Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Identified by type="ExplicitKey", this Trust Engine extracts keys and certificates directly from Metadata to evaluate signatures or TLS credentials. It is an enhanced version of the original BasicTrustEngine from older versions of the SP and is a superset, meaning that anything permitted by the old engine is still permitted.

It has the following behavior, implications, and problems.

Table of Contents

Attributes

NameTypeDefaultDescription

type 

string

Required
ExplicitKey

Plugin type name.

Child Elements

Name

Cardinality

Description

<KeyInfoResolver> 0 or 1

Advanced plugin interface for mapping <ds:KeyInfo> elements into keying material. Mostly for future use.

Validating Signatures

Each <md:KeyDescriptor> is resolved into a key. If the signature can be verified with one of the keys, then the engine returns success.

...