this kind of information between the relying party and the asserting party. Technically speaking, you could come up with your own way of sharing that information but SAML metadata makes life easier to share. -- View this message in context: http://cxf.547215.n5.nabble.com/SAML-metadata-tp5723816p5724147.html Sent from the cxf-user mailing list archive at Nabble.com.
