The <TrustEngine>
element configures the trust engine used by the SP to authenticate the security messages it receives. It works in conjunction with the security policy layer to secure the system.
...
Identified by type="ExplicitKey"
, extracts keys to trust directly from the metadata of the peer.
For detailed information about how this engine works, see the ExplicitKeyTrustEngine topic.
...
Identified by type="PKIX"
, extracts key identifiers (i.e. certificate names) to trust from the metadata of the peer, but also extracts sets of trust anchors from a special metadata extension and then applies path validation to candidate certificates.
...
Identified by type="StaticPKIX"
, extracts key identifiers (i.e. certificate names) to trust from the metadata of the peer, and then applies path validation to candidate certificates based on a static list of trust anchors.
...