...
Three types of trust engine are available by default, these are distinguished by the type="" attribute.
Type | Description |
|---|---|
Extracts keys to trust directly from the metadata of the peer. | |
Extracts key identifiers (i.e. certificate names) to trust from the metadata of the peer, but also extracts sets of trust anchors from a special metadata extension and then applies path validation to candidate certificates. | |
Extracts key identifiers (i.e. certificate names) to trust from the metadata of the peer, and then applies path validation to candidate certificates based on a static list of trust anchors. The difference from the previous engine is that the list of anchors is fixed and does not vary based on whose credentials are being examined. |
Common Attributes
Name | Type | Default | Description |
|---|
type type | string | Required | Plugin type name. |
Common Child Elements
Name | Cardinality | Description | |
|---|---|---|---|
<KeyInfoResolver> <KeyInfoResolver> | 0 or 1 | Advanced plugin interface for | |
mapping <ds: |
KeyInfo> elements into keying material. Mostly for future use. |