IdP3.2.1 metadata config and requireSignedRoot

Brent Putman putmanb at
Tue Dec 22 14:27:33 EST 2015

On 12/22/15 12:36 PM, Tom Scavo wrote:
> I had no idea that was referring to a root XML element. I thought it
> was in some way referencing a root certificate.

That potential ambiguity literally never occurred to me.  I guess
because the metadata resolvers and filters don't actually have any
knowledge of anything at that level of trust.  Anything like that would
be buried in a TrustEngine config, or the criteria you feed to one, or
something like that.  Also, I suppose, b/c there's not really AFAIK any
such thing as an unsigned certificate.

More information about the users mailing list