The PKIX engines (type="PKIX", type="StaticPKIX") this Trust Engine evaluate certificates against "key names" identified in Metadatametadata and then against a set of PXIX validation rules either embedded in a Metadatametadata extension or configured locally/statically. It is a superset of the older ShibbolethTrustEngine.
| Table of Contents |
|---|
Experience has shown that this approach is significantly more complex than the ExplicitKeyTrustEngine, and it is not recommended for most deployments.
...