...
Technically the SP includes a third engine, a legacy plugin that consumes a file format for defining keys and path validation rules that was created for ShibOnedotTwo. It is rather confusing to use, has not been documented, and will not be supported in future versions. Existing federations may supply information in that format until all upgrades to ShibOnedotThree are completed. It does complicate the world though.
ShibTwodotZero Shibboleth 2.0 has a significantly refactored foundation that moves much/all of the TrustManagement functionality into the lower library layers, primarily so that other developers can take advantage of our innovations. The basic design is similar, though, and there is an ExplicitKeyTrustEngine and a PKIXTrustEngine (with a Shibboleth-specific extension class) that are a functional superset of the earlier BasicTrustEngine and ShibbolethTrustEngine implementations. Differences are noted.
...