In many typical cases, the MDQ plugin may be easier to configure as it automates certain options when using a compliant metadata source.

Overview

Identified by type="Dynamic", this MetadataProvider loads metadata on-demand from an HTTP server. The precise URL accessed is derived from the entityID of the peer and may be literal (i.e., that entityID) or more commonly constructed based on a simple substitution or transform involving the entityID. It is optimized to be reliable and efficient by caching in-memory and on-disk and by preventing unnecessary re-processing via HTTP caching support.

Reference

The type="Dynamic" attribute must be present.

Additionally, exactly one of the following child elements must be present:

Name

Description

<Subst>

Simple transform whose element content consists of a string containing the substring "$entityID", into which the entityID value is substituted.

If this element contains a hashed attribute, the value must be the OpenSSL algorithm name of a digest algorithm (e.g. SHA1) to apply to the entityID.

If the element contains an encoded attribute set to "false", the value will be replaced directly, otherwise it will be URL-encoded first.

<Regex>

Complex transform containing a match attribute containing a regular expression against which the entityID value is applied, and whose element content contains a replacement expression to run based on the results of the match. Only numeric/positional group references (e.g. $1) are supported.

Example

Dynamic Metadata Source
<MetadataProvider type="Dynamic" id="mdq.example.org" ignoreTransport="true" cacheDirectory="mdq-example-org">
	<Subst hashed="SHA1">http://mdq.example.org/global/entities/$entityID</Subst>
	<MetadataFilter type="Signature" certificate="metadata-signing-key.pem"/>
    <MetadataFilter type="RequireValidUntil" maxValidityInterval="8640000"/>
</MetadataProvider>