...
The <SecurityPolicies> element is a container for one or more uniquely identified <Policy> elements that control low-level security and profile processing performed by the SP. It also contains mechanisms to enable and disable security algorithms.
The system is flexible enough to allow very fine-grained selection of different policies to use for different use cases or even different IdPs, but this is not a commonly needed feature and the vast majority of deployments will just use the defaults, or at least a single default policy.
Reference
Child Elements
Name | Cardinality | Description |
|---|---|---|
<Policy> | 1 or more | Security policy rules. These must be the first child elements. |
<AlgorithmWhitelist> | 0 or 1 | DEPRECATED: Whitespace-delimited list of algorithm URIs to explicitly enable |
<IncludedAlgorithms> 3.2 | 0 or 1 | Whitespace-delimited list of algorithm URIs to explicitly enable |
0 or 1 | DEPRECATED: Whitespace-delimited list of algorithms to explicitly disable | |
<ExcludedAlgorithms> 3.2 | 0 or 1 | Whitespace-delimited list of algorithms to explicitly disable |
Custom security policies can be defined at the level of a specific application or protocol endpoint and referenced via a policyId attribute, but in most cases, the default policy is appropriate for all typical exchanges.
...