The PKIX engines evaluate certificates against "key names" identified in Metadata and then against a set of PXIX validation rules either embedded in a Metadata extension or configured locally/statically. It is a superset of the older ShibbolethTrustEngine.
...