The PKIX engines (type="PKIX"
, type="StaticPKIX"
) this Trust Engine evaluate certificates against "key names" identified in Metadatametadata and then against a set of PXIX validation rules either embedded in a Metadatametadata extension or configured locally/statically. It is a superset of the older ShibbolethTrustEngine.
Table of Contents |
---|
Experience has shown that this approach is significantly more complex than the ExplicitKeyTrustEngine, and it is not recommended for most deployments.
...