MetadataFilterConfiguration

Metadata can be filtered, after loading it but before its use. Filters are specified as a series of <MetadataFilter> elements, which are processed in the order in which they occur as children of the containing <MetadataProvider> element.

Like metadata providers, metadata filters are defined by their xsi:type attribute.  All other attributes and child elements are specific to each filter. The filter types provided are below.

xsi:type

Description

xsi:type

Description

RequiredValidUntil

Important for secure processing of metadata containing keys, this filter forces the metadata to carry an expiration date and limits the size of the corresponding validity interval

SchemaValidation

Performs XML schema validation on the metadata

SignatureValidation

A common filter that checks the signature on signed metadata

EntityRoleWhiteList

EntityRole 4.1

A memory-saving filter that deletes unneeded role information from the metadata

EntityAttributes

A policy aid, this filter adds information, allowing "tags" to be attached to metadata for use in other parts of the system

Algorithm

Another additive filter, adds extension elements that signal use of alternative cryptographic algorithms

Predicate

An extensible include/exclude filter that removes matching (or keeps only matching) entities based on a set of built-in rules, or with an arbitrary condition

NameIDFormat

A policy aid, this filter adds information, allowing <NameIDFormat> elements to be attached to metadata for use in driving identifier format selection.

ByReference

A syntax aid, this filter attaches separately defined filters to metadata providers from "outside" the declaration of the providers.