Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


This model has been standardized as part of a Metadata Interoperability profile at OASIS. It's also documented in the ExplicitKeyTrustEngine topic.


A full description of the security implications of metadata usage is beyond the scope of this material, but be advised that this profile generally requires the enclosing metadata include an expiration time using a validUntil XML attribute. This prevents older signed metadata containing retired or compromised keys from being accepted.