From: Scott Cantor <cantor.2@osu.edu>
Date: Wed, 12 Jul 2006 01:14:48 +0000 (+0000)
Subject: Removed ValidatingXMLObject interface and implementations, first draft of metadata... 
X-Git-Tag: 2.0-alpha1~226
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-opensaml.git;a=commitdiff_plain;h=2fbc97e0dd6b51eed1e9b07c90e4317bd74e2e34

Removed ValidatingXMLObject interface and implementations, first draft of metadata provider APIs.
---

diff --git a/.cdtproject b/.cdtproject
index 6a24918..0a9b7ac 100644
--- a/.cdtproject
+++ b/.cdtproject
@@ -71,8 +71,10 @@
 <pathentry kind="src" path="saml/signature"/>
 <pathentry kind="src" path="saml/util"/>
 <pathentry kind="src" path="samltest/signature"/>
-<pathentry excluding="saml1/core/impl/|signature/" kind="src" path="samltest"/>
+<pathentry excluding="saml1/core/impl/|signature/|saml2/core/impl/|saml2/metadata/" kind="src" path="samltest"/>
 <pathentry kind="src" path="samltest/saml1/core/impl"/>
+<pathentry kind="src" path="samltest/saml2/core/impl"/>
+<pathentry kind="src" path="samltest/saml2/metadata"/>
 </item>
 </data>
 </cdtproject>
diff --git a/saml/Makefile.am b/saml/Makefile.am
index e36b1cd..e982a79 100644
--- a/saml/Makefile.am
+++ b/saml/Makefile.am
@@ -42,10 +42,9 @@ saml2coreinclude_HEADERS = \
 	saml2/core/Protocols.h 
 
 saml2mdinclude_HEADERS = \
-    saml2/metadata/Metadata.h
-#   saml2/metadata/MetadataFilter.h \
-#	saml2/metadata/MetadataProvider.h \
-#	saml2/metadata/MetadataResolver.h
+	saml2/metadata/Metadata.h
+	saml2/metadata/MetadataFilter.h \
+	saml2/metadata/MetadataProvider.h
 
 noinst_HEADERS = \
 	internal.h
@@ -61,7 +60,9 @@ libsaml_la_SOURCES = \
 	saml2/core/impl/Assertions20SchemaValidators.cpp \
 	saml2/core/impl/Protocols20Impl.cpp \
 	saml2/core/impl/Protocols20SchemaValidators.cpp \
+	saml2/metadata/impl/FilesystemMetadataProvider.cpp \
 	saml2/metadata/impl/MetadataImpl.cpp \
+	saml2/metadata/impl/MetadataProvider.cpp \
 	saml2/metadata/impl/MetadataSchemaValidators.cpp \
 	signature/ContentReference.cpp \
 	signature/SignatureProfileValidator.cpp \
diff --git a/saml/SAMLConfig.cpp b/saml/SAMLConfig.cpp
index 1f84e92..547526d 100644
--- a/saml/SAMLConfig.cpp
+++ b/saml/SAMLConfig.cpp
@@ -77,6 +77,7 @@ bool SAMLInternalConfig::init()
     saml2::registerAssertionClasses();
     saml2p::registerProtocolClasses();
     saml2md::registerMetadataClasses();
+    saml2md::registerMetadataProviders();
 
     log.info("library initialization complete");
     return true;
diff --git a/saml/SAMLConfig.h b/saml/SAMLConfig.h
index 0fd432d..bfd0a30 100644
--- a/saml/SAMLConfig.h
+++ b/saml/SAMLConfig.h
@@ -24,6 +24,9 @@
 #define __saml_config_h__
 
 #include <saml/base.h>
+#include <saml/saml2/metadata/MetadataProvider.h>
+
+#include <xmltooling/PluginManager.h>
 #include <xmltooling/unicode.h>
 #include <xmltooling/XMLToolingConfig.h>
 
@@ -92,6 +95,16 @@ namespace opensaml {
          * @return a valid null-terminated XML ID
          */
         virtual XMLCh* generateIdentifier()=0;
+        
+        /**
+         * Manages factories for MetadataProvider plugins.
+         */
+        xmltooling::PluginManager<saml2md::MetadataProvider,const DOMElement*> MetadataProviderManager;
+        
+        /**
+         * Manages factories for MetadataFilter plugins.
+         */
+        xmltooling::PluginManager<saml2md::MetadataFilter,const DOMElement*> MetadataFilterManager;
 
     protected:
         SAMLConfig() {}
diff --git a/saml/saml.vcproj b/saml/saml.vcproj
index c2b6e6a..aad767a 100644
--- a/saml/saml.vcproj
+++ b/saml/saml.vcproj
@@ -250,6 +250,14 @@
 							RelativePath=".\saml2\core\impl\Assertions20SchemaValidators.cpp"
 							>
 						</File>
+						<File
+							RelativePath=".\saml2\core\impl\Protocols20Impl.cpp"
+							>
+						</File>
+						<File
+							RelativePath=".\saml2\core\impl\Protocols20SchemaValidators.cpp"
+							>
+						</File>
 					</Filter>
 				</Filter>
 				<Filter
@@ -259,10 +267,18 @@
 						Name="impl"
 						>
 						<File
+							RelativePath=".\saml2\metadata\impl\FilesystemMetadataProvider.cpp"
+							>
+						</File>
+						<File
 							RelativePath=".\saml2\metadata\impl\MetadataImpl.cpp"
 							>
 						</File>
 						<File
+							RelativePath=".\saml2\metadata\impl\MetadataProvider.cpp"
+							>
+						</File>
+						<File
 							RelativePath=".\saml2\metadata\impl\MetadataSchemaValidators.cpp"
 							>
 						</File>
@@ -365,6 +381,14 @@
 						RelativePath=".\saml2\metadata\Metadata.h"
 						>
 					</File>
+					<File
+						RelativePath=".\saml2\metadata\MetadataFilter.h"
+						>
+					</File>
+					<File
+						RelativePath=".\saml2\metadata\MetadataProvider.h"
+						>
+					</File>
 				</Filter>
 			</Filter>
 			<Filter
diff --git a/saml/saml1/core/Assertions.h b/saml/saml1/core/Assertions.h
index a53893b..a8576ac 100644
--- a/saml/saml1/core/Assertions.h
+++ b/saml/saml1/core/Assertions.h
@@ -33,7 +33,6 @@
 #include <xmltooling/signature/KeyInfo.h>
 #include <xmltooling/signature/Signature.h>
 #include <xmltooling/util/DateTime.h>
-#include <xmltooling/validation/ValidatingXMLObject.h>
 #include <xmltooling/validation/ValidatorSuite.h>
 
 #define DECL_SAML1OBJECTBUILDER(cname) \
diff --git a/saml/saml1/core/impl/AssertionsImpl.cpp b/saml/saml1/core/impl/AssertionsImpl.cpp
index 099bdcc..2299d13 100644
--- a/saml/saml1/core/impl/AssertionsImpl.cpp
+++ b/saml/saml1/core/impl/AssertionsImpl.cpp
@@ -32,7 +32,6 @@
 #include <xmltooling/io/AbstractXMLObjectMarshaller.h>
 #include <xmltooling/io/AbstractXMLObjectUnmarshaller.h>
 #include <xmltooling/util/XMLHelper.h>
-#include <xmltooling/validation/AbstractValidatingXMLObject.h>
 
 #include <ctime>
 #include <xercesc/util/XMLUniDefs.hpp>
@@ -58,7 +57,6 @@ namespace opensaml {
         class SAML_DLLLOCAL AudienceRestrictionConditionImpl : public virtual AudienceRestrictionCondition,
             public AbstractComplexElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -70,7 +68,7 @@ namespace opensaml {
             }
                 
             AudienceRestrictionConditionImpl(const AudienceRestrictionConditionImpl& src)
-                    : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src), AbstractValidatingXMLObject(src) {
+                    : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 VectorOf(Audience) v=getAudiences();
                 for (vector<Audience*>::const_iterator i=src.m_Audiences.begin(); i!=src.m_Audiences.end(); i++) {
                     if (*i) {
@@ -95,7 +93,6 @@ namespace opensaml {
         class SAML_DLLLOCAL DoNotCacheConditionImpl : public virtual DoNotCacheCondition,
             public AbstractChildlessElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -106,8 +103,7 @@ namespace opensaml {
                 : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
             }
                 
-            DoNotCacheConditionImpl(const DoNotCacheConditionImpl& src)
-                    : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src), AbstractValidatingXMLObject(src) {
+            DoNotCacheConditionImpl(const DoNotCacheConditionImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
             }
             
             IMPL_XMLOBJECT_CLONE(DoNotCacheCondition);
@@ -119,7 +115,6 @@ namespace opensaml {
         class SAML_DLLLOCAL ConditionsImpl : public virtual Conditions,
             public AbstractComplexElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -134,8 +129,7 @@ namespace opensaml {
                 init();
             }
                 
-            ConditionsImpl(const ConditionsImpl& src)
-                    : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src), AbstractValidatingXMLObject(src) {
+            ConditionsImpl(const ConditionsImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 setNotBefore(src.getNotBefore());
                 setNotOnOrAfter(src.getNotOnOrAfter());
@@ -197,7 +191,6 @@ namespace opensaml {
             public AbstractSimpleElement,
             public AbstractChildlessElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -213,8 +206,7 @@ namespace opensaml {
             }
                 
             NameIdentifierImpl(const NameIdentifierImpl& src)
-                    : AbstractXMLObject(src), AbstractSimpleElement(src),
-                        AbstractDOMCachingXMLObject(src), AbstractValidatingXMLObject(src) {
+                    : AbstractXMLObject(src), AbstractSimpleElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 setFormat(src.getFormat());
                 setNameQualifier(src.getNameQualifier());
@@ -241,8 +233,7 @@ namespace opensaml {
             }
         };
 
-        class SAML_DLLLOCAL SubjectConfirmationDataImpl
-            : public virtual SubjectConfirmationData, public AnyElementImpl, public AbstractValidatingXMLObject
+        class SAML_DLLLOCAL SubjectConfirmationDataImpl : public virtual SubjectConfirmationData, public AnyElementImpl
         {
         public:
             virtual ~SubjectConfirmationDataImpl() {}
@@ -252,7 +243,7 @@ namespace opensaml {
             }
                 
             SubjectConfirmationDataImpl(const SubjectConfirmationDataImpl& src)
-                : AnyElementImpl(src), AbstractValidatingXMLObject(src) {
+                : AnyElementImpl(src) {
             }
             
             IMPL_XMLOBJECT_CLONE(SubjectConfirmationData);
@@ -261,7 +252,6 @@ namespace opensaml {
         class SAML_DLLLOCAL SubjectConfirmationImpl : public virtual SubjectConfirmation,
             public AbstractComplexElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -273,10 +263,7 @@ namespace opensaml {
                 init();
             }
                 
-            SubjectConfirmationImpl(const SubjectConfirmationImpl& src)
-                    : AbstractXMLObject(src),
-                        AbstractDOMCachingXMLObject(src),
-                        AbstractValidatingXMLObject(src) {
+            SubjectConfirmationImpl(const SubjectConfirmationImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 if (src.getSubjectConfirmationData())
                     setSubjectConfirmationData(src.getSubjectConfirmationData()->clone());
@@ -320,7 +307,6 @@ namespace opensaml {
         class SAML_DLLLOCAL SubjectImpl : public virtual Subject,
             public AbstractComplexElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -332,10 +318,7 @@ namespace opensaml {
                 init();
             }
                 
-            SubjectImpl(const SubjectImpl& src)
-                    : AbstractXMLObject(src),
-                        AbstractDOMCachingXMLObject(src),
-                        AbstractValidatingXMLObject(src) {
+            SubjectImpl(const SubjectImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 if (src.getNameIdentifier())
                     setNameIdentifier(src.getNameIdentifier()->cloneNameIdentifier());
@@ -368,7 +351,6 @@ namespace opensaml {
         class SAML_DLLLOCAL SubjectStatementImpl : public virtual SubjectStatement,
             public AbstractComplexElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -389,10 +371,7 @@ namespace opensaml {
                 init();
             }
                 
-            SubjectStatementImpl(const SubjectStatementImpl& src)
-                    : AbstractXMLObject(src),
-                        AbstractDOMCachingXMLObject(src),
-                        AbstractValidatingXMLObject(src) {
+            SubjectStatementImpl(const SubjectStatementImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 if (src.getSubject())
                     setSubject(src.getSubject()->cloneSubject());
@@ -410,7 +389,6 @@ namespace opensaml {
         class SAML_DLLLOCAL SubjectLocalityImpl : public virtual SubjectLocality,
             public AbstractChildlessElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -425,8 +403,7 @@ namespace opensaml {
                 init();
             }
                 
-            SubjectLocalityImpl(const SubjectLocalityImpl& src)
-                    : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src), AbstractValidatingXMLObject(src) {
+            SubjectLocalityImpl(const SubjectLocalityImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 setIPAddress(src.getIPAddress());
                 setDNSAddress(src.getDNSAddress());
@@ -455,7 +432,6 @@ namespace opensaml {
         class SAML_DLLLOCAL AuthorityBindingImpl : public virtual AuthorityBinding,
             public AbstractChildlessElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -471,8 +447,7 @@ namespace opensaml {
                 init();
             }
                 
-            AuthorityBindingImpl(const AuthorityBindingImpl& src)
-                    : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src), AbstractValidatingXMLObject(src) {
+            AuthorityBindingImpl(const AuthorityBindingImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 setAuthorityKind(src.getAuthorityKind());
                 setLocation(src.getLocation());
@@ -516,8 +491,7 @@ namespace opensaml {
                 init();
             }
                 
-            AuthenticationStatementImpl(const AuthenticationStatementImpl& src)
-                    : AbstractXMLObject(src), SubjectStatementImpl(src) {
+            AuthenticationStatementImpl(const AuthenticationStatementImpl& src) : AbstractXMLObject(src), SubjectStatementImpl(src) {
                 init();
                 setAuthenticationMethod(src.getAuthenticationMethod());
                 setAuthenticationInstant(src.getAuthenticationInstant());
@@ -576,7 +550,6 @@ namespace opensaml {
             public AbstractSimpleElement,
             public AbstractChildlessElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -589,9 +562,7 @@ namespace opensaml {
                     : AbstractXMLObject(nsURI, localName, prefix, schemaType), m_Namespace(NULL) {
             }
                 
-            ActionImpl(const ActionImpl& src)
-                    : AbstractXMLObject(src), AbstractSimpleElement(src),
-                        AbstractDOMCachingXMLObject(src), AbstractValidatingXMLObject(src) {
+            ActionImpl(const ActionImpl& src) : AbstractXMLObject(src), AbstractSimpleElement(src), AbstractDOMCachingXMLObject(src) {
                 setNamespace(src.getNamespace());
             }
             
@@ -612,7 +583,6 @@ namespace opensaml {
         class SAML_DLLLOCAL EvidenceImpl : public virtual Evidence,
             public AbstractComplexElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -623,10 +593,7 @@ namespace opensaml {
                 : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
             }
                 
-            EvidenceImpl(const EvidenceImpl& src)
-                    : AbstractXMLObject(src),
-                        AbstractDOMCachingXMLObject(src),
-                        AbstractValidatingXMLObject(src) {
+            EvidenceImpl(const EvidenceImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
     
                 for (list<XMLObject*>::const_iterator i=src.m_children.begin(); i!=src.m_children.end(); i++) {
                     if (*i) {
@@ -730,7 +697,6 @@ namespace opensaml {
         class SAML_DLLLOCAL AttributeDesignatorImpl : public virtual AttributeDesignator,
             public AbstractChildlessElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -745,8 +711,7 @@ namespace opensaml {
                 init();
             }
                 
-            AttributeDesignatorImpl(const AttributeDesignatorImpl& src)
-                    : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src), AbstractValidatingXMLObject(src) {
+            AttributeDesignatorImpl(const AttributeDesignatorImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 setAttributeName(src.getAttributeName());
                 setAttributeNamespace(src.getAttributeNamespace());
@@ -775,7 +740,6 @@ namespace opensaml {
         class SAML_DLLLOCAL AttributeImpl : public virtual Attribute,
             public AbstractComplexElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -790,8 +754,7 @@ namespace opensaml {
                 init();
             }
                 
-            AttributeImpl(const AttributeImpl& src)
-                    : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src), AbstractValidatingXMLObject(src) {
+            AttributeImpl(const AttributeImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 setAttributeName(src.getAttributeName());
                 setAttributeNamespace(src.getAttributeNamespace());
@@ -831,8 +794,7 @@ namespace opensaml {
             }
         };
 
-        class SAML_DLLLOCAL AttributeValueImpl
-            : public virtual AttributeValue, public AnyElementImpl, public AbstractValidatingXMLObject
+        class SAML_DLLLOCAL AttributeValueImpl : public virtual AttributeValue, public AnyElementImpl
         {
         public:
             virtual ~AttributeValueImpl() {}
@@ -841,7 +803,7 @@ namespace opensaml {
                 : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
             }
                 
-            AttributeValueImpl(const AttributeValueImpl& src) : AnyElementImpl(src), AbstractValidatingXMLObject(src) {}
+            AttributeValueImpl(const AttributeValueImpl& src) : AnyElementImpl(src) {}
             
             IMPL_XMLOBJECT_CLONE(AttributeValue);
         };
@@ -884,7 +846,6 @@ namespace opensaml {
         class SAML_DLLLOCAL AdviceImpl : public virtual Advice,
             public AbstractComplexElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -895,10 +856,7 @@ namespace opensaml {
                 : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
             }
                 
-            AdviceImpl(const AdviceImpl& src)
-                    : AbstractXMLObject(src),
-                        AbstractDOMCachingXMLObject(src),
-                        AbstractValidatingXMLObject(src) {
+            AdviceImpl(const AdviceImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
     
                 for (list<XMLObject*>::const_iterator i=src.m_children.begin(); i!=src.m_children.end(); i++) {
                     if (*i) {
@@ -943,7 +901,6 @@ namespace opensaml {
         class SAML_DLLLOCAL AssertionImpl : public virtual Assertion,
             public AbstractComplexElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -977,10 +934,7 @@ namespace opensaml {
                 init();
             }
                 
-            AssertionImpl(const AssertionImpl& src)                     
-                : AbstractXMLObject(src),
-                    AbstractDOMCachingXMLObject(src),
-                    AbstractValidatingXMLObject(src) {
+            AssertionImpl(const AssertionImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 setMinorVersion(src.m_MinorVersion);
                 setAssertionID(src.getAssertionID());
diff --git a/saml/saml1/core/impl/ProtocolsImpl.cpp b/saml/saml1/core/impl/ProtocolsImpl.cpp
index ee6969b..f5e65a9 100644
--- a/saml/saml1/core/impl/ProtocolsImpl.cpp
+++ b/saml/saml1/core/impl/ProtocolsImpl.cpp
@@ -32,7 +32,6 @@
 #include <xmltooling/io/AbstractXMLObjectMarshaller.h>
 #include <xmltooling/io/AbstractXMLObjectUnmarshaller.h>
 #include <xmltooling/util/XMLHelper.h>
-#include <xmltooling/validation/AbstractValidatingXMLObject.h>
 
 #include <ctime>
 #include <xercesc/util/XMLUniDefs.hpp>
@@ -59,7 +58,6 @@ namespace opensaml {
             protected AbstractSimpleElement,
             public AbstractChildlessElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -74,10 +72,7 @@ namespace opensaml {
             }
                 
             RespondWithImpl(const RespondWithImpl& src)
-                    : AbstractXMLObject(src),
-                        AbstractSimpleElement(src),
-                        AbstractDOMCachingXMLObject(src),
-                        AbstractValidatingXMLObject(src), m_qname(NULL) {
+                    : AbstractXMLObject(src), AbstractSimpleElement(src), AbstractDOMCachingXMLObject(src), m_qname(NULL) {
                 setQName(src.getQName());
             }
             
@@ -102,7 +97,6 @@ namespace opensaml {
         class SAML_DLLLOCAL SubjectQueryImpl : public virtual SubjectQuery,
             public AbstractComplexElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -123,10 +117,7 @@ namespace opensaml {
                 init();
             }
                 
-            SubjectQueryImpl(const SubjectQueryImpl& src)
-                    : AbstractXMLObject(src),
-                        AbstractDOMCachingXMLObject(src),
-                        AbstractValidatingXMLObject(src) {
+            SubjectQueryImpl(const SubjectQueryImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 if (src.getSubject())
                     setSubject(src.getSubject()->cloneSubject());
@@ -156,8 +147,7 @@ namespace opensaml {
                 init();
             }
                 
-            AuthenticationQueryImpl(const AuthenticationQueryImpl& src)
-                    : AbstractXMLObject(src), SubjectQueryImpl(src) {
+            AuthenticationQueryImpl(const AuthenticationQueryImpl& src) : AbstractXMLObject(src), SubjectQueryImpl(src) {
                 init();
                 setAuthenticationMethod(src.getAuthenticationMethod());
             }
@@ -198,8 +188,7 @@ namespace opensaml {
                 init();
             }
                 
-            AttributeQueryImpl(const AttributeQueryImpl& src)
-                    : AbstractXMLObject(src), SubjectQueryImpl(src) {
+            AttributeQueryImpl(const AttributeQueryImpl& src) : AbstractXMLObject(src), SubjectQueryImpl(src) {
                 init();
                 setResource(src.getResource());
                 VectorOf(AttributeDesignator) v=getAttributeDesignators();
@@ -256,8 +245,7 @@ namespace opensaml {
                 init();
             }
                 
-            AuthorizationDecisionQueryImpl(const AuthorizationDecisionQueryImpl& src)
-                    : AbstractXMLObject(src), SubjectQueryImpl(src) {
+            AuthorizationDecisionQueryImpl(const AuthorizationDecisionQueryImpl& src) : AbstractXMLObject(src), SubjectQueryImpl(src) {
                 init();
                 setResource(src.getResource());
                 if (src.getEvidence())
@@ -302,7 +290,6 @@ namespace opensaml {
         class SAML_DLLLOCAL RequestAbstractTypeImpl : public virtual RequestAbstractType,
             public AbstractComplexElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -330,10 +317,7 @@ namespace opensaml {
                 init();
             }
                 
-            RequestAbstractTypeImpl(const RequestAbstractTypeImpl& src)
-                    : AbstractXMLObject(src),
-                        AbstractDOMCachingXMLObject(src),
-                        AbstractValidatingXMLObject(src) {
+            RequestAbstractTypeImpl(const RequestAbstractTypeImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 setMinorVersion(src.m_MinorVersion);
                 setRequestID(src.getRequestID());
@@ -426,8 +410,7 @@ namespace opensaml {
                 init();
             }
                 
-            RequestImpl(const RequestImpl& src)
-                    : AbstractXMLObject(src), RequestAbstractTypeImpl(src) {
+            RequestImpl(const RequestImpl& src) : AbstractXMLObject(src), RequestAbstractTypeImpl(src) {
                 init();
                 if (src.getQuery())
                     setQuery(src.getQuery()->cloneQuery());
@@ -492,7 +475,6 @@ namespace opensaml {
         class SAML_DLLLOCAL StatusCodeImpl : public virtual StatusCode,
             public AbstractComplexElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -512,8 +494,7 @@ namespace opensaml {
                 init();
             }
                 
-            StatusCodeImpl(const StatusCodeImpl& src)
-                    : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src), AbstractValidatingXMLObject(src) {
+            StatusCodeImpl(const StatusCodeImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 setValue(src.getValue());
                 if (src.getStatusCode())
@@ -542,7 +523,6 @@ namespace opensaml {
         class SAML_DLLLOCAL StatusDetailImpl : public virtual StatusDetail,
             public AbstractComplexElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -553,8 +533,7 @@ namespace opensaml {
                 : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
             }
                 
-            StatusDetailImpl(const StatusDetailImpl& src)
-                    : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src), AbstractValidatingXMLObject(src) {
+            StatusDetailImpl(const StatusDetailImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 VectorOf(XMLObject) v=getDetails();
                 for (vector<XMLObject*>::const_iterator i=src.m_Details.begin(); i!=src.m_Details.end(); i++) {
                     if (*i) {
@@ -575,7 +554,6 @@ namespace opensaml {
         class SAML_DLLLOCAL StatusImpl : public virtual Status,
             public AbstractComplexElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -600,8 +578,7 @@ namespace opensaml {
                 init();
             }
                 
-            StatusImpl(const StatusImpl& src)
-                    : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src), AbstractValidatingXMLObject(src) {
+            StatusImpl(const StatusImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 if (src.getStatusCode())
                     setStatusCode(src.getStatusCode()->cloneStatusCode());
@@ -628,7 +605,6 @@ namespace opensaml {
         class SAML_DLLLOCAL ResponseAbstractTypeImpl : public virtual ResponseAbstractType,
             public AbstractComplexElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -660,10 +636,7 @@ namespace opensaml {
                 init();
             }
                 
-            ResponseAbstractTypeImpl(const ResponseAbstractTypeImpl& src)
-                    : AbstractXMLObject(src),
-                        AbstractDOMCachingXMLObject(src),
-                        AbstractValidatingXMLObject(src) {
+            ResponseAbstractTypeImpl(const ResponseAbstractTypeImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 setMinorVersion(src.m_MinorVersion);
                 setResponseID(src.getResponseID());
@@ -756,8 +729,7 @@ namespace opensaml {
                 init();
             }
                 
-            ResponseImpl(const ResponseImpl& src)
-                    : AbstractXMLObject(src), ResponseAbstractTypeImpl(src) {
+            ResponseImpl(const ResponseImpl& src) : AbstractXMLObject(src), ResponseAbstractTypeImpl(src) {
                 init();
                 if (src.getStatus())
                     setStatus(src.getStatus()->cloneStatus());
diff --git a/saml/saml2/core/Assertions.h b/saml/saml2/core/Assertions.h
index 0272bd7..d408c80 100644
--- a/saml/saml2/core/Assertions.h
+++ b/saml/saml2/core/Assertions.h
@@ -34,7 +34,6 @@
 #include <xmltooling/signature/KeyResolver.h>
 #include <xmltooling/signature/Signature.h>
 #include <xmltooling/util/DateTime.h>
-#include <xmltooling/validation/ValidatingXMLObject.h>
 #include <xmltooling/validation/ValidatorSuite.h>
 
 #define DECL_SAML2OBJECTBUILDER(cname) \
diff --git a/saml/saml2/core/impl/Assertions20Impl.cpp b/saml/saml2/core/impl/Assertions20Impl.cpp
index 9bf85e2..b4ca59a 100644
--- a/saml/saml2/core/impl/Assertions20Impl.cpp
+++ b/saml/saml2/core/impl/Assertions20Impl.cpp
@@ -34,7 +34,6 @@
 #include <xmltooling/io/AbstractXMLObjectMarshaller.h>
 #include <xmltooling/io/AbstractXMLObjectUnmarshaller.h>
 #include <xmltooling/util/XMLHelper.h>
-#include <xmltooling/validation/AbstractValidatingXMLObject.h>
 
 #include <ctime>
 #include <xercesc/util/XMLUniDefs.hpp>
@@ -65,7 +64,6 @@ namespace opensaml {
             public AbstractSimpleElement,
             public AbstractChildlessElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -92,8 +90,7 @@ namespace opensaml {
             }
                 
             NameIDTypeImpl(const NameIDTypeImpl& src)
-                    : AbstractXMLObject(src), AbstractSimpleElement(src),
-                        AbstractDOMCachingXMLObject(src), AbstractValidatingXMLObject(src) {
+                    : AbstractXMLObject(src), AbstractSimpleElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 setNameQualifier(src.getNameQualifier());
                 setSPNameQualifier(src.getSPNameQualifier());
@@ -160,7 +157,6 @@ namespace opensaml {
         class SAML_DLLLOCAL EncryptedElementTypeImpl : public virtual EncryptedElementType,
             public AbstractComplexElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -184,7 +180,7 @@ namespace opensaml {
             }
                 
             EncryptedElementTypeImpl(const EncryptedElementTypeImpl& src)
-                    : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src), AbstractValidatingXMLObject(src) {
+                    : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 if (src.getEncryptedData())
                     setEncryptedData(src.getEncryptedData()->cloneEncryptedData());
@@ -245,7 +241,6 @@ namespace opensaml {
         class SAML_DLLLOCAL AudienceRestrictionImpl : public virtual AudienceRestriction,
             public AbstractComplexElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -256,8 +251,7 @@ namespace opensaml {
                 : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
             }
                 
-            AudienceRestrictionImpl(const AudienceRestrictionImpl& src)
-                    : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src), AbstractValidatingXMLObject(src) {
+            AudienceRestrictionImpl(const AudienceRestrictionImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 VectorOf(Audience) v=getAudiences();
                 for (vector<Audience*>::const_iterator i=src.m_Audiences.begin(); i!=src.m_Audiences.end(); i++) {
                     if (*i) {
@@ -282,7 +276,6 @@ namespace opensaml {
         class SAML_DLLLOCAL OneTimeUseImpl : public virtual OneTimeUse,
             public AbstractChildlessElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -293,8 +286,7 @@ namespace opensaml {
                 : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
             }
                 
-            OneTimeUseImpl(const OneTimeUseImpl& src)
-                    : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src), AbstractValidatingXMLObject(src) {
+            OneTimeUseImpl(const OneTimeUseImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
             }
             
             IMPL_XMLOBJECT_CLONE(OneTimeUse);
@@ -306,7 +298,6 @@ namespace opensaml {
         class SAML_DLLLOCAL ProxyRestrictionImpl : public virtual ProxyRestriction,
             public AbstractComplexElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -320,8 +311,7 @@ namespace opensaml {
                 m_Count=NULL;
             }
                 
-            ProxyRestrictionImpl(const ProxyRestrictionImpl& src)
-                    : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src), AbstractValidatingXMLObject(src) {
+            ProxyRestrictionImpl(const ProxyRestrictionImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 setCount(src.m_Count);
                 VectorOf(Audience) v=getAudiences();
                 for (vector<Audience*>::const_iterator i=src.m_Audiences.begin(); i!=src.m_Audiences.end(); i++) {
@@ -358,7 +348,6 @@ namespace opensaml {
         class SAML_DLLLOCAL ConditionsImpl : public virtual Conditions,
             public AbstractComplexElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -376,8 +365,7 @@ namespace opensaml {
                 init();
             }
                 
-            ConditionsImpl(const ConditionsImpl& src)
-                    : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src), AbstractValidatingXMLObject(src) {
+            ConditionsImpl(const ConditionsImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 setNotBefore(src.getNotBefore());
                 setNotOnOrAfter(src.getNotOnOrAfter());
@@ -440,8 +428,7 @@ namespace opensaml {
             }
         };
 
-        class SAML_DLLLOCAL SubjectConfirmationDataImpl
-            : public virtual SubjectConfirmationData, public AnyElementImpl, public AbstractValidatingXMLObject
+        class SAML_DLLLOCAL SubjectConfirmationDataImpl : public virtual SubjectConfirmationData, public AnyElementImpl
         {
             void init() {
                 m_NotBefore=m_NotOnOrAfter=NULL;
@@ -461,8 +448,7 @@ namespace opensaml {
                 init();
             }
                 
-            SubjectConfirmationDataImpl(const SubjectConfirmationDataImpl& src)
-                    : AnyElementImpl(src), AbstractValidatingXMLObject(src) {
+            SubjectConfirmationDataImpl(const SubjectConfirmationDataImpl& src) : AnyElementImpl(src) {
                 init();
                 setNotBefore(src.getNotBefore());
                 setNotOnOrAfter(src.getNotOnOrAfter());
@@ -519,12 +505,11 @@ namespace opensaml {
         };
 
         class SAML_DLLLOCAL KeyInfoConfirmationDataTypeImpl : public virtual KeyInfoConfirmationDataType,
-                public AbstractDOMCachingXMLObject,
                 public AbstractComplexElement,
                 public AbstractAttributeExtensibleXMLObject,
+                public AbstractDOMCachingXMLObject,
                 public AbstractXMLObjectMarshaller,
-                public AbstractXMLObjectUnmarshaller,
-                public AbstractValidatingXMLObject
+                public AbstractXMLObjectUnmarshaller
         {
             void init() {
                 m_NotBefore=m_NotOnOrAfter=NULL;
@@ -545,10 +530,7 @@ namespace opensaml {
             }
                 
             KeyInfoConfirmationDataTypeImpl(const KeyInfoConfirmationDataTypeImpl& src)
-                    : AbstractXMLObject(src),
-                        AbstractDOMCachingXMLObject(src),
-                        AbstractAttributeExtensibleXMLObject(src),
-                        AbstractValidatingXMLObject(src) {
+                    : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src), AbstractAttributeExtensibleXMLObject(src) {
                 init();
                 setNotBefore(src.getNotBefore());
                 setNotOnOrAfter(src.getNotOnOrAfter());
@@ -630,7 +612,6 @@ namespace opensaml {
         class SAML_DLLLOCAL SubjectConfirmationImpl : public virtual SubjectConfirmation,
             public AbstractComplexElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -663,10 +644,7 @@ namespace opensaml {
                 init();
             }
                 
-            SubjectConfirmationImpl(const SubjectConfirmationImpl& src)
-                    : AbstractXMLObject(src),
-                        AbstractDOMCachingXMLObject(src),
-                        AbstractValidatingXMLObject(src) {
+            SubjectConfirmationImpl(const SubjectConfirmationImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 setMethod(src.getMethod());
                 if (src.getBaseID())
@@ -712,7 +690,6 @@ namespace opensaml {
         class SAML_DLLLOCAL SubjectImpl : public virtual Subject,
             public AbstractComplexElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -737,10 +714,7 @@ namespace opensaml {
                 init();
             }
                 
-            SubjectImpl(const SubjectImpl& src)
-                    : AbstractXMLObject(src),
-                        AbstractDOMCachingXMLObject(src),
-                        AbstractValidatingXMLObject(src) {
+            SubjectImpl(const SubjectImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 if (src.getBaseID())
                     setBaseID(src.getBaseID()->cloneBaseID());
@@ -775,7 +749,6 @@ namespace opensaml {
         class SAML_DLLLOCAL SubjectLocalityImpl : public virtual SubjectLocality,
             public AbstractChildlessElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -793,8 +766,7 @@ namespace opensaml {
                 init();
             }
                 
-            SubjectLocalityImpl(const SubjectLocalityImpl& src)
-                    : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src), AbstractValidatingXMLObject(src) {
+            SubjectLocalityImpl(const SubjectLocalityImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 setAddress(src.getAddress());
                 setDNSName(src.getDNSName());
@@ -817,8 +789,7 @@ namespace opensaml {
             }
         };
 
-        class SAML_DLLLOCAL AuthnContextDeclImpl
-            : public virtual AuthnContextDecl, public AnyElementImpl, public AbstractValidatingXMLObject
+        class SAML_DLLLOCAL AuthnContextDeclImpl : public virtual AuthnContextDecl, public AnyElementImpl
         {
         public:
             virtual ~AuthnContextDeclImpl() {}
@@ -827,7 +798,8 @@ namespace opensaml {
                 : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
             }
                 
-            AuthnContextDeclImpl(const AuthnContextDeclImpl& src) : AnyElementImpl(src), AbstractValidatingXMLObject(src) {}
+            AuthnContextDeclImpl(const AuthnContextDeclImpl& src) : AnyElementImpl(src) {
+            }
             
             IMPL_XMLOBJECT_CLONE(AuthnContextDecl);
         };
@@ -835,7 +807,6 @@ namespace opensaml {
         class SAML_DLLLOCAL AuthnContextImpl : public virtual AuthnContext,
             public AbstractComplexElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -860,10 +831,7 @@ namespace opensaml {
                 init();
             }
                 
-            AuthnContextImpl(const AuthnContextImpl& src)
-                    : AbstractXMLObject(src),
-                        AbstractDOMCachingXMLObject(src),
-                        AbstractValidatingXMLObject(src) {
+            AuthnContextImpl(const AuthnContextImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 if (src.getAuthnContextClassRef())
                     setAuthnContextClassRef(src.getAuthnContextClassRef()->cloneAuthnContextClassRef());
@@ -898,7 +866,6 @@ namespace opensaml {
         class SAML_DLLLOCAL AuthnStatementImpl : public virtual AuthnStatement,
             public AbstractComplexElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -926,10 +893,7 @@ namespace opensaml {
                 init();
             }
                 
-            AuthnStatementImpl(const AuthnStatementImpl& src)
-                    : AbstractXMLObject(src),
-                        AbstractDOMCachingXMLObject(src),
-                        AbstractValidatingXMLObject(src) {
+            AuthnStatementImpl(const AuthnStatementImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 setAuthnInstant(src.getAuthnInstant());
                 setSessionIndex(src.getSessionIndex());
@@ -975,7 +939,6 @@ namespace opensaml {
             public AbstractSimpleElement,
             public AbstractChildlessElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -988,10 +951,8 @@ namespace opensaml {
                     : AbstractXMLObject(nsURI, localName, prefix, schemaType), m_Namespace(NULL) {
             }
                 
-            ActionImpl(const ActionImpl& src) : AbstractXMLObject(src),
-                    AbstractSimpleElement(src),
-                    AbstractDOMCachingXMLObject(src),
-                    AbstractValidatingXMLObject(src) {
+            ActionImpl(const ActionImpl& src)
+                    : AbstractXMLObject(src), AbstractSimpleElement(src), AbstractDOMCachingXMLObject(src) {
                 setNamespace(src.getNamespace());
             }
             
@@ -1013,7 +974,6 @@ namespace opensaml {
         class SAML_DLLLOCAL EvidenceImpl : public virtual Evidence,
             public AbstractComplexElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -1024,10 +984,7 @@ namespace opensaml {
                 : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
             }
                 
-            EvidenceImpl(const EvidenceImpl& src)
-                    : AbstractXMLObject(src),
-                        AbstractDOMCachingXMLObject(src),
-                        AbstractValidatingXMLObject(src) {
+            EvidenceImpl(const EvidenceImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 for (list<XMLObject*>::const_iterator i=src.m_children.begin(); i!=src.m_children.end(); i++) {
                     if (*i) {
                         AssertionIDRef* ref=dynamic_cast<AssertionIDRef*>(*i);
@@ -1076,7 +1033,6 @@ namespace opensaml {
         class SAML_DLLLOCAL AuthzDecisionStatementImpl : public virtual AuthzDecisionStatement,
             public AbstractComplexElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -1099,9 +1055,7 @@ namespace opensaml {
             }
                 
             AuthzDecisionStatementImpl(const AuthzDecisionStatementImpl& src)
-                    : AbstractXMLObject(src),
-                        AbstractDOMCachingXMLObject(src),
-                        AbstractValidatingXMLObject(src) {
+                    : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 setResource(src.getResource());
                 setDecision(src.getDecision());
@@ -1143,8 +1097,7 @@ namespace opensaml {
             }
         };
 
-        class SAML_DLLLOCAL AttributeValueImpl
-            : public virtual AttributeValue, public AnyElementImpl, public AbstractValidatingXMLObject
+        class SAML_DLLLOCAL AttributeValueImpl : public virtual AttributeValue, public AnyElementImpl
         {
         public:
             virtual ~AttributeValueImpl() {}
@@ -1153,7 +1106,8 @@ namespace opensaml {
                 : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
             }
                 
-            AttributeValueImpl(const AttributeValueImpl& src) : AnyElementImpl(src), AbstractValidatingXMLObject(src) {}
+            AttributeValueImpl(const AttributeValueImpl& src) : AnyElementImpl(src) {
+            }
             
             IMPL_XMLOBJECT_CLONE(AttributeValue);
         };
@@ -1163,7 +1117,6 @@ namespace opensaml {
             public AbstractComplexElement,
             public AbstractAttributeExtensibleXMLObject,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -1183,10 +1136,7 @@ namespace opensaml {
             }
                 
             AttributeImpl(const AttributeImpl& src)
-                    : AbstractXMLObject(src),
-                        AbstractAttributeExtensibleXMLObject(src),
-                        AbstractDOMCachingXMLObject(src),
-                        AbstractValidatingXMLObject(src) {
+                    : AbstractXMLObject(src), AbstractAttributeExtensibleXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 setName(src.getName());
                 setNameFormat(src.getNameFormat());
@@ -1268,7 +1218,6 @@ namespace opensaml {
         class SAML_DLLLOCAL AttributeStatementImpl : public virtual AttributeStatement,
             public AbstractComplexElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -1279,10 +1228,7 @@ namespace opensaml {
                 : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
             }
                 
-            AttributeStatementImpl(const AttributeStatementImpl& src)
-                    : AbstractXMLObject(src),
-                        AbstractDOMCachingXMLObject(src),
-                        AbstractValidatingXMLObject(src) {
+            AttributeStatementImpl(const AttributeStatementImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 for (list<XMLObject*>::const_iterator i=src.m_children.begin(); i!=src.m_children.end(); i++) {
                     if (*i) {
                         Attribute* attribute=dynamic_cast<Attribute*>(*i);
@@ -1318,7 +1264,6 @@ namespace opensaml {
         class SAML_DLLLOCAL AdviceImpl : public virtual Advice,
             public AbstractComplexElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -1329,10 +1274,7 @@ namespace opensaml {
                 : AbstractXMLObject(nsURI, localName, prefix, schemaType) {
             }
                 
-            AdviceImpl(const AdviceImpl& src)
-                    : AbstractXMLObject(src),
-                        AbstractDOMCachingXMLObject(src),
-                        AbstractValidatingXMLObject(src) {
+            AdviceImpl(const AdviceImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 for (list<XMLObject*>::const_iterator i=src.m_children.begin(); i!=src.m_children.end(); i++) {
                     if (*i) {
                         AssertionIDRef* ref=dynamic_cast<AssertionIDRef*>(*i);
@@ -1408,7 +1350,6 @@ namespace opensaml {
         class SAML_DLLLOCAL AssertionImpl : public virtual Assertion,
             public AbstractComplexElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -1448,10 +1389,7 @@ namespace opensaml {
                 init();
             }
                 
-            AssertionImpl(const AssertionImpl& src)                     
-                : AbstractXMLObject(src),
-                    AbstractDOMCachingXMLObject(src),
-                    AbstractValidatingXMLObject(src) {
+            AssertionImpl(const AssertionImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 setVersion(src.getVersion());
                 setID(src.getID());
diff --git a/saml/saml2/core/impl/Protocols20Impl.cpp b/saml/saml2/core/impl/Protocols20Impl.cpp
index ea2cb01..c471d59 100644
--- a/saml/saml2/core/impl/Protocols20Impl.cpp
+++ b/saml/saml2/core/impl/Protocols20Impl.cpp
@@ -34,7 +34,6 @@
 #include <xmltooling/io/AbstractXMLObjectMarshaller.h>
 #include <xmltooling/io/AbstractXMLObjectUnmarshaller.h>
 #include <xmltooling/util/XMLHelper.h>
-#include <xmltooling/validation/AbstractValidatingXMLObject.h>
 
 #include <ctime>
 #include <xercesc/util/XMLUniDefs.hpp>
@@ -65,11 +64,10 @@ namespace opensaml {
 
         //TODO need unit test for this, using objects from another namespace
         class SAML_DLLLOCAL ExtensionsImpl : public virtual Extensions,
-                                             public AbstractDOMCachingXMLObject,
-                                             public AbstractElementProxy,
-                                             public AbstractValidatingXMLObject,
-                                             public AbstractXMLObjectMarshaller,
-                                             public AbstractXMLObjectUnmarshaller
+             public AbstractElementProxy,
+             public AbstractDOMCachingXMLObject,
+             public AbstractXMLObjectMarshaller,
+             public AbstractXMLObjectUnmarshaller
         {
         public:
             virtual ~ExtensionsImpl() {}
@@ -79,8 +77,7 @@ namespace opensaml {
             }
                 
             ExtensionsImpl(const ExtensionsImpl& src)
-                    : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src), AbstractElementProxy(src),
-                        AbstractValidatingXMLObject(src) {
+                    : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src), AbstractElementProxy(src) {
                 for (list<XMLObject*>::const_iterator i=src.m_children.begin(); i!=src.m_children.end(); i++) {
                     if (*i) {
                         getXMLObjects().push_back((*i)->clone());
@@ -104,11 +101,10 @@ namespace opensaml {
         };
 
         class SAML_DLLLOCAL StatusCodeImpl : public virtual StatusCode,
-                                             public AbstractComplexElement,
-                                             public AbstractDOMCachingXMLObject,
-                                             public AbstractValidatingXMLObject,
-                                             public AbstractXMLObjectMarshaller,
-                                             public AbstractXMLObjectUnmarshaller
+             public AbstractComplexElement,
+             public AbstractDOMCachingXMLObject,
+             public AbstractXMLObjectMarshaller,
+             public AbstractXMLObjectUnmarshaller
         {
             void init() {
                 m_Value=NULL;
@@ -125,10 +121,7 @@ namespace opensaml {
                         init();
                 }
 
-                StatusCodeImpl(const StatusCodeImpl& src) : AbstractXMLObject(src),
-                                                            AbstractDOMCachingXMLObject(src),
-                                                            AbstractValidatingXMLObject(src)
-                {
+                StatusCodeImpl(const StatusCodeImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                     init();
                     setValue(src.getValue());
                     if (src.getStatusCode())
@@ -157,11 +150,10 @@ namespace opensaml {
 
         //TODO need unit tests for non-SAML namespace children
         class SAML_DLLLOCAL StatusDetailImpl : public virtual StatusDetail,
-                                               public AbstractComplexElement,
-                                               public AbstractDOMCachingXMLObject,
-                                               public AbstractValidatingXMLObject,
-                                               public AbstractXMLObjectMarshaller,
-                                               public AbstractXMLObjectUnmarshaller
+            public AbstractComplexElement,
+            public AbstractDOMCachingXMLObject,
+            public AbstractXMLObjectMarshaller,
+            public AbstractXMLObjectUnmarshaller
         {
             public:
                 virtual ~StatusDetailImpl() {}
@@ -169,10 +161,7 @@ namespace opensaml {
                 StatusDetailImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const QName* schemaType)
                     : AbstractXMLObject(nsURI, localName, prefix, schemaType) { }
 
-                StatusDetailImpl(const StatusDetailImpl& src) : AbstractXMLObject(src),
-                                                                AbstractDOMCachingXMLObject(src),
-                                                                AbstractValidatingXMLObject(src)
-                {
+                StatusDetailImpl(const StatusDetailImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                         VectorOf(XMLObject) v=getDetails();
                         for (vector<XMLObject*>::const_iterator i=src.m_Details.begin(); i!=src.m_Details.end(); i++) {
                             if (*i) {
@@ -193,11 +182,10 @@ namespace opensaml {
 
 
         class SAML_DLLLOCAL StatusImpl : public virtual Status,
-                                         public AbstractComplexElement,
-                                         public AbstractDOMCachingXMLObject,
-                                         public AbstractValidatingXMLObject,
-                                         public AbstractXMLObjectMarshaller,
-                                         public AbstractXMLObjectUnmarshaller
+             public AbstractComplexElement,
+             public AbstractDOMCachingXMLObject,
+             public AbstractXMLObjectMarshaller,
+             public AbstractXMLObjectUnmarshaller
         {
             void init() {
                 m_StatusCode=NULL;
@@ -221,10 +209,7 @@ namespace opensaml {
                     init();
             }
                 
-            StatusImpl(const StatusImpl& src) : AbstractXMLObject(src),
-                                                AbstractDOMCachingXMLObject(src),
-                                                AbstractValidatingXMLObject(src)
-            {
+            StatusImpl(const StatusImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 if (src.getStatusCode())
                     setStatusCode(src.getStatusCode()->cloneStatusCode());
@@ -252,11 +237,10 @@ namespace opensaml {
 
 
         class SAML_DLLLOCAL RequestImpl : public virtual Request,
-                                          public AbstractComplexElement,
-                                          public AbstractDOMCachingXMLObject,
-                                          public AbstractValidatingXMLObject,
-                                          public AbstractXMLObjectMarshaller,
-                                          public AbstractXMLObjectUnmarshaller
+            public AbstractComplexElement,
+            public AbstractDOMCachingXMLObject,
+            public AbstractXMLObjectMarshaller,
+            public AbstractXMLObjectUnmarshaller
         {
             void init() {
                 m_ID=NULL;
@@ -295,10 +279,7 @@ namespace opensaml {
                 init();
             }
                 
-            RequestImpl(const RequestImpl& src) : AbstractXMLObject(src),
-                                                  AbstractDOMCachingXMLObject(src),
-                                                  AbstractValidatingXMLObject(src)
-            {
+            RequestImpl(const RequestImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 setID(src.getID());
                 setVersion(src.getVersion());
@@ -387,9 +368,7 @@ namespace opensaml {
             AssertionIDRequestImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const QName* schemaType)
                 : AbstractXMLObject(nsURI, localName, prefix, schemaType) { }
                 
-            AssertionIDRequestImpl(const AssertionIDRequestImpl& src) : AbstractXMLObject(src),
-                                                                        RequestImpl(src)
-            {
+            AssertionIDRequestImpl(const AssertionIDRequestImpl& src) : AbstractXMLObject(src), RequestImpl(src) {
                 VectorOf(AssertionIDRef) v=getAssertionIDRefs();
                 for (vector<AssertionIDRef*>::const_iterator i=src.m_AssertionIDRefs.begin(); i!=src.m_AssertionIDRefs.end(); i++) {
                     if (*i) {                               
@@ -431,9 +410,7 @@ namespace opensaml {
                 init();
             }
                 
-            SubjectQueryImpl(const SubjectQueryImpl& src) : AbstractXMLObject(src),
-                                                            RequestImpl(src)
-            {
+            SubjectQueryImpl(const SubjectQueryImpl& src) : AbstractXMLObject(src), RequestImpl(src) {
                 init();
                 if (src.getSubject())
                     setSubject(src.getSubject()->cloneSubject());
@@ -451,11 +428,10 @@ namespace opensaml {
 
 
         class SAML_DLLLOCAL RequestedAuthnContextImpl : public virtual RequestedAuthnContext,
-                                                        public AbstractComplexElement,
-                                                        public AbstractDOMCachingXMLObject,
-                                                        public AbstractValidatingXMLObject,
-                                                        public AbstractXMLObjectMarshaller,
-                                                        public AbstractXMLObjectUnmarshaller
+            public AbstractComplexElement,
+            public AbstractDOMCachingXMLObject,
+            public AbstractXMLObjectMarshaller,
+            public AbstractXMLObjectUnmarshaller
         {
             void init() {
                 m_Comparison=NULL;
@@ -471,10 +447,7 @@ namespace opensaml {
                 init();
             }
                 
-            RequestedAuthnContextImpl(const RequestedAuthnContextImpl& src) : AbstractXMLObject(src),
-                                                                              AbstractDOMCachingXMLObject(src),
-                                                                              AbstractValidatingXMLObject(src)
-            {
+            RequestedAuthnContextImpl(const RequestedAuthnContextImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 setComparison(src.getComparison());
                 for (list<XMLObject*>::const_iterator i=src.m_children.begin(); i!=src.m_children.end(); i++) {
@@ -538,9 +511,7 @@ namespace opensaml {
                 init();
             }
                 
-            AuthnQueryImpl(const AuthnQueryImpl& src) : AbstractXMLObject(src),
-                                                        SubjectQueryImpl(src)
-            {
+            AuthnQueryImpl(const AuthnQueryImpl& src) : AbstractXMLObject(src), SubjectQueryImpl(src) {
                 init();
                 setSessionIndex(src.getSessionIndex());
                 if (src.getRequestedAuthnContext())
@@ -575,9 +546,7 @@ namespace opensaml {
             AttributeQueryImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const QName* schemaType)
                 : AbstractXMLObject(nsURI, localName, prefix, schemaType) { }
                 
-            AttributeQueryImpl(const AttributeQueryImpl& src) : AbstractXMLObject(src),
-                                                                SubjectQueryImpl(src)
-            {
+            AttributeQueryImpl(const AttributeQueryImpl& src) : AbstractXMLObject(src), SubjectQueryImpl(src) {
                 for (list<XMLObject*>::const_iterator i=src.m_children.begin(); i!=src.m_children.end(); i++) {
                     if (*i) {
                         Attribute* attrib=dynamic_cast<Attribute*>(*i);
@@ -621,9 +590,7 @@ namespace opensaml {
                 init();
             }
                 
-            AuthzDecisionQueryImpl(const AuthzDecisionQueryImpl& src) : AbstractXMLObject(src),
-                                                        SubjectQueryImpl(src)
-            {
+            AuthzDecisionQueryImpl(const AuthzDecisionQueryImpl& src) : AbstractXMLObject(src), SubjectQueryImpl(src) {
                 init();
                 setResource(src.getResource());
                 if (src.getEvidence())
@@ -662,11 +629,10 @@ namespace opensaml {
         };
 
         class SAML_DLLLOCAL NameIDPolicyImpl : public virtual NameIDPolicy,
-                                               public AbstractChildlessElement,
-                                               public AbstractDOMCachingXMLObject,
-                                               public AbstractValidatingXMLObject,
-                                               public AbstractXMLObjectMarshaller,
-                                               public AbstractXMLObjectUnmarshaller
+            public AbstractChildlessElement,
+            public AbstractDOMCachingXMLObject,
+            public AbstractXMLObjectMarshaller,
+            public AbstractXMLObjectUnmarshaller
         {
             void init() {
                 m_Format=NULL;
@@ -686,10 +652,7 @@ namespace opensaml {
                         init();
                 }
 
-                NameIDPolicyImpl(const NameIDPolicyImpl& src) : AbstractXMLObject(src),
-                                                                AbstractDOMCachingXMLObject(src),
-                                                                AbstractValidatingXMLObject(src)
-                {
+                NameIDPolicyImpl(const NameIDPolicyImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                     init();
                     setFormat(src.getFormat());
                     setSPNameQualifier(src.getSPNameQualifier());
@@ -717,11 +680,10 @@ namespace opensaml {
         };
 
         class SAML_DLLLOCAL IDPEntryImpl : public virtual IDPEntry,
-                                           public AbstractChildlessElement,
-                                           public AbstractDOMCachingXMLObject,
-                                           public AbstractValidatingXMLObject,
-                                           public AbstractXMLObjectMarshaller,
-                                           public AbstractXMLObjectUnmarshaller
+            public AbstractChildlessElement,
+            public AbstractDOMCachingXMLObject,
+            public AbstractXMLObjectMarshaller,
+            public AbstractXMLObjectUnmarshaller
         {
             void init() {
                 m_ProviderID=NULL;
@@ -742,10 +704,7 @@ namespace opensaml {
                         init();
                 }
 
-                IDPEntryImpl(const IDPEntryImpl& src) : AbstractXMLObject(src),
-                                                                AbstractDOMCachingXMLObject(src),
-                                                                AbstractValidatingXMLObject(src)
-                {
+                IDPEntryImpl(const IDPEntryImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                     init();
                     setProviderID(src.getProviderID());
                     setName(src.getName());
@@ -773,11 +732,10 @@ namespace opensaml {
         };
 
         class SAML_DLLLOCAL IDPListImpl : public virtual IDPList,
-                                          public AbstractComplexElement,
-                                          public AbstractDOMCachingXMLObject,
-                                          public AbstractValidatingXMLObject,
-                                          public AbstractXMLObjectMarshaller,
-                                          public AbstractXMLObjectUnmarshaller
+            public AbstractComplexElement,
+            public AbstractDOMCachingXMLObject,
+            public AbstractXMLObjectMarshaller,
+            public AbstractXMLObjectUnmarshaller
         {
             void init() {
                 m_GetComplete=NULL;
@@ -794,11 +752,8 @@ namespace opensaml {
                 init();
             }
                 
-            IDPListImpl(const IDPListImpl& src) : AbstractXMLObject(src),
-                                                  AbstractComplexElement(src),
-                                                  AbstractDOMCachingXMLObject(src),
-                                                  AbstractValidatingXMLObject(src)
-            {
+            IDPListImpl(const IDPListImpl& src)
+                    : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 if (src.getGetComplete())
                     setGetComplete(src.getGetComplete()->cloneGetComplete());
@@ -827,11 +782,10 @@ namespace opensaml {
 
 
         class SAML_DLLLOCAL ScopingImpl : public virtual Scoping,
-                                          public AbstractComplexElement,
-                                          public AbstractDOMCachingXMLObject,
-                                          public AbstractValidatingXMLObject,
-                                          public AbstractXMLObjectMarshaller,
-                                          public AbstractXMLObjectUnmarshaller
+            public AbstractComplexElement,
+            public AbstractDOMCachingXMLObject,
+            public AbstractXMLObjectMarshaller,
+            public AbstractXMLObjectUnmarshaller
         {
             void init() {
                 m_ProxyCount=NULL;
@@ -851,11 +805,8 @@ namespace opensaml {
                 init();
             }
                 
-            ScopingImpl(const ScopingImpl& src) : AbstractXMLObject(src),
-                                                  AbstractComplexElement(src),
-                                                  AbstractDOMCachingXMLObject(src),
-                                                  AbstractValidatingXMLObject(src)
-            {
+            ScopingImpl(const ScopingImpl& src)
+                    : AbstractXMLObject(src), AbstractComplexElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 setProxyCount(m_ProxyCount);
                 if (src.getIDPList())
@@ -941,9 +892,7 @@ namespace opensaml {
                 init();
             }
                 
-            AuthnRequestImpl(const AuthnRequestImpl& src) : AbstractXMLObject(src),
-                                                            RequestImpl(src)
-            {
+            AuthnRequestImpl(const AuthnRequestImpl& src) : AbstractXMLObject(src), RequestImpl(src) {
                 init();
 
                 ForceAuthn(m_ForceAuthn);
@@ -1015,11 +964,10 @@ namespace opensaml {
         };
 
         class SAML_DLLLOCAL StatusResponseImpl : public virtual StatusResponse,
-                                                 public AbstractComplexElement,
-                                                 public AbstractDOMCachingXMLObject,
-                                                 public AbstractValidatingXMLObject,
-                                                 public AbstractXMLObjectMarshaller,
-                                                 public AbstractXMLObjectUnmarshaller
+            public AbstractComplexElement,
+            public AbstractDOMCachingXMLObject,
+            public AbstractXMLObjectMarshaller,
+            public AbstractXMLObjectUnmarshaller
         {
             void init() {
                 m_ID=NULL;
@@ -1064,10 +1012,7 @@ namespace opensaml {
                 init();
             }
                 
-            StatusResponseImpl(const StatusResponseImpl& src) : AbstractXMLObject(src),
-                                                                AbstractDOMCachingXMLObject(src),
-                                                                AbstractValidatingXMLObject(src)
-            {
+            StatusResponseImpl(const StatusResponseImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 setID(src.getID());
                 setInResponseTo(src.getInResponseTo());
@@ -1163,9 +1108,7 @@ namespace opensaml {
             ResponseImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const QName* schemaType)
                 : AbstractXMLObject(nsURI, localName, prefix, schemaType) { }
                 
-            ResponseImpl(const ResponseImpl& src) : AbstractXMLObject(src),
-                                                    StatusResponseImpl(src)
-            {
+            ResponseImpl(const ResponseImpl& src) : AbstractXMLObject(src), StatusResponseImpl(src) {
                 for (list<XMLObject*>::const_iterator i=src.m_children.begin(); i!=src.m_children.end(); i++) {
                     if (*i) {
                         Assertion* assertion=dynamic_cast<Assertion*>(*i);
@@ -1212,9 +1155,7 @@ namespace opensaml {
                 init();
             }
                 
-            ArtifactResolveImpl(const ArtifactResolveImpl& src) : AbstractXMLObject(src),
-                                                                  RequestImpl(src)
-            {
+            ArtifactResolveImpl(const ArtifactResolveImpl& src) : AbstractXMLObject(src), RequestImpl(src) {
                 init();
                 if(src.getArtifact())
                     setArtifact(src.getArtifact()->cloneArtifact());
@@ -1247,9 +1188,7 @@ namespace opensaml {
                 init();
             }
                 
-            ArtifactResponseImpl(const ArtifactResponseImpl& src) : AbstractXMLObject(src),
-                                                                    StatusResponseImpl(src)
-            {
+            ArtifactResponseImpl(const ArtifactResponseImpl& src) : AbstractXMLObject(src), StatusResponseImpl(src) {
                 init();
                 if (src.getPayload())
                     setPayload(getPayload()->clone());
@@ -1279,11 +1218,10 @@ namespace opensaml {
         };
 
         class SAML_DLLLOCAL NewEncryptedIDImpl : public virtual NewEncryptedID,
-                                                 public AbstractComplexElement,
-                                                 public AbstractDOMCachingXMLObject,
-                                                 public AbstractValidatingXMLObject,
-                                                 public AbstractXMLObjectMarshaller,
-                                                 public AbstractXMLObjectUnmarshaller
+            public AbstractComplexElement,
+            public AbstractDOMCachingXMLObject,
+            public AbstractXMLObjectMarshaller,
+            public AbstractXMLObjectUnmarshaller
         {
             void init() {
                 m_EncryptedData=NULL;
@@ -1306,9 +1244,7 @@ namespace opensaml {
                 init();
             }
                 
-            NewEncryptedIDImpl(const NewEncryptedIDImpl& src)
-                : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src), AbstractValidatingXMLObject(src)
-            {
+            NewEncryptedIDImpl(const NewEncryptedIDImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 if (src.getEncryptedData())
                     setEncryptedData(src.getEncryptedData()->cloneEncryptedData());
@@ -1355,11 +1291,10 @@ namespace opensaml {
         };
 
         class SAML_DLLLOCAL TerminateImpl : public virtual Terminate,
-                                            public AbstractChildlessElement,
-                                            public AbstractDOMCachingXMLObject,
-                                            public AbstractValidatingXMLObject,
-                                            public AbstractXMLObjectMarshaller,
-                                            public AbstractXMLObjectUnmarshaller
+            public AbstractChildlessElement,
+            public AbstractDOMCachingXMLObject,
+            public AbstractXMLObjectMarshaller,
+            public AbstractXMLObjectUnmarshaller
         {
             public:
                 virtual ~TerminateImpl() { }
@@ -1367,9 +1302,8 @@ namespace opensaml {
                 TerminateImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const QName* schemaType)
                     : AbstractXMLObject(nsURI, localName, prefix, schemaType) { }
 
-                TerminateImpl(const TerminateImpl& src) : AbstractXMLObject(src),
-                                                          AbstractDOMCachingXMLObject(src),
-                                                          AbstractValidatingXMLObject(src) { }
+                TerminateImpl(const TerminateImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
+                }
 
                 IMPL_XMLOBJECT_CLONE(Terminate);
 
@@ -1411,9 +1345,7 @@ namespace opensaml {
                 init();
             }
                 
-            ManageNameIDRequestImpl(const ManageNameIDRequestImpl& src) : AbstractXMLObject(src),
-                                                                            RequestImpl(src)
-            {
+            ManageNameIDRequestImpl(const ManageNameIDRequestImpl& src) : AbstractXMLObject(src), RequestImpl(src) {
                 init();
 
                 if (src.getNameID())
@@ -1456,8 +1388,8 @@ namespace opensaml {
                 ManageNameIDResponseImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const QName* schemaType)
                     : AbstractXMLObject(nsURI, localName, prefix, schemaType) { }
                 
-                ManageNameIDResponseImpl(const ManageNameIDResponseImpl& src) : AbstractXMLObject(src),
-                                                                                StatusResponseImpl(src) { }
+                ManageNameIDResponseImpl(const ManageNameIDResponseImpl& src) : AbstractXMLObject(src), StatusResponseImpl(src) {
+                }
 
                 IMPL_XMLOBJECT_CLONE(ManageNameIDResponse);
         };
@@ -1494,9 +1426,7 @@ namespace opensaml {
                 init();
             }
                 
-            LogoutRequestImpl(const LogoutRequestImpl& src) : AbstractXMLObject(src),
-                                                              RequestImpl(src)
-            {
+            LogoutRequestImpl(const LogoutRequestImpl& src) : AbstractXMLObject(src), RequestImpl(src) {
                 init();
 
                 setReason(src.getReason());
@@ -1558,8 +1488,8 @@ namespace opensaml {
                 LogoutResponseImpl(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix, const QName* schemaType)
                     : AbstractXMLObject(nsURI, localName, prefix, schemaType) { }
                 
-                LogoutResponseImpl(const LogoutResponseImpl& src) : AbstractXMLObject(src),
-                                                                    StatusResponseImpl(src) { }
+                LogoutResponseImpl(const LogoutResponseImpl& src) : AbstractXMLObject(src), StatusResponseImpl(src) {
+                }
 
                 IMPL_XMLOBJECT_CLONE(LogoutResponse);
         };
@@ -1595,9 +1525,7 @@ namespace opensaml {
                 init();
             }
                 
-            NameIDMappingRequestImpl(const NameIDMappingRequestImpl& src) : AbstractXMLObject(src),
-                                                                            RequestImpl(src)
-            {
+            NameIDMappingRequestImpl(const NameIDMappingRequestImpl& src) : AbstractXMLObject(src), RequestImpl(src) {
                 init();
 
                 if (src.getBaseID())
@@ -1649,9 +1577,7 @@ namespace opensaml {
                 init();
             }
                 
-            NameIDMappingResponseImpl(const NameIDMappingResponseImpl& src) : AbstractXMLObject(src),
-                                                                              StatusResponseImpl(src)
-            {
+            NameIDMappingResponseImpl(const NameIDMappingResponseImpl& src) : AbstractXMLObject(src), StatusResponseImpl(src) {
                 init();
 
                 if (src.getNameID())
diff --git a/saml/saml2/metadata/Metadata.h b/saml/saml2/metadata/Metadata.h
index 7c70849..2b4ca15 100644
--- a/saml/saml2/metadata/Metadata.h
+++ b/saml/saml2/metadata/Metadata.h
@@ -35,7 +35,6 @@
 #include <xmltooling/signature/KeyInfo.h>
 #include <xmltooling/signature/Signature.h>
 #include <xmltooling/util/DateTime.h>
-#include <xmltooling/validation/ValidatingXMLObject.h>
 
 #define DECL_SAML2MDOBJECTBUILDER(cname) \
     DECL_XMLOBJECTBUILDER(SAML_API,cname,opensaml::SAMLConstants::SAML20MD_NS,opensaml::SAMLConstants::SAML20MD_PREFIX)
diff --git a/saml/saml2/metadata/MetadataFilter.h b/saml/saml2/metadata/MetadataFilter.h
new file mode 100644
index 0000000..5c5f373
--- /dev/null
+++ b/saml/saml2/metadata/MetadataFilter.h
@@ -0,0 +1,66 @@
+/*
+ *  Copyright 2001-2006 Internet2
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @file MetadataFilter.h
+ * 
+ * Processes metadata after it's been unmarshalled.
+ */
+
+#ifndef __saml2_metadatafilt_h__
+#define __saml2_metadatafilt_h__
+
+#include <saml/saml2/metadata/Metadata.h>
+
+namespace opensaml {
+
+    namespace saml2md {
+        
+        /**
+         * A metadata filter is used to process metadata after resolution and unmarshalling.
+         * 
+         * Some filters might remove everything but identity provider roles, decreasing the data a service provider
+         * needs to work with, or a filter could be used to perform integrity checking on the retrieved metadata by
+         * verifying a digital signature.
+         */
+        class SAML_API MetadataFilter
+        {
+            MAKE_NONCOPYABLE(MetadataFilter);
+            
+        public:
+            virtual ~MetadataFilter() {}
+            
+            /**
+             * Returns an identifying string for the filter.
+             * 
+             * @return the ID string
+             */
+            virtual const char* getId() const=0;
+            
+            /**
+             * Filters the given metadata. Exceptions should generally not be thrown to
+             * signal the removal of information, only for systemic processing failure.
+             * 
+             * @param xmlObject the metadata to be filtered.
+             * @throws FilterException thrown if an error occurs during the filtering process
+             */
+            virtual void doFilter(xmltooling::XMLObject& xmlObject) const=0;
+        };
+
+    };
+};
+
+#endif /* __saml2_metadatafilt_h__ */
diff --git a/saml/saml2/metadata/MetadataProvider.h b/saml/saml2/metadata/MetadataProvider.h
new file mode 100644
index 0000000..eac8ea6
--- /dev/null
+++ b/saml/saml2/metadata/MetadataProvider.h
@@ -0,0 +1,142 @@
+/*
+ *  Copyright 2001-2006 Internet2
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @file MetadataProvider.h
+ * 
+ * Supplies an individual source of metadata.
+ */
+
+#ifndef __saml2_metadataprov_h__
+#define __saml2_metadataprov_h__
+
+#include <xmltooling/Lockable.h>
+#include <saml/saml2/metadata/MetadataFilter.h>
+
+namespace opensaml {
+
+    namespace saml2md {
+        
+        /**
+         * Supplies an individual source of metadata.
+         * 
+         * The source can be a local file, remote service, or the result of a
+         * dynamic lookup, can include local caching, etc.
+         */
+        class SAML_API MetadataProvider : public virtual xmltooling::Lockable
+        {
+            MAKE_NONCOPYABLE(MetadataProvider);
+        protected:
+            MetadataProvider() : m_filter(NULL) {}
+            
+        public:
+            virtual ~MetadataProvider() {
+                delete m_filter;
+            }
+            
+            /**
+             * Gets the metadata filter applied to the resolved metadata.
+             * 
+             * @return the metadata filter applied to the resolved metadata
+             */
+            const MetadataFilter* getMetadataFilter() const {
+                return m_filter;
+            }
+        
+            /**
+             * Sets the metadata filter applied to the resolved metadata.
+             * 
+             * @param newFilter the metadata filter applied to the resolved metadata
+             */
+            void setMetadataFilter(MetadataFilter* newFilter) {
+                delete m_filter;
+                m_filter=newFilter;
+            }
+            
+            /**
+             * Should be called after instantiating provider and setting filter, but before
+             * performing any lookup operations. Allows the provider to defer initialization
+             * processes that are likely to result in exceptions until after the provider is
+             * safely created. Providers SHOULD perform as much processing as possible in
+             * this method so as to report/log any errors that would affect later processing.
+             * Also, any inputs supplied to the factory MUST persist until the completion of
+             * this method, but the caller is then free to modify or delete them.
+             */
+            virtual void init()=0;
+            
+            /**
+             * Gets the metadata for a given entity. If a valid entity is returned,
+             * the provider will be left in a locked state. The caller MUST unlock the
+             * provider when finished with the entity.
+             *  
+             * @param id                    the ID of the entity
+             * @param requireValidMetadata  indicates whether the metadata for the entity must be valid/current
+             * 
+             * @return the entity's metadata or NULL if there is no metadata or no valid metadata
+             */
+            virtual const EntityDescriptor* lookup(const XMLCh* id, bool requireValidMetadata=true) const=0;
+
+            /**
+             * Gets the metadata for a given entity. If a valid entity is returned,
+             * the provider will be left in a locked state. The caller MUST unlock the
+             * provider when finished with the entity.
+             *  
+             * @param id                    the ID of the entity
+             * @param requireValidMetadata  indicates whether the metadata for the entity must be valid/current
+             * 
+             * @return the entity's metadata or NULL if there is no metadata or no valid metadata
+             */
+            virtual const EntityDescriptor* lookup(const char* id, bool requireValidMetadata=true) const=0;
+
+            /**
+             * Gets the metadata for a given group of entities. If a valid group is returned,
+             * the resolver will be left in a locked state. The caller MUST unlock the
+             * resolver when finished with the group.
+             * 
+             * @param name                  the name of the group
+             * @param requireValidMetadata  indicates whether the metadata for the group must be valid/current
+             * 
+             * @return the group's metadata or NULL if there is no metadata or no valid metadata
+             */
+            virtual const EntitiesDescriptor* lookupGroup(const XMLCh* name, bool requireValidMetadata=true) const=0;
+
+            /**
+             * Gets the metadata for a given group of entities. If a valid group is returned,
+             * the resolver will be left in a locked state. The caller MUST unlock the
+             * resolver when finished with the group.
+             * 
+             * @param name                  the name of the group
+             * @param requireValidMetadata  indicates whether the metadata for the group must be valid/current
+             * 
+             * @return the group's metadata or NULL if there is no metadata or no valid metadata
+             */
+            virtual const EntitiesDescriptor* lookupGroup(const char* name, bool requireValidMetadata=true) const=0;
+
+        protected:
+            MetadataFilter* m_filter;
+        };
+        
+        /**
+         * Registers MetadataProvider classes into the runtime.
+         */
+        void SAML_API registerMetadataProviders();
+        
+        /** MetadataProvider based on local XML files */
+        #define FILESYSTEM_METADATA_PROVIDER  "org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider"
+    };
+};
+
+#endif /* __saml2_metadataprov_h__ */
diff --git a/saml/saml2/metadata/impl/FilesystemMetadataProvider.cpp b/saml/saml2/metadata/impl/FilesystemMetadataProvider.cpp
new file mode 100644
index 0000000..dc264d6
--- /dev/null
+++ b/saml/saml2/metadata/impl/FilesystemMetadataProvider.cpp
@@ -0,0 +1,349 @@
+/*
+ *  Copyright 2001-2006 Internet2
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * FilesystemMetadataProvider.cpp
+ * 
+ * Supplies metadata from a local file, detecting and reloading changes.
+ */
+
+#include "internal.h"
+#include "saml2/metadata/MetadataProvider.h"
+
+#include <ctime>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <log4cpp/Category.hh>
+#include <xercesc/framework/LocalFileInputSource.hpp>
+#include <xercesc/framework/Wrapper4InputSource.hpp>
+#include <xmltooling/util/NDC.h>
+#include <xmltooling/util/Threads.h>
+
+using namespace opensaml::saml2md;
+using namespace xmltooling;
+using namespace log4cpp;
+using namespace std;
+
+namespace opensaml {
+    namespace saml2md {
+        
+        
+        class SAML_DLLLOCAL FilesystemMetadataProvider : public MetadataProvider
+        {
+        public:
+            FilesystemMetadataProvider(const DOMElement* e);
+            ~FilesystemMetadataProvider();
+
+            Lockable* lock();
+            void unlock() {
+                if (m_lock)
+                    m_lock->unlock();
+            }
+
+            void init();
+
+            const EntityDescriptor* lookup(const XMLCh* id, bool requireValidMetadata=true) const;
+            const EntityDescriptor* lookup(const char* id, bool requireValidMetadata=true) const;
+            const EntitiesDescriptor* lookupGroup(const XMLCh* name, bool requireValidMetadata=true) const;
+            const EntitiesDescriptor* lookupGroup(const char* name, bool requireValidMetadata=true) const;
+
+        private:
+            XMLObject* load() const;
+            void index();
+            void index(EntityDescriptor* site, time_t validUntil=LLONG_MAX);
+            void index(EntitiesDescriptor* group, time_t validUntil=LLONG_MAX);
+        
+            // index of loaded metadata
+            typedef multimap<string,const EntityDescriptor*> sitemap_t;
+            typedef multimap<string,const EntitiesDescriptor*> groupmap_t;
+            sitemap_t m_sites;
+            sitemap_t m_sources;
+            groupmap_t m_groups;
+
+            const DOMElement* m_root; // survives only until init() method is done
+            std::string m_source;
+            time_t m_filestamp;
+            bool m_validate;
+            RWLock* m_lock;
+            XMLObject* m_object;
+        }; 
+
+        MetadataProvider* SAML_DLLLOCAL FilesystemMetadataProviderFactory(const DOMElement* const & e)
+        {
+            return new FilesystemMetadataProvider(e);
+        }
+
+    };
+};
+
+static const XMLCh uri[] =      UNICODE_LITERAL_3(u,r,i);
+static const XMLCh url[] =      UNICODE_LITERAL_3(u,r,l);
+static const XMLCh path[] =     UNICODE_LITERAL_4(p,a,t,h);
+static const XMLCh pathname[] = UNICODE_LITERAL_8(p,a,t,h,n,a,m,e);
+static const XMLCh file[] =     UNICODE_LITERAL_4(f,i,l,e);
+static const XMLCh filename[] = UNICODE_LITERAL_8(f,i,l,e,n,a,m,e);
+static const XMLCh validate[] = UNICODE_LITERAL_8(v,a,l,i,d,a,t,e);
+
+FilesystemMetadataProvider::FilesystemMetadataProvider(const DOMElement* e)
+    : m_root(e), m_filestamp(0), m_validate(false), m_lock(NULL), m_object(NULL)
+{
+#ifdef _DEBUG
+    NDC ndc("FilesystemMetadataProvider");
+#endif
+    Category& log=Category::getInstance(SAML_LOGCAT".Metadata");
+
+    // Establish source of data...
+    const XMLCh* source=e->getAttributeNS(NULL,uri);
+    if (!source || !*source) {
+        source=e->getAttributeNS(NULL,url);
+        if (!source || !*source) {
+            source=e->getAttributeNS(NULL,path);
+            if (!source || !*source) {
+                source=e->getAttributeNS(NULL,pathname);
+                if (!source || !*source) {
+                    source=e->getAttributeNS(NULL,file);
+                    if (!source || !*source) {
+                        source=e->getAttributeNS(NULL,filename);
+                    }
+                }
+            }
+        }
+    }
+    
+    if (source && *source) {
+        const XMLCh* valflag=e->getAttributeNS(NULL,validate);
+        m_validate=(XMLString::equals(valflag,XMLConstants::XML_TRUE) || XMLString::equals(valflag,XMLConstants::XML_ONE));
+        
+        auto_ptr_char temp(source);
+        m_source=temp.get();
+        log.debug("using external metadata file (%s)", temp.get());
+
+#ifdef WIN32
+        struct _stat stat_buf;
+        if (_stat(m_source.c_str(), &stat_buf) == 0)
+#else
+        struct stat stat_buf;
+        if (stat(m_source.c_str(), &stat_buf) == 0)
+#endif
+            m_filestamp=stat_buf.st_mtime;
+        m_lock=RWLock::create();
+    }
+    else
+        log.debug("no file path/name supplied, will look for metadata inline");
+}
+
+FilesystemMetadataProvider::~FilesystemMetadataProvider()
+{
+    delete m_lock;
+    delete m_object;
+}
+
+void FilesystemMetadataProvider::init()
+{
+    m_object=load();
+    index();
+}
+
+XMLObject* FilesystemMetadataProvider::load() const
+{
+#ifdef _DEBUG
+    NDC ndc("load");
+#endif
+    Category& log=Category::getInstance(SAML_LOGCAT".Metadata");
+    
+    try {
+        XMLObject* xmlObject=NULL;
+        
+        if (!m_source.empty()) {
+            // Data comes from a file we have to parse.
+            log.debug("loading metadata from file...");
+            auto_ptr_XMLCh widenit(m_source.c_str());
+            LocalFileInputSource src(widenit.get());
+            Wrapper4InputSource dsrc(&src,false);
+            DOMDocument* doc=NULL;
+            if (m_validate)
+                doc=XMLToolingConfig::getConfig().getValidatingParser().parse(dsrc);
+            else
+                doc=XMLToolingConfig::getConfig().getParser().parse(dsrc);
+            XercesJanitor<DOMDocument> docjanitor(doc);
+            log.infoStream() << "loaded and parsed XML file (" << m_source << ")" << CategoryStream::ENDLINE;
+            
+            // Unmarshall objects, binding the document.
+            xmlObject = XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(), true);
+            docjanitor.release();
+        }
+        else {
+            // Data comes from the DOM we were handed.
+            log.debug("loading inline metadata...");
+            DOMElement* child = XMLHelper::getFirstChildElement(m_root);
+            if (!child)
+                throw XMLToolingException("No metadata was found inline.");
+            xmlObject = XMLObjectBuilder::buildOneFromElement(child);
+        }
+        
+        auto_ptr<XMLObject> xmlObjectPtr(xmlObject);
+        
+        if (m_filter) {
+            log.info("applying metadata filter (%s)", m_filter->getId());
+            m_filter->doFilter(*xmlObject);
+        }
+        
+        xmlObjectPtr->releaseThisAndChildrenDOM();
+        xmlObjectPtr->setDocument(NULL);
+        return xmlObjectPtr.release();
+    }
+    catch (XMLException& e) {
+        auto_ptr_char msg(e.getMessage());
+        log.errorStream() << "Xerces parser error while loading metadata from ("
+            << (m_source.empty() ? "inline" : m_source) << "): " << msg.get() << CategoryStream::ENDLINE;
+        throw XMLParserException(msg.get());
+    }
+    catch (XMLToolingException& e) {
+        log.errorStream() << "error while loading metadata from ("
+            << (m_source.empty() ? "inline" : m_source) << "): " << e.what() << CategoryStream::ENDLINE;
+        throw;
+    }
+}
+
+Lockable* FilesystemMetadataProvider::lock()
+{
+    if (!m_lock)
+        return this;
+        
+    m_lock->rdlock();
+
+    // Check if we need to refresh.
+#ifdef WIN32
+    struct _stat stat_buf;
+    if (_stat(m_source.c_str(), &stat_buf) == 0)
+#else
+    struct stat stat_buf;
+    if (stat(m_source.c_str(), &stat_buf) == 0)
+#endif
+    {
+        if (m_filestamp>0 && m_filestamp<stat_buf.st_mtime) {
+            // Elevate lock and recheck.
+            m_lock->unlock();
+            m_lock->wrlock();
+            if (m_filestamp>0 && m_filestamp<stat_buf.st_mtime) {
+                SharedLock lockwrap(m_lock,false);  // pops write lock
+                try {
+                    // Update the timestamp regardless. No point in repeatedly trying.
+                    m_filestamp=stat_buf.st_mtime;
+                    XMLObject* newstuff = load();
+                    delete m_object;
+                    m_object = newstuff;
+                    index();
+                }
+                catch(XMLToolingException& e) {
+                    Category::getInstance(SAML_LOGCAT".Metadata").error("failed to reload metadata from file, sticking with what we have: %s", e.what());
+                }
+            }
+            else {
+                m_lock->unlock();
+            }
+            m_lock->rdlock();
+        }
+    }
+    return this;
+}
+
+void FilesystemMetadataProvider::index()
+{
+    m_sources.clear();
+    m_sites.clear();
+    m_groups.clear();
+    
+    EntitiesDescriptor* group=dynamic_cast<EntitiesDescriptor*>(m_object);
+    if (group) {
+        index(group);
+        return;
+    }
+    EntityDescriptor* site=dynamic_cast<EntityDescriptor*>(m_object);
+    index(site);
+}
+
+void FilesystemMetadataProvider::index(EntityDescriptor* site, time_t validUntil)
+{
+    if (validUntil < site->getValidUntilEpoch())
+        site->setValidUntil(validUntil);
+
+    auto_ptr_char id(site->getEntityID());
+    if (id.get()) {
+        m_sites.insert(make_pair(id.get(),site));
+    }
+}
+
+void FilesystemMetadataProvider::index(EntitiesDescriptor* group, time_t validUntil)
+{
+    if (validUntil < group->getValidUntilEpoch())
+        group->setValidUntil(validUntil);
+
+    auto_ptr_char name(group->getName());
+    if (name.get()) {
+        m_groups.insert(make_pair(name.get(),group));
+    }
+    
+    const vector<EntitiesDescriptor*>& groups=const_cast<const EntitiesDescriptor*>(group)->getEntitiesDescriptors();
+    for (vector<EntitiesDescriptor*>::const_iterator i=groups.begin(); i!=groups.end(); i++)
+        index(*i,group->getValidUntilEpoch());
+
+    const vector<EntityDescriptor*>& sites=const_cast<const EntitiesDescriptor*>(group)->getEntityDescriptors();
+    for (vector<EntityDescriptor*>::const_iterator j=sites.begin(); j!=sites.end(); j++)
+        index(*j,group->getValidUntilEpoch());
+}
+
+const EntitiesDescriptor* FilesystemMetadataProvider::lookupGroup(const char* name, bool strict) const
+{
+    pair<groupmap_t::const_iterator,groupmap_t::const_iterator> range=m_groups.equal_range(name);
+
+    time_t now=time(NULL);
+    for (groupmap_t::const_iterator i=range.first; i!=range.second; i++)
+        if (now < i->second->getValidUntilEpoch())
+            return i->second;
+    
+    if (!strict && range.first!=range.second)
+        return range.first->second;
+        
+    return NULL;
+}
+
+const EntitiesDescriptor* FilesystemMetadataProvider::lookupGroup(const XMLCh* name, bool strict) const
+{
+    auto_ptr_char temp(name);
+    return lookupGroup(temp.get(),strict);
+}
+
+const EntityDescriptor* FilesystemMetadataProvider::lookup(const char* name, bool strict) const
+{
+    pair<sitemap_t::const_iterator,sitemap_t::const_iterator> range=m_sites.equal_range(name);
+
+    time_t now=time(NULL);
+    for (sitemap_t::const_iterator i=range.first; i!=range.second; i++)
+        if (now < i->second->getValidUntilEpoch())
+            return i->second;
+    
+    if (!strict && range.first!=range.second)
+        return range.first->second;
+        
+    return NULL;
+}
+
+const EntityDescriptor* FilesystemMetadataProvider::lookup(const XMLCh* name, bool strict) const
+{
+    auto_ptr_char temp(name);
+    return lookup(temp.get(),strict);
+}
diff --git a/saml/saml2/metadata/impl/MetadataImpl.cpp b/saml/saml2/metadata/impl/MetadataImpl.cpp
index 46f6d06..23cd26d 100644
--- a/saml/saml2/metadata/impl/MetadataImpl.cpp
+++ b/saml/saml2/metadata/impl/MetadataImpl.cpp
@@ -32,7 +32,6 @@
 #include <xmltooling/io/AbstractXMLObjectMarshaller.h>
 #include <xmltooling/io/AbstractXMLObjectUnmarshaller.h>
 #include <xmltooling/util/XMLHelper.h>
-#include <xmltooling/validation/AbstractValidatingXMLObject.h>
 
 #include <ctime>
 #include <xercesc/util/XMLUniDefs.hpp>
@@ -66,7 +65,6 @@ namespace opensaml {
             public AbstractSimpleElement,
             public AbstractChildlessElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -90,8 +88,7 @@ namespace opensaml {
             }
                 
             localizedNameTypeImpl(const localizedNameTypeImpl& src)
-                    : AbstractXMLObject(src), AbstractSimpleElement(src),
-                        AbstractDOMCachingXMLObject(src), AbstractValidatingXMLObject(src) {
+                    : AbstractXMLObject(src), AbstractSimpleElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 setLang(src.getLang());
             }
@@ -115,7 +112,6 @@ namespace opensaml {
             public AbstractSimpleElement,
             public AbstractChildlessElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -139,8 +135,7 @@ namespace opensaml {
             }
                 
             localizedURITypeImpl(const localizedURITypeImpl& src)
-                    : AbstractXMLObject(src), AbstractSimpleElement(src),
-                        AbstractDOMCachingXMLObject(src), AbstractValidatingXMLObject(src) {
+                    : AbstractXMLObject(src), AbstractSimpleElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 setLang(src.getLang());
             }
@@ -241,9 +236,8 @@ namespace opensaml {
         };
 
         class SAML_DLLLOCAL ExtensionsImpl : public virtual Extensions,
-            public AbstractDOMCachingXMLObject,
             public AbstractElementProxy,
-            public AbstractValidatingXMLObject,
+            public AbstractDOMCachingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -255,8 +249,7 @@ namespace opensaml {
             }
                 
             ExtensionsImpl(const ExtensionsImpl& src)
-                    : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src), AbstractElementProxy(src),
-                        AbstractValidatingXMLObject(src) {
+                    : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src), AbstractElementProxy(src) {
                 for (list<XMLObject*>::const_iterator i=src.m_children.begin(); i!=src.m_children.end(); i++) {
                     if (*i) {
                         getXMLObjects().push_back((*i)->clone());
@@ -283,7 +276,6 @@ namespace opensaml {
             public AbstractComplexElement,
             public AbstractAttributeExtensibleXMLObject,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -310,10 +302,7 @@ namespace opensaml {
             }
                 
             OrganizationImpl(const OrganizationImpl& src)
-                    : AbstractXMLObject(src),
-                        AbstractAttributeExtensibleXMLObject(src),
-                        AbstractDOMCachingXMLObject(src),
-                        AbstractValidatingXMLObject(src) {
+                    : AbstractXMLObject(src), AbstractAttributeExtensibleXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 if (src.getExtensions())
                     setExtensions(src.getExtensions()->cloneExtensions());
@@ -373,7 +362,6 @@ namespace opensaml {
             public AbstractComplexElement,
             public AbstractAttributeExtensibleXMLObject,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -409,10 +397,7 @@ namespace opensaml {
             }
                 
             ContactPersonImpl(const ContactPersonImpl& src)
-                    : AbstractXMLObject(src),
-                        AbstractAttributeExtensibleXMLObject(src),
-                        AbstractDOMCachingXMLObject(src),
-                        AbstractValidatingXMLObject(src) {
+                    : AbstractXMLObject(src), AbstractAttributeExtensibleXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 if (src.getExtensions())
                     setExtensions(src.getExtensions()->cloneExtensions());
@@ -490,7 +475,6 @@ namespace opensaml {
             public AbstractSimpleElement,
             public AbstractChildlessElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -509,8 +493,7 @@ namespace opensaml {
             }
                 
             AdditionalMetadataLocationImpl(const AdditionalMetadataLocationImpl& src)
-                    : AbstractXMLObject(src), AbstractSimpleElement(src),
-                        AbstractDOMCachingXMLObject(src), AbstractValidatingXMLObject(src) {
+                    : AbstractXMLObject(src), AbstractSimpleElement(src), AbstractDOMCachingXMLObject(src) {
                 init();
             }
             
@@ -532,7 +515,6 @@ namespace opensaml {
         class SAML_DLLLOCAL KeyDescriptorImpl : public virtual KeyDescriptor,
             public AbstractComplexElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -552,8 +534,7 @@ namespace opensaml {
                 init();
             }
                 
-            KeyDescriptorImpl(const KeyDescriptorImpl& src)
-                    : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src), AbstractValidatingXMLObject(src) {
+            KeyDescriptorImpl(const KeyDescriptorImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 setUse(src.getUse());
                 if (src.getKeyInfo())
@@ -589,10 +570,9 @@ namespace opensaml {
         };
 
         class SAML_DLLLOCAL EndpointTypeImpl : public virtual EndpointType,
-            public AbstractDOMCachingXMLObject,
             public AbstractElementProxy,
             public AbstractAttributeExtensibleXMLObject,
-            public AbstractValidatingXMLObject,
+            public AbstractDOMCachingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -617,11 +597,8 @@ namespace opensaml {
             }
                 
             EndpointTypeImpl(const EndpointTypeImpl& src)
-                    : AbstractXMLObject(src),
-                        AbstractDOMCachingXMLObject(src),
-                        AbstractElementProxy(src),
-                        AbstractAttributeExtensibleXMLObject(src),
-                        AbstractValidatingXMLObject(src) {
+                    : AbstractXMLObject(src), AbstractElementProxy(src),
+                        AbstractAttributeExtensibleXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 setBinding(src.getBinding());
                 setLocation(src.getLocation());
                 setResponseLocation(src.getResponseLocation());
@@ -912,7 +889,6 @@ namespace opensaml {
             public AbstractComplexElement,
             public AbstractAttributeExtensibleXMLObject,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -957,10 +933,7 @@ namespace opensaml {
             }
                 
             RoleDescriptorImpl(const RoleDescriptorImpl& src)
-                    : AbstractXMLObject(src),
-                        AbstractAttributeExtensibleXMLObject(src),
-                        AbstractDOMCachingXMLObject(src),
-                        AbstractValidatingXMLObject(src) {
+                    : AbstractXMLObject(src), AbstractAttributeExtensibleXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 setID(src.getID());
                 setProtocolSupportEnumeration(src.getProtocolSupportEnumeration());
@@ -1301,7 +1274,6 @@ namespace opensaml {
             public AbstractComplexElement,
             public AbstractAttributeExtensibleXMLObject,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -1322,10 +1294,7 @@ namespace opensaml {
             }
                 
             RequestedAttributeImpl(const RequestedAttributeImpl& src)
-                    : AbstractXMLObject(src),
-                        AbstractAttributeExtensibleXMLObject(src),
-                        AbstractDOMCachingXMLObject(src),
-                        AbstractValidatingXMLObject(src) {
+                    : AbstractXMLObject(src), AbstractAttributeExtensibleXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 setName(src.getName());
                 setNameFormat(src.getNameFormat());
@@ -1402,7 +1371,6 @@ namespace opensaml {
         class SAML_DLLLOCAL AttributeConsumingServiceImpl : public virtual AttributeConsumingService,
             public AbstractComplexElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -1430,7 +1398,7 @@ namespace opensaml {
             }
                 
             AttributeConsumingServiceImpl(const AttributeConsumingServiceImpl& src)
-                    : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src), AbstractValidatingXMLObject(src) {
+                    : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 setIndex(src.m_Index);
                 isDefault(src.m_isDefault);
@@ -1775,7 +1743,6 @@ namespace opensaml {
             public AbstractComplexElement,
             public AbstractAttributeExtensibleXMLObject,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -1810,10 +1777,7 @@ namespace opensaml {
             }
                 
             AffiliationDescriptorImpl(const AffiliationDescriptorImpl& src)
-                    : AbstractXMLObject(src),
-                        AbstractAttributeExtensibleXMLObject(src),
-                        AbstractDOMCachingXMLObject(src),
-                        AbstractValidatingXMLObject(src) {
+                    : AbstractXMLObject(src), AbstractAttributeExtensibleXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 setID(src.getID());
                 setAffiliationOwnerID(src.getAffiliationOwnerID());
@@ -1929,7 +1893,6 @@ namespace opensaml {
             public AbstractComplexElement,
             public AbstractAttributeExtensibleXMLObject,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -1972,10 +1935,7 @@ namespace opensaml {
             }
                 
             EntityDescriptorImpl(const EntityDescriptorImpl& src)
-                    : AbstractXMLObject(src),
-                        AbstractAttributeExtensibleXMLObject(src),
-                        AbstractDOMCachingXMLObject(src),
-                        AbstractValidatingXMLObject(src) {
+                    : AbstractXMLObject(src), AbstractAttributeExtensibleXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 setID(src.getID());
                 setEntityID(src.getEntityID());
@@ -2150,7 +2110,6 @@ namespace opensaml {
             public virtual SignableObject,
             public AbstractComplexElement,
             public AbstractDOMCachingXMLObject,
-            public AbstractValidatingXMLObject,
             public AbstractXMLObjectMarshaller,
             public AbstractXMLObjectUnmarshaller
         {
@@ -2179,10 +2138,7 @@ namespace opensaml {
                 init();
             }
                 
-            EntitiesDescriptorImpl(const EntitiesDescriptorImpl& src)
-                    : AbstractXMLObject(src),
-                        AbstractDOMCachingXMLObject(src),
-                        AbstractValidatingXMLObject(src) {
+            EntitiesDescriptorImpl(const EntitiesDescriptorImpl& src) : AbstractXMLObject(src), AbstractDOMCachingXMLObject(src) {
                 init();
                 setID(src.getID());
                 setName(src.getName());
diff --git a/saml/saml2/metadata/impl/MetadataProvider.cpp b/saml/saml2/metadata/impl/MetadataProvider.cpp
new file mode 100644
index 0000000..191a061
--- /dev/null
+++ b/saml/saml2/metadata/impl/MetadataProvider.cpp
@@ -0,0 +1,37 @@
+/*
+ *  Copyright 2001-2006 Internet2
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * MetadataProvider.cpp
+ * 
+ * Registration of factories for built-in providers
+ */
+
+#include "internal.h"
+#include "saml2/metadata/MetadataProvider.h"
+
+using namespace xmltooling;
+
+namespace opensaml {
+    namespace saml2md {
+        SAML_DLLLOCAL PluginManager<MetadataProvider,const DOMElement*>::Factory FilesystemMetadataProviderFactory; 
+    };
+};
+
+void SAML_API opensaml::saml2md::registerMetadataProviders()
+{
+    SAMLConfig::getConfig().MetadataProviderManager.registerFactory(FILESYSTEM_METADATA_PROVIDER, FilesystemMetadataProviderFactory);
+}
diff --git a/saml/signature/SignatureProfileValidator.h b/saml/signature/SignatureProfileValidator.h
index e4899cf..615ced5 100644
--- a/saml/signature/SignatureProfileValidator.h
+++ b/saml/signature/SignatureProfileValidator.h
@@ -39,10 +39,6 @@ namespace opensaml {
         virtual ~SignatureProfileValidator() {}
 
         void validate(const xmltooling::XMLObject* xmlObject) const;
-        
-        SignatureProfileValidator* clone() const {
-            return new SignatureProfileValidator();
-        }
     };
 
 };
diff --git a/samltest/data/saml2/metadata/InCommon-metadata.xml b/samltest/data/saml2/metadata/InCommon-metadata.xml
new file mode 100644
index 0000000..c175380
--- /dev/null
+++ b/samltest/data/saml2/metadata/InCommon-metadata.xml
@@ -0,0 +1,1112 @@
+<EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Name="urn:mace:incommon" xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata sstc-saml-schema-metadata-2.0.xsd urn:mace:shibboleth:metadata:1.0 shibboleth-metadata-1.0.xsd http://www.w3.org/2000/09/xmldsig# xmldsig-core-schema.xsd"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<ds:SignedInfo>
+<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
+<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+<ds:Reference URI="">
+<ds:Transforms>
+<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
+</ds:Transforms>
+<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+<ds:DigestValue>91oiRc8Bwf+DJq/kO/4vQh723F8=</ds:DigestValue>
+</ds:Reference>
+</ds:SignedInfo>
+<ds:SignatureValue>
+txodSjGrZlegJY9lHLlxfhOpK0v8SGNmFFHPXM9j54gZdbK+N8+4rPEjVCOg33Bk8RZ+OcBQNQQH
+otCvlXEpput84qTDVbe8xIGXzTbRH+45oLV6PQCEvZ4Pd3W/D2BZmI77DLHOlsQFJW2B6Ct98sO6
+qvWi7hStX8qaPnZe3hpDOgdhNpfZh/WiY5VTPsYT/+KHFv1wM3AqIPUKJ/9q6ahD80NlpJzpliE9
+PbEnEiuUKWq255jNBnbl/xR4jN+MhX1pOzxD1x+tDqJLVL+rgoHQZJHoxHzYykRKW4FITRL0ASXZ
+lgKxBy5k/W0hPzm4ntrX3OvpW49S0ys3BlAEWQ==
+</ds:SignatureValue>
+<ds:KeyInfo>
+<ds:X509Data>
+<ds:X509Certificate>
+MIIF2zCCBMOgAwIBAgIBQjANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMT
+SW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRo
+b3JpdHkwHhcNMDYwNDEwMTY1NjM3WhcNMDcwNDEwMTY1NjM3WjBSMQswCQYDVQQGEwJVUzEcMBoG
+A1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjElMCMGA1UEAxMcZmVkb3AuaW5jb21tb25mZWRlcmF0
+aW9uLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAoXZK5/nRuWY+S91CMPsXl
+oDc5vGo8O/xcqkUNUow+C34NlgnZX4zq2BjZ1WTAk3yLaF00qYOK18R0LMpHjYmEbtvtNrjEvtaZ
+walo83TyRNKHfqvBG3bxOkoYpo8jZ9MkHxskCgjXWLnPu+TCB7GiDgBLQ2VEk/UneKHlNc0Y1drB
+r1HfiRR73lAIUXNG/iRGXyBLqvyyFPasZv/oBWmsJZqI2T8jlmdSZbMG66yWGMp9dKoJyb44fYGV
+lyo5j8arxyiXAEz4QIdoFhmm1k1wSQnJDHtYaxwpf72wywps9P6GLqGkg8z+sxPWEgP8QqZWhwNJ
+qAtVbNh+TDkBpXsCAwEAAaOCArYwggKyMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0G
+A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/
+lPswfgYDVR0jBHcwdYAUky3IYRitY+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRww
+GgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0
+aW9uIEF1dGhvcml0eYIBADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDov
+L2luY29tbW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRz
+LnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJh
+dGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlo
+dHRwOi8vaW5jb21tb25jcmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmww
+P6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVj
+cmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9p
+bmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJhY3RpY2VzLnBkZjAnBgNVHREEIDAe
+ghxmZWRvcC5pbmNvbW1vbmZlZGVyYXRpb24ub3JnMA0GCSqGSIb3DQEBBQUAA4IBAQDNwpH5FdVi
+qXKwN51xRQhSabH04DIFo9tnGWA/U2MOH1Gwh2Vt0JzlxZ5gZrsUM9gQBMLmifjxB29rY2xnhhjW
+FJhoTsI2F2KPav6W5Eqykq3yDV06oqNq0N0yMtB+og2yCIIZFvEG0wTKyv2n3bZqNaXz9r808b7p
+v/OVPW4HnmUtfFDg8q7C4Y2wbWqBYINkOi4lVbKzi2Sk5nVohuRGBja7eTYlpBP3nF+E/xb49JxQ
+AErc8wFZhJJdKNBnGWKOxelxC4nwda+g3mcc2T6REM0OUU7ArAlOdXW1eYNtflZe1G4qJ+6lTbpx
+8unyNnbIxDshbno8FbG0gIXOQ/4s
+</ds:X509Certificate>
+<ds:X509Certificate>
+MIIFmjCCBIKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMT
+SW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRo
+b3JpdHkwHhcNMDQwMzMwMjAzNDAwWhcNMTQwMzI5MjAzNDAwWjBWMQswCQYDVQQGEwJVUzEcMBoG
+A1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRGjKsUM2QAupLAaWx
+82/CWPalKjKFY8UPmz0T3gf7tJPztTy1Zq8pD0WFRLcQeSBKZGCu8upe8X966b6TZ5yuoUDA754I
+f0DWismuHNoMgRR/l0UvZmPWDGRWd3NBTB8/soLA4EbqFf5Xq8MOJKhPtzcDR33gtaAb3oilZ+ZT
+pnhTFFrn/qXrAKcSDBpuW2JRpi3xaF/hTPI097oUShOzD1Zj21UYLA6iSFVN+1wlfwilf2KFNK/+
+zbkCge6wgipZyXxaOAam6ncqmkxy+hy/OiJMmdB+6xkO0xXSBUUcqxJrOcUQhA1vntgb3q5zOJIS
+XhC4RAReA0HyBp/wd0iDAgMBAAGjggJxMIICbTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUw
+AwEB/zAdBgNVHQ4EFgQUky3IYRitY+ObZbOd3Y2TuufKY0UwfgYDVR0jBHcwdYAUky3IYRitY+Ob
+ZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNvbW1vbiBGZWRlcmF0
+aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADCBugYIKwYB
+BQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGaaHR0cDovL2luY29tbW9uY2ExLmluY29tbW9uZmVk
+ZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2NhLWNlcnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6
+aHR0cDovL2luY29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2Nh
+LWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25jcmwxLmluY29t
+bW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuGOWh0dHA6Ly9pbmNvbW1vbmNy
+bDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwvZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysG
+AQQBriMBBAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVkZXJh
+dGlvbi5vcmcvcHJhY3RpY2VzLnBkZjANBgkqhkiG9w0BAQUFAAOCAQEAZfgKUPA+Ky+Ou/vclMlF
+TMlUGspfbNSdG/fmIq+E/Lv1d2c73Am1zGhOpxgdkM8SE+BPnXW2rl71/N8gaqwgBBxkpwn410si
+umxlDTwV3HoVFvCGWylNy9o8OE1LyTCqfo8PRwrMzhwcagDgD813BIyjuJg/JQz1LnHMocIW/Jli
+gloSIzF1O435/+ckfWXQsmBIhvV5TmA3ZrcycrI1cHGEZqrCXL0FMZLSr+Vady/tFbVojqI8pSub
+SMxNkZectePTBjVj1Qeb4hmG8jRv/fwy1Iw6OFH8RKny8nQaO5mOe/fF/swEsMVU9TDpvLIgbhTw
+nP7Nhfotgaxf5wG8WA==
+</ds:X509Certificate>
+</ds:X509Data>
+</ds:KeyInfo></ds:Signature>
+  <Extensions>
+    <shibmd:KeyAuthority xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" VerifyDepth="5">
+      <!-- InCommon CA -->
+      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+        <ds:X509Data>
+          <ds:X509Certificate>
+MIIFmjCCBIKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEc
+MBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24g
+Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwMzMwMjAzNDAwWhcNMTQwMzI5
+MjAzNDAwWjBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJh
+dGlvbjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRGjKsUM2QAupLAaWx82/C
+WPalKjKFY8UPmz0T3gf7tJPztTy1Zq8pD0WFRLcQeSBKZGCu8upe8X966b6TZ5yu
+oUDA754If0DWismuHNoMgRR/l0UvZmPWDGRWd3NBTB8/soLA4EbqFf5Xq8MOJKhP
+tzcDR33gtaAb3oilZ+ZTpnhTFFrn/qXrAKcSDBpuW2JRpi3xaF/hTPI097oUShOz
+D1Zj21UYLA6iSFVN+1wlfwilf2KFNK/+zbkCge6wgipZyXxaOAam6ncqmkxy+hy/
+OiJMmdB+6xkO0xXSBUUcqxJrOcUQhA1vntgb3q5zOJISXhC4RAReA0HyBp/wd0iD
+AgMBAAGjggJxMIICbTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAd
+BgNVHQ4EFgQUky3IYRitY+ObZbOd3Y2TuufKY0UwfgYDVR0jBHcwdYAUky3IYRit
+Y+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNv
+bW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9u
+IEF1dGhvcml0eYIBADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGa
+aHR0cDovL2luY29tbW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdl
+L2NlcnRzL2NhLWNlcnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2lu
+Y29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2Nh
+LWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25j
+cmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuG
+OWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwv
+ZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUH
+AgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJh
+Y3RpY2VzLnBkZjANBgkqhkiG9w0BAQUFAAOCAQEAZfgKUPA+Ky+Ou/vclMlFTMlU
+GspfbNSdG/fmIq+E/Lv1d2c73Am1zGhOpxgdkM8SE+BPnXW2rl71/N8gaqwgBBxk
+pwn410siumxlDTwV3HoVFvCGWylNy9o8OE1LyTCqfo8PRwrMzhwcagDgD813BIyj
+uJg/JQz1LnHMocIW/JligloSIzF1O435/+ckfWXQsmBIhvV5TmA3ZrcycrI1cHGE
+ZqrCXL0FMZLSr+Vady/tFbVojqI8pSubSMxNkZectePTBjVj1Qeb4hmG8jRv/fwy
+1Iw6OFH8RKny8nQaO5mOe/fF/swEsMVU9TDpvLIgbhTwnP7Nhfotgaxf5wG8WA==
+          </ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+    </shibmd:KeyAuthority>
+  </Extensions>
+
+<EntityDescriptor entityID="urn:mace:incommon:internet2.edu">
+   <IDPSSODescriptor errorURL="https://origin.internet2.edu/error.html" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
+      <Extensions>
+         <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">internet2.edu</shibmd:Scope>
+      </Extensions>
+      <KeyDescriptor use="signing">
+         <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+            <ds:KeyName>origin.internet2.edu</ds:KeyName>
+         </ds:KeyInfo>
+      </KeyDescriptor>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+      <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://origin.internet2.edu/shibboleth/HS"/>
+   </IDPSSODescriptor>
+   <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+      <Extensions>
+         <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">internet2.edu</shibmd:Scope>
+      </Extensions>
+      <KeyDescriptor use="signing">
+         <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+            <ds:KeyName>origin.internet2.edu</ds:KeyName>
+         </ds:KeyInfo>
+      </KeyDescriptor>
+      <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://origin.internet2.edu:8443/shibboleth/AA"/>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+   </AttributeAuthorityDescriptor>
+   <Organization>
+      <OrganizationName xml:lang="en">Internet2</OrganizationName>
+      <OrganizationDisplayName xml:lang="en">Internet2</OrganizationDisplayName>
+      <OrganizationURL xml:lang="en"/>
+   </Organization>
+   <ContactPerson contactType="technical">
+      <GivenName>IJ Kim</GivenName>
+      <EmailAddress>ij@internet2.edu</EmailAddress>
+   </ContactPerson>
+</EntityDescriptor>
+
+  <EntityDescriptor entityID="urn:mace:incommon:dartmouth.edu">
+    <IDPSSODescriptor errorURL="http://giza.dartmouth.edu/shibboleth/error.html" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
+      <Extensions>
+        <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">dartmouth.edu</shibmd:Scope>
+      </Extensions>
+      <KeyDescriptor use="signing">
+        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+          <ds:KeyName>giza.dartmouth.edu</ds:KeyName>
+        </ds:KeyInfo>
+      </KeyDescriptor>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+      <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://giza.dartmouth.edu/shibboleth/HS"/>
+    </IDPSSODescriptor>
+    <AttributeAuthorityDescriptor errorURL="http://giza.dartmouth.edu/shibboleth/error.html" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+      <Extensions>
+        <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">dartmouth.edu</shibmd:Scope>
+      </Extensions>
+      <KeyDescriptor use="signing">
+        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+          <ds:KeyName>giza.dartmouth.edu</ds:KeyName>
+        </ds:KeyInfo>
+      </KeyDescriptor>
+      <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://giza.dartmouth.edu:8443/shibboleth/AA"/>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+    </AttributeAuthorityDescriptor>
+    <Organization>
+      <OrganizationName xml:lang="en">Dartmouth College</OrganizationName>
+      <OrganizationDisplayName xml:lang="en">Dartmouth College</OrganizationDisplayName>
+      <OrganizationURL xml:lang="en">http://www.dartmouth.edu/</OrganizationURL>
+    </Organization>
+    <ContactPerson contactType="administrative">
+      <GivenName>Robert Brentrup</GivenName>
+      <EmailAddress>Robert.J.Brentrup@dartmouth.edu</EmailAddress>
+    </ContactPerson>
+    <ContactPerson contactType="technical">
+      <GivenName>Robert Brentrup</GivenName>
+      <EmailAddress>Robert.J.Brentrup@dartmouth.edu</EmailAddress>
+    </ContactPerson>
+  </EntityDescriptor>
+  <EntityDescriptor entityID="urn:mace:incommon:rochester.edu">
+    <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
+      <Extensions>
+        <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">rochester.edu</shibmd:Scope>
+      </Extensions>
+      <KeyDescriptor use="signing">
+        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+          <ds:KeyName>shib.its.rochester.edu</ds:KeyName>
+        </ds:KeyInfo>
+      </KeyDescriptor>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+      <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shib.its.rochester.edu/shibboleth/HS"/>
+    </IDPSSODescriptor>
+    <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+      <Extensions>
+        <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">rochester.edu</shibmd:Scope>
+      </Extensions>
+      <KeyDescriptor use="signing">
+        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+          <ds:KeyName>shib.its.rochester.edu</ds:KeyName>
+        </ds:KeyInfo>
+      </KeyDescriptor>
+      <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shib.its.rochester.edu/shibboleth/AA"/>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+    </AttributeAuthorityDescriptor>
+    <Organization>
+      <OrganizationName xml:lang="en">University of Rochester</OrganizationName>
+      <OrganizationDisplayName xml:lang="en">University of Rochester</OrganizationDisplayName>
+      <OrganizationURL xml:lang="en">http://www.rochester.edu/</OrganizationURL>
+    </Organization>
+    <ContactPerson contactType="administrative">
+      <GivenName>Sean Singh</GivenName>
+      <EmailAddress>sean.singh@rochester.edu</EmailAddress>
+    </ContactPerson>
+    <ContactPerson contactType="technical">
+      <GivenName>Sean Singh</GivenName>
+      <EmailAddress>sean.singh@rochester.edu</EmailAddress>
+    </ContactPerson>
+    <ContactPerson contactType="technical">
+      <GivenName>Charles Yanaitis</GivenName>
+      <EmailAddress>charles.yanaitis@rochester.edu</EmailAddress>
+    </ContactPerson>
+  </EntityDescriptor>
+<EntityDescriptor entityID="urn:mace:incommon:osu.edu">
+   <IDPSSODescriptor errorURL="https://webauth.service.ohio-state.edu/support.html" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
+      <Extensions>
+         <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">osu.edu</shibmd:Scope>
+      </Extensions>
+      <KeyDescriptor use="signing">
+         <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+            <ds:KeyName>webauth.service.ohio-state.edu</ds:KeyName>
+         </ds:KeyInfo>
+      </KeyDescriptor>
+      <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://webauth.service.ohio-state.edu:8443/shibboleth/Artifact" index="1"/>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+      <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://webauth.service.ohio-state.edu/shibboleth/SSO"/>
+   </IDPSSODescriptor>
+   <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+      <Extensions>
+         <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">osu.edu</shibmd:Scope>
+      </Extensions>
+      <KeyDescriptor use="signing">
+         <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+            <ds:KeyName>webauth.service.ohio-state.edu</ds:KeyName>
+         </ds:KeyInfo>
+      </KeyDescriptor>
+      <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://webauth.service.ohio-state.edu:8443/shibboleth/AA"/>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+   </AttributeAuthorityDescriptor>
+   <Organization>
+      <OrganizationName xml:lang="en">The Ohio State University</OrganizationName>
+      <OrganizationDisplayName xml:lang="en">The Ohio State University</OrganizationDisplayName>
+      <OrganizationURL xml:lang="en">http://www.osu.edu/</OrganizationURL>
+   </Organization>
+   <ContactPerson contactType="technical">
+      <GivenName>Scott Cantor</GivenName>
+      <EmailAddress>cantor.2@osu.edu</EmailAddress>
+   </ContactPerson>
+   <ContactPerson contactType="administrative">
+      <GivenName>Scott Cantor</GivenName>
+      <EmailAddress>cantor.2@osu.edu</EmailAddress>
+   </ContactPerson>
+</EntityDescriptor>
+<EntityDescriptor entityID="urn:mace:incommon:uci.edu">
+   <IDPSSODescriptor errorURL="http://shib.nacs.uci.edu/error.html" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
+      <Extensions>
+         <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">uci.edu</shibmd:Scope>
+      </Extensions>
+      <KeyDescriptor use="signing">
+         <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+            <ds:KeyName>shib.nacs.uci.edu</ds:KeyName>
+         </ds:KeyInfo>
+      </KeyDescriptor>
+      <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shib.nacs.uci.edu/shibboleth-idp/Artifact" index="1"/>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+      <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shib.nacs.uci.edu/shibboleth-idp/SSO"/>
+   </IDPSSODescriptor>
+   <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+      <Extensions>
+         <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">uci.edu</shibmd:Scope>
+      </Extensions>
+      <KeyDescriptor use="signing">
+         <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+            <ds:KeyName>shib.nacs.uci.edu</ds:KeyName>
+         </ds:KeyInfo>
+      </KeyDescriptor>
+      <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shib.nacs.uci.edu:8443/shibboleth-idp/AA"/>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+   </AttributeAuthorityDescriptor>
+   <Organization>
+      <OrganizationName xml:lang="en">University of California-Irvine</OrganizationName>
+      <OrganizationDisplayName xml:lang="en">University of California-Irvine</OrganizationDisplayName>
+      <OrganizationURL xml:lang="en">http://www.uci.edu/</OrganizationURL>
+   </Organization>
+   <ContactPerson contactType="administrative">
+      <GivenName>Brian Roode</GivenName>
+      <EmailAddress>bgroode@uci.edu</EmailAddress>
+   </ContactPerson>
+   <ContactPerson contactType="technical">
+      <GivenName>Paul Main</GivenName>
+      <EmailAddress>pmain@uci.edu</EmailAddress>
+   </ContactPerson>
+</EntityDescriptor>
+
+  <EntityDescriptor entityID="urn:mace:incommon:buffalo.edu">
+    <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
+      <Extensions>
+        <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">buffalo.edu</shibmd:Scope>
+      </Extensions>
+      <KeyDescriptor use="signing">
+        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+          <ds:KeyName>shibboleth.buffalo.edu</ds:KeyName>
+        </ds:KeyInfo>
+      </KeyDescriptor>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+      <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shibboleth.buffalo.edu/shibboleth-ext/HS"/>
+    </IDPSSODescriptor>
+    <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+      <Extensions>
+        <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">buffalo.edu</shibmd:Scope>
+      </Extensions>
+      <KeyDescriptor use="signing">
+        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+          <ds:KeyName>shibboleth.buffalo.edu</ds:KeyName>
+        </ds:KeyInfo>
+      </KeyDescriptor>
+      <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibboleth.buffalo.edu:7443/shibboleth-ext/AA"/>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+    </AttributeAuthorityDescriptor>
+    <Organization>
+      <OrganizationName xml:lang="en">The State University of New York at Buffalo</OrganizationName>
+      <OrganizationDisplayName xml:lang="en">The State University of New York at Buffalo</OrganizationDisplayName>
+      <OrganizationURL xml:lang="en">http://www.buffalo.edu/</OrganizationURL>
+    </Organization>
+    <ContactPerson contactType="administrative">
+      <GivenName>Charles Dunn</GivenName>
+      <EmailAddress>chuck@buffalo.edu</EmailAddress>
+    </ContactPerson>
+    <ContactPerson contactType="technical">
+      <GivenName>John A Ball</GivenName>
+      <EmailAddress>auth-support@gory.acsu.buffalo.edu</EmailAddress>
+    </ContactPerson>
+    <ContactPerson contactType="technical">
+      <GivenName>Joel W. Murphy</GivenName>
+      <EmailAddress>jmurphy@buffalo.edu</EmailAddress>
+    </ContactPerson>
+  </EntityDescriptor>
+  <EntityDescriptor entityID="urn:mace:incommon:washington.edu">
+    <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
+      <Extensions>
+        <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">washington.edu</shibmd:Scope>
+      </Extensions>
+      <KeyDescriptor use="signing">
+        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+          <ds:KeyName>hs.so.cac.washington.edu</ds:KeyName>
+        </ds:KeyInfo>
+      </KeyDescriptor>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+      <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://hs.so.cac.washington.edu/shibboleth/HS"/>
+    </IDPSSODescriptor>
+    <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+      <Extensions>
+        <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">washington.edu</shibmd:Scope>
+      </Extensions>
+      <KeyDescriptor use="signing">
+        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+          <ds:KeyName>hs.so.cac.washington.edu</ds:KeyName>
+        </ds:KeyInfo>
+      </KeyDescriptor>
+      <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://aa.so.cac.washington.edu/shibboleth/AA"/>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+    </AttributeAuthorityDescriptor>
+    <Organization>
+      <OrganizationName xml:lang="en">University of Washington</OrganizationName>
+      <OrganizationDisplayName xml:lang="en">University of Washington</OrganizationDisplayName>
+      <OrganizationURL xml:lang="en">http://www.washington.edu/</OrganizationURL>
+    </Organization>
+    <ContactPerson contactType="administrative">
+      <GivenName>Nathan Dors</GivenName>
+      <EmailAddress>dors@cac.washington.edu</EmailAddress>
+    </ContactPerson>
+    <ContactPerson contactType="technical">
+      <GivenName>Nathan Dors</GivenName>
+      <EmailAddress>pubcookie@cac.washington.edu</EmailAddress>
+    </ContactPerson>
+  </EntityDescriptor>
+  <EntityDescriptor entityID="urn:mace:incommon:cornell.edu">
+    <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
+      <Extensions>
+        <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">cornell.edu</shibmd:Scope>
+      </Extensions>
+      <KeyDescriptor use="signing">
+        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+          <ds:KeyName>shiborigin.cit.cornell.edu</ds:KeyName>
+        </ds:KeyInfo>
+      </KeyDescriptor>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+      <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shiborigin.cit.cornell.edu/shibboleth/HS"/>
+    </IDPSSODescriptor>
+    <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+      <Extensions>
+        <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">cornell.edu</shibmd:Scope>
+      </Extensions>
+      <KeyDescriptor use="signing">
+        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+          <ds:KeyName>shiborigin.cit.cornell.edu</ds:KeyName>
+        </ds:KeyInfo>
+      </KeyDescriptor>
+      <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shiborigin.cit.cornell.edu:8443/shibboleth/AA"/>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+    </AttributeAuthorityDescriptor>
+    <Organization>
+      <OrganizationName xml:lang="en">Cornell University</OrganizationName>
+      <OrganizationDisplayName xml:lang="en">Cornell University</OrganizationDisplayName>
+      <OrganizationURL xml:lang="en">http://www.cornell.edu/</OrganizationURL>
+    </Organization>
+    <ContactPerson contactType="administrative">
+      <GivenName>Andrea Beesing</GivenName>
+      <EmailAddress>amb3@cornell.edu</EmailAddress>
+    </ContactPerson>
+    <ContactPerson contactType="technical">
+      <GivenName>Steve Edgar</GivenName>
+      <EmailAddress>se10@cornell.edu</EmailAddress>
+    </ContactPerson>
+    <ContactPerson contactType="technical">
+      <GivenName>Ron DiNapoli</GivenName>
+      <EmailAddress>rd29@cornell.edu</EmailAddress>
+    </ContactPerson>
+  </EntityDescriptor>
+<EntityDescriptor entityID="urn:mace:incommon:psu.edu">
+   <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
+      <Extensions>
+         <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">psu.edu</shibmd:Scope>
+      </Extensions>
+      <KeyDescriptor use="signing">
+         <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+            <ds:KeyName>as1.fim.psu.edu</ds:KeyName>
+         </ds:KeyInfo>
+      </KeyDescriptor>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+      <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://as1.fim.psu.edu/shibboleth-idp/SSO"/>
+   </IDPSSODescriptor>
+   <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+      <Extensions>
+         <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">psu.edu</shibmd:Scope>
+      </Extensions>
+      <KeyDescriptor use="signing">
+         <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+            <ds:KeyName>as1.fim.psu.edu</ds:KeyName>
+         </ds:KeyInfo>
+      </KeyDescriptor>
+      <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://as1.fim.psu.edu:8443/shibboleth-idp/AA"/>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+   </AttributeAuthorityDescriptor>
+   <Organization>
+      <OrganizationName xml:lang="en">The Pennsylvania State University</OrganizationName>
+      <OrganizationDisplayName xml:lang="en">The Pennsylvania State University</OrganizationDisplayName>
+      <OrganizationURL xml:lang="en">http://www.psu.edu/</OrganizationURL>
+   </Organization>
+   <ContactPerson contactType="technical">
+      <GivenName>Technical Staff</GivenName>
+      <EmailAddress>root@aset.psu.edu</EmailAddress>
+   </ContactPerson>
+   <ContactPerson contactType="administrative">
+      <GivenName>Kevin Morooney</GivenName>
+      <EmailAddress>kxm@psu.edu</EmailAddress>
+   </ContactPerson>
+   <ContactPerson contactType="technical">
+      <GivenName>Mark Miller</GivenName>
+      <EmailAddress>max@psu.edu</EmailAddress>
+   </ContactPerson>
+</EntityDescriptor>
+  <EntityDescriptor entityID="urn:mace:incommon:usc.edu">
+    <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
+      <Extensions>
+        <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">usc.edu</shibmd:Scope>
+      </Extensions>
+      <KeyDescriptor use="signing">
+        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+          <ds:KeyName>shib1.usc.edu</ds:KeyName>
+        </ds:KeyInfo>
+      </KeyDescriptor>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+      <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shib1.usc.edu/shibboleth/HS"/>
+    </IDPSSODescriptor>
+    <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+      <Extensions>
+        <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">usc.edu</shibmd:Scope>
+      </Extensions>
+      <KeyDescriptor use="signing">
+        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+          <ds:KeyName>shib1.usc.edu</ds:KeyName>
+        </ds:KeyInfo>
+      </KeyDescriptor>
+      <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shib1.usc.edu/shibboleth/AA"/>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+    </AttributeAuthorityDescriptor>
+    <Organization>
+      <OrganizationName xml:lang="en">University of Southern California</OrganizationName>
+      <OrganizationDisplayName xml:lang="en">University of Southern California</OrganizationDisplayName>
+      <OrganizationURL xml:lang="en">http://www.usc.edu/</OrganizationURL>
+    </Organization>
+    <ContactPerson contactType="administrative">
+      <GivenName>Cecelia E. Henderson</GivenName>
+      <EmailAddress>shelley@usc.edu</EmailAddress>
+    </ContactPerson>
+    <ContactPerson contactType="technical">
+      <GivenName>Phil Dibowitz</GivenName>
+      <EmailAddress>phil@usc.edu</EmailAddress>
+    </ContactPerson>
+  </EntityDescriptor>
+  <EntityDescriptor entityID="urn:mace:incommon:ucsd.edu">
+    <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
+      <Extensions>
+        <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">ucsd.edu</shibmd:Scope>
+      </Extensions>
+      <KeyDescriptor use="signing">
+        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+          <ds:KeyName>a4.ucsd.edu</ds:KeyName>
+        </ds:KeyInfo>
+      </KeyDescriptor>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+      <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://a4.ucsd.edu/tritON/HS"/>
+    </IDPSSODescriptor>
+    <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+      <Extensions>
+        <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">ucsd.edu</shibmd:Scope>
+      </Extensions>
+      <KeyDescriptor use="signing">
+        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+          <ds:KeyName>a4.ucsd.edu</ds:KeyName>
+        </ds:KeyInfo>
+      </KeyDescriptor>
+      <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://a4.ucsd.edu:8443/tritON/AA"/>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+    </AttributeAuthorityDescriptor>
+    <Organization>
+      <OrganizationName xml:lang="en">University of California-San Diego</OrganizationName>
+      <OrganizationDisplayName xml:lang="en">University of California-San Diego</OrganizationDisplayName>
+      <OrganizationURL xml:lang="en">http://www.ucsd.edu/</OrganizationURL>
+    </Organization>
+    <ContactPerson contactType="technical">
+      <GivenName>Crystal Harris</GivenName>
+      <EmailAddress>crys@ucsd.edu</EmailAddress>
+    </ContactPerson>
+    <ContactPerson contactType="administrative">
+      <GivenName>Anthony R. Wood</GivenName>
+      <EmailAddress>twood@ucsd.edu</EmailAddress>
+    </ContactPerson>
+    <ContactPerson contactType="technical">
+      <GivenName>Anthony R. Wood</GivenName>
+      <EmailAddress>twood@ucsd.edu</EmailAddress>
+    </ContactPerson>
+  </EntityDescriptor>
+  <EntityDescriptor entityID="urn:mace:incommon:ohio.edu">
+    <IDPSSODescriptor errorURL="https://shibboleth.ohio.edu" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
+      <Extensions>
+        <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">ohio.edu</shibmd:Scope>
+      </Extensions>
+      <KeyDescriptor use="signing">
+        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+          <ds:KeyName>shibboleth.ohio.edu</ds:KeyName>
+        </ds:KeyInfo>
+      </KeyDescriptor>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+      <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shibboleth.ohio.edu/shibboleth/HS"/>
+    </IDPSSODescriptor>
+    <AttributeAuthorityDescriptor errorURL="https://shibboleth.ohio.edu" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+      <Extensions>
+        <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">ohio.edu</shibmd:Scope>
+      </Extensions>
+      <KeyDescriptor use="signing">
+        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+          <ds:KeyName>shibboleth.ohio.edu</ds:KeyName>
+        </ds:KeyInfo>
+      </KeyDescriptor>
+      <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibboleth.ohio.edu:8443/shibboleth/AA"/>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+    </AttributeAuthorityDescriptor>
+    <Organization>
+      <OrganizationName xml:lang="en">Ohio University Main Campus</OrganizationName>
+      <OrganizationDisplayName xml:lang="en">Ohio University Main Campus</OrganizationDisplayName>
+      <OrganizationURL xml:lang="en">http://www.ohiou.edu/</OrganizationURL>
+    </Organization>
+    <ContactPerson contactType="administrative">
+      <GivenName>Todd Acheson</GivenName>
+      <EmailAddress>acheson@ohio.edu</EmailAddress>
+    </ContactPerson>
+    <ContactPerson contactType="technical">
+      <GivenName>Vitaliy Shipitsyn</GivenName>
+      <EmailAddress>vshipits@ohio.edu</EmailAddress>
+    </ContactPerson>
+    <ContactPerson contactType="technical">
+      <GivenName>David Alexander</GivenName>
+      <EmailAddress>alexandd@ohio.edu</EmailAddress>
+    </ContactPerson>
+  </EntityDescriptor>
+
+<EntityDescriptor entityID="https://getz.internet2.edu/shibboleth">
+   <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+      <KeyDescriptor>
+         <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+            <ds:KeyName>getz.internet2.edu</ds:KeyName>
+         </ds:KeyInfo>
+      </KeyDescriptor>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+      <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://getz.internet2.edu/Shibboleth.sso/SAML/POST" index="0"/>
+      <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="http://getz.internet2.edu/Shibboleth.shire" index="0"/>
+   </SPSSODescriptor>
+   <Organization>
+      <OrganizationName xml:lang="en">Internet2</OrganizationName>
+      <OrganizationDisplayName xml:lang="en">Internet2</OrganizationDisplayName>
+      <OrganizationURL xml:lang="en"/>
+   </Organization>
+   <ContactPerson contactType="technical">
+      <GivenName>IJ Kim</GivenName>
+      <EmailAddress>ij@internet2.edu</EmailAddress>
+   </ContactPerson>
+</EntityDescriptor>
+  <EntityDescriptor entityID="https://www.internet2.edu/shibboleth">
+    <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+      <KeyDescriptor>
+        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+          <ds:KeyName>www.internet2.edu</ds:KeyName>
+        </ds:KeyInfo>
+      </KeyDescriptor>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+      <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="http://www.internet2.edu/Shibboleth.shire" index="0"/>
+      <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://www.internet2.edu/Shibboleth.shire" index="1"/>
+    </SPSSODescriptor>
+    <Organization>
+      <OrganizationName xml:lang="en">Internet2 Web Site</OrganizationName>
+      <OrganizationDisplayName xml:lang="en">Internet2 Web Site</OrganizationDisplayName>
+      <OrganizationURL xml:lang="en">http://www.internet2.edu/</OrganizationURL>
+    </Organization>
+    <ContactPerson contactType="technical">
+      <GivenName>IJ Kim</GivenName>
+      <EmailAddress>ij@internet2.edu</EmailAddress>
+    </ContactPerson>
+  </EntityDescriptor>
+  <EntityDescriptor entityID="https://sdauth.sciencedirect.com/">
+    <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+      <KeyDescriptor>
+        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+          <ds:KeyName>sdauth.sciencedirect.com</ds:KeyName>
+        </ds:KeyInfo>
+      </KeyDescriptor>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+      <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://sdauth.sciencedirect.com/SHIRE" index="0"/>
+      <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://sdauth-cert3.sciencedirect.com/SHIRE" index="1"/>
+    </SPSSODescriptor>
+    <Organization>
+      <OrganizationName xml:lang="en">ScienceDirect</OrganizationName>
+      <OrganizationDisplayName xml:lang="en">ScienceDirect</OrganizationDisplayName>
+      <OrganizationURL xml:lang="en">http://www.sciencedirect.com/</OrganizationURL>
+    </Organization>
+    <ContactPerson contactType="technical">
+      <GivenName>Chris Shillum</GivenName>
+      <EmailAddress>c.shillum@elsevier.com</EmailAddress>
+    </ContactPerson>
+    <ContactPerson contactType="administrative">
+      <GivenName>Chris Shillum</GivenName>
+      <EmailAddress>c.shillum@elsevier.com</EmailAddress>
+    </ContactPerson>
+    <ContactPerson contactType="technical">
+      <GivenName>Tony Gast</GivenName>
+      <EmailAddress>tony.gast@lexisnexis.com</EmailAddress>
+    </ContactPerson>
+  </EntityDescriptor>
+
+
+<EntityDescriptor entityID="https://wiki.it.ohio-state.edu/shibboleth">
+   <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+      <KeyDescriptor>
+         <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+            <ds:KeyName>wiki.it.ohio-state.edu</ds:KeyName>
+         </ds:KeyInfo>
+      </KeyDescriptor>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+      <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://authdev.it.ohio-state.edu/twiki/Shibboleth.sso/SAML/Artifact" index="1" isDefault="true"/>
+      <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://wiki.it.ohio-state.edu/twiki/Shibboleth.sso/SAML/POST" index="2"/>
+      <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://wiki.it.ohio-state.edu/twiki/Shibboleth.sso/SAML/Artifact" index="3"/>
+      <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://authdev.it.ohio-state.edu/twiki/Shibboleth.sso/SAML/POST" index="4"/>
+   </SPSSODescriptor>
+   <Organization>
+      <OrganizationName xml:lang="en">The Ohio State University</OrganizationName>
+      <OrganizationDisplayName xml:lang="en">The Ohio State University</OrganizationDisplayName>
+      <OrganizationURL xml:lang="en">http://www.osu.edu/</OrganizationURL>
+   </Organization>
+   <ContactPerson contactType="administrative">
+      <GivenName>Webauth Technical Support Staff</GivenName>
+      <EmailAddress>webauth-admin@lists.acs.ohio-state.edu</EmailAddress>
+   </ContactPerson>
+   <ContactPerson contactType="technical">
+      <GivenName>Webauth Technical Support Staff</GivenName>
+      <EmailAddress>webauth-admin@lists.acs.ohio-state.edu</EmailAddress>
+   </ContactPerson>
+</EntityDescriptor>
+
+  <EntityDescriptor entityID="http://www.sciencedirect.com/">
+    <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+      <KeyDescriptor>
+        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+          <ds:KeyName>sdauth.sciencedirect.com</ds:KeyName>
+        </ds:KeyInfo>
+      </KeyDescriptor>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+      <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://sdauth.sciencedirect.com/SHIRE" index="0"/>
+    </SPSSODescriptor>
+    <Organization>
+      <OrganizationName xml:lang="en">ScienceDirect</OrganizationName>
+      <OrganizationDisplayName xml:lang="en">ScienceDirect</OrganizationDisplayName>
+      <OrganizationURL xml:lang="en">http://www.sciencedirect.com/</OrganizationURL>
+    </Organization>
+    <ContactPerson contactType="technical">
+      <GivenName>Tony Gast</GivenName>
+      <EmailAddress>tony.gast@lexisnexis.com</EmailAddress>
+    </ContactPerson>
+    <ContactPerson contactType="technical">
+      <GivenName>Chris Shillum</GivenName>
+      <EmailAddress>c.shillum@elsevier.com</EmailAddress>
+    </ContactPerson>
+    <ContactPerson contactType="administrative">
+      <GivenName>Tony Gast</GivenName>
+      <EmailAddress>tony.gast@lexisnexis.com</EmailAddress>
+    </ContactPerson>
+  </EntityDescriptor>
+<EntityDescriptor entityID="https://shib.dev.oclc.org/shibboleth">
+   <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+      <KeyDescriptor>
+         <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+            <ds:KeyName>shib.dev.oclc.org</ds:KeyName>
+         </ds:KeyInfo>
+      </KeyDescriptor>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+      <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="http://shib.dev.oclc.org:2080/Shibboleth.shire" index="1"/>
+      <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shib.dev.oclc.org:2443/Shibboleth.shire" index="2"/>
+   </SPSSODescriptor>
+   <Organization>
+      <OrganizationName xml:lang="en">Online Computer Library Center Inc.</OrganizationName>
+      <OrganizationDisplayName xml:lang="en">Online Computer Library Center Inc.</OrganizationDisplayName>
+      <OrganizationURL xml:lang="en">http://www.oclc.org</OrganizationURL>
+   </Organization>
+   <ContactPerson contactType="administrative">
+      <GivenName>Eva Marie Allen</GivenName>
+      <EmailAddress>allene@oclc.org</EmailAddress>
+   </ContactPerson>
+   <ContactPerson contactType="technical">
+      <GivenName>Eva Marie Allen</GivenName>
+      <EmailAddress>allene@oclc.org</EmailAddress>
+   </ContactPerson>
+</EntityDescriptor>
+
+<EntityDescriptor entityID="https://shib.oclc.org/shibboleth">
+   <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+      <KeyDescriptor>
+         <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+            <ds:KeyName>shib.oclc.org</ds:KeyName>
+         </ds:KeyInfo>
+      </KeyDescriptor>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+      <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shib.oclc.org:2443/Shibboleth.shire" index="1"/>
+      <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="http://shib.oclc.org:2080/Shibboleth.shire" index="2"/>
+   </SPSSODescriptor>
+   <Organization>
+      <OrganizationName xml:lang="en">Online Computer Library Center Inc.</OrganizationName>
+      <OrganizationDisplayName xml:lang="en">Online Computer Library Center Inc.</OrganizationDisplayName>
+      <OrganizationURL xml:lang="en">http://www.oclc.org</OrganizationURL>
+   </Organization>
+   <ContactPerson contactType="administrative">
+      <GivenName>Sharon Ramsay</GivenName>
+      <EmailAddress>shibboleth@oclc.org</EmailAddress>
+   </ContactPerson>
+   <ContactPerson contactType="technical">
+      <GivenName>Eva Marie Allen</GivenName>
+      <EmailAddress>shibboleth@oclc.org</EmailAddress>
+   </ContactPerson>
+   <ContactPerson contactType="technical">
+      <GivenName>Richard Scranton</GivenName>
+      <EmailAddress>shibboleth@oclc.org</EmailAddress>
+   </ContactPerson>
+</EntityDescriptor>
+
+  <EntityDescriptor entityID="https://shibtest.nac.uci.edu/cgi-bin/printenv">
+    <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+      <KeyDescriptor>
+        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+          <ds:KeyName>shibtest.nac.uci.edu</ds:KeyName>
+        </ds:KeyInfo>
+      </KeyDescriptor>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+      <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shibtest.nac.uci.edu/Shibboleth.shire" index="0"/>
+    </SPSSODescriptor>
+    <Organization>
+      <OrganizationName xml:lang="en">UCIs InCommon Demo Resource</OrganizationName>
+      <OrganizationDisplayName xml:lang="en">UCIs InCommon Demo Resource</OrganizationDisplayName>
+      <OrganizationURL xml:lang="en">http://www.uci.edu/</OrganizationURL>
+    </Organization>
+    <ContactPerson contactType="technical">
+      <GivenName>Paul Main</GivenName>
+      <EmailAddress>pmain@uci.edu</EmailAddress>
+    </ContactPerson>
+    <ContactPerson contactType="administrative">
+      <GivenName>Brian Roode</GivenName>
+      <EmailAddress>bgroode@uci.edu</EmailAddress>
+    </ContactPerson>
+  </EntityDescriptor>
+
+  <EntityDescriptor entityID="https://share.internet2.edu/shibboleth">
+    <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+      <KeyDescriptor>
+        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+          <ds:KeyName>share.internet2.edu</ds:KeyName>
+        </ds:KeyInfo>
+      </KeyDescriptor>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+      <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://share.internet2.edu/Shibboleth.shire" index="0"/>
+    </SPSSODescriptor>
+    <Organization>
+      <OrganizationName xml:lang="en">Internet2 Wiki</OrganizationName>
+      <OrganizationDisplayName xml:lang="en">Internet2 Wiki</OrganizationDisplayName>
+      <OrganizationURL xml:lang="en">http://www.internet2.edu/</OrganizationURL>
+    </Organization>
+    <ContactPerson contactType="technical">
+      <GivenName>IJ Kim</GivenName>
+      <EmailAddress>ij@internet2.edu</EmailAddress>
+    </ContactPerson>
+  </EntityDescriptor>
+<EntityDescriptor entityID="https://www.webassign.net/Shibboleth">
+   <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+      <KeyDescriptor>
+         <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+            <ds:KeyName>www.webassign.net</ds:KeyName>
+         </ds:KeyInfo>
+      </KeyDescriptor>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+      <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://www.webassign.net/Shibboleth.sso" index="0"/>
+   </SPSSODescriptor>
+   <Organization>
+      <OrganizationName xml:lang="en">WebAssign</OrganizationName>
+      <OrganizationDisplayName xml:lang="en">WebAssign</OrganizationDisplayName>
+      <OrganizationURL xml:lang="en">http://www.webassign.net/</OrganizationURL>
+   </Organization>
+   <ContactPerson contactType="technical">
+      <GivenName>Brian Marks</GivenName>
+      <EmailAddress>brian@webassign.net</EmailAddress>
+   </ContactPerson>
+</EntityDescriptor>
+<EntityDescriptor entityID="urn:mace:incommon:cornell.edu">
+   <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
+      <Extensions>
+         <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">cornell.edu</shibmd:Scope>
+      </Extensions>
+      <KeyDescriptor use="signing">
+         <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+            <ds:KeyName>shiborigin.cit.cornell.edu</ds:KeyName>
+         </ds:KeyInfo>
+      </KeyDescriptor>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+      <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shiborigin.cit.cornell.edu/shibboleth/HS"/>
+   </IDPSSODescriptor>
+   <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+      <Extensions>
+         <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">cornell.edu</shibmd:Scope>
+      </Extensions>
+      <KeyDescriptor use="signing">
+         <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+            <ds:KeyName>shiborigin.cit.cornell.edu</ds:KeyName>
+         </ds:KeyInfo>
+      </KeyDescriptor>
+      <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shiborigin.cit.cornell.edu:8443/shibboleth/AA"/>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+   </AttributeAuthorityDescriptor>
+   <Organization>
+      <OrganizationName xml:lang="en">Cornell University</OrganizationName>
+      <OrganizationDisplayName xml:lang="en">Cornell University</OrganizationDisplayName>
+      <OrganizationURL xml:lang="en">http://www.cornell.edu/</OrganizationURL>
+   </Organization>
+   <ContactPerson contactType="technical">
+      <GivenName>Todd Zino</GivenName>
+      <EmailAddress>tcz3@cornell.edu</EmailAddress>
+   </ContactPerson>
+   <ContactPerson contactType="technical">
+      <GivenName>Pete Bosanko</GivenName>
+      <EmailAddress>pb10@cornell.edu</EmailAddress>
+   </ContactPerson>
+   <ContactPerson contactType="administrative">
+      <GivenName>Andrea Beesing</GivenName>
+      <EmailAddress>amb3@cornell.edu</EmailAddress>
+   </ContactPerson>
+</EntityDescriptor>
+<EntityDescriptor entityID="urn:mace:incommon:case.edu">
+   <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
+      <Extensions>
+         <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">case.edu</shibmd:Scope>
+      </Extensions>
+      <KeyDescriptor use="signing">
+         <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+            <ds:KeyName>shibb.case.edu</ds:KeyName>
+         </ds:KeyInfo>
+      </KeyDescriptor>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+      <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shibb.case.edu/shibboleth/HS"/>
+   </IDPSSODescriptor>
+   <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+      <Extensions>
+         <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">case.edu</shibmd:Scope>
+      </Extensions>
+      <KeyDescriptor use="signing">
+         <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+            <ds:KeyName>shibb.case.edu</ds:KeyName>
+         </ds:KeyInfo>
+      </KeyDescriptor>
+      <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shibb.case.edu:8443/shibboleth/AA"/>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+   </AttributeAuthorityDescriptor>
+   <Organization>
+      <OrganizationName xml:lang="en">Case Western Reserve University</OrganizationName>
+      <OrganizationDisplayName xml:lang="en">Case Western Reserve University</OrganizationDisplayName>
+      <OrganizationURL xml:lang="en">http://www.cwru.edu/</OrganizationURL>
+   </Organization>
+   <ContactPerson contactType="technical">
+      <GivenName>Jeremy Smith</GivenName>
+      <EmailAddress>jeremy.smith@case.edu</EmailAddress>
+   </ContactPerson>
+   <ContactPerson contactType="technical">
+      <GivenName>David Kovacic</GivenName>
+      <EmailAddress>david.kovacic@case.edu</EmailAddress>
+   </ContactPerson>
+</EntityDescriptor>
+<EntityDescriptor entityID="https://www.e-education.psu.edu/shibboleth">
+   <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+      <KeyDescriptor>
+         <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+            <ds:KeyName>www.e-education.psu.edu</ds:KeyName>
+         </ds:KeyInfo>
+      </KeyDescriptor>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+      <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://www.e-education.psu.edu/Shibboleth.sso/SAML/POST" index="1"/>
+      <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://www.e-education.psu.edu/Shibboleth.sso/SAML/Artifact" index="2"/>
+   </SPSSODescriptor>
+   <Organization>
+      <OrganizationName xml:lang="en">The Pennsylvania State University</OrganizationName>
+      <OrganizationDisplayName xml:lang="en">The Pennsylvania State University</OrganizationDisplayName>
+      <OrganizationURL xml:lang="en">http://www.psu.edu/</OrganizationURL>
+   </Organization>
+   <ContactPerson contactType="technical">
+      <GivenName>Jeff Buechler</GivenName>
+      <EmailAddress>jdb11@psu.edu</EmailAddress>
+   </ContactPerson>
+   <ContactPerson contactType="administrative">
+      <GivenName>Jeff Wolfe</GivenName>
+      <EmailAddress>wolfe@ems.psu.edu</EmailAddress>
+   </ContactPerson>
+</EntityDescriptor>
+<EntityDescriptor entityID="https://angelshibaccept.ais.psu.edu/Shibboleth">
+   <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+      <KeyDescriptor>
+         <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+            <ds:KeyName>angelshibaccept.ais.psu.edu</ds:KeyName>
+         </ds:KeyInfo>
+      </KeyDescriptor>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+      <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://angelshibaccept.ais.psu.edu/Shibboleth/Shibboleth.shire" index="1"/>
+   </SPSSODescriptor>
+   <Organization>
+      <OrganizationName xml:lang="en">The Pennsylvania State University</OrganizationName>
+      <OrganizationDisplayName xml:lang="en">The Pennsylvania State University</OrganizationDisplayName>
+      <OrganizationURL xml:lang="en">http://www.psu.edu/</OrganizationURL>
+   </Organization>
+   <ContactPerson contactType="technical">
+      <GivenName>Andy Fisher</GivenName>
+      <EmailAddress>anf107@psu.edu</EmailAddress>
+   </ContactPerson>
+   <ContactPerson contactType="administrative">
+      <GivenName>Terry O'Heron</GivenName>
+      <EmailAddress>tno1@psu.edu</EmailAddress>
+   </ContactPerson>
+</EntityDescriptor>
+<EntityDescriptor entityID="https://shib.cms.psu.edu/Shibboleth">
+   <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+      <KeyDescriptor>
+         <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+            <ds:KeyName>shib.cms.psu.edu</ds:KeyName>
+         </ds:KeyInfo>
+      </KeyDescriptor>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+      <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shib.cms.psu.edu/Shibboleth/Shibboleth.shire" index="1"/>
+   </SPSSODescriptor>
+   <Organization>
+      <OrganizationName xml:lang="en">The Pennsylvania State University</OrganizationName>
+      <OrganizationDisplayName xml:lang="en">The Pennsylvania State University</OrganizationDisplayName>
+      <OrganizationURL xml:lang="en">http://www.psu.edu/</OrganizationURL>
+   </Organization>
+   <ContactPerson contactType="technical">
+      <GivenName>Andy Fisher</GivenName>
+      <EmailAddress>anf107@psu.edu</EmailAddress>
+   </ContactPerson>
+   <ContactPerson contactType="administrative">
+      <GivenName>Terry O'Heron</GivenName>
+      <EmailAddress>tno1@psu.edu</EmailAddress>
+   </ContactPerson>
+</EntityDescriptor>
+<EntityDescriptor entityID="https://shib.nacs.uci.edu/cgi-bin/printenv">
+   <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+      <KeyDescriptor>
+         <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+            <ds:KeyName>shib.nacs.uci.edu</ds:KeyName>
+         </ds:KeyInfo>
+      </KeyDescriptor>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+      <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://shib.nacs.uci.edu/Shibboleth.sso/SAML/POST" index="1"/>
+      <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://shib.nacs.uci.edu/Shibboleth.sso/SAML/Artifact" index="2"/>
+   </SPSSODescriptor>
+   <Organization>
+      <OrganizationName xml:lang="en">University of California-Irvine</OrganizationName>
+      <OrganizationDisplayName xml:lang="en">University of California-Irvine</OrganizationDisplayName>
+      <OrganizationURL xml:lang="en">http://www.uci.edu/</OrganizationURL>
+   </Organization>
+   <ContactPerson contactType="technical">
+      <GivenName>Paul Main</GivenName>
+      <EmailAddress>pmain@uci.edu</EmailAddress>
+   </ContactPerson>
+   <ContactPerson contactType="administrative">
+      <GivenName>Brian Roode</GivenName>
+      <EmailAddress>bgroode@uci.edu</EmailAddress>
+   </ContactPerson>
+</EntityDescriptor>
+<EntityDescriptor entityID="https://cms.psu.edu/Shibboleth">
+   <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+      <KeyDescriptor>
+         <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+            <ds:KeyName>cms.psu.edu</ds:KeyName>
+         </ds:KeyInfo>
+      </KeyDescriptor>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+      <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://cms.psu.edu/Shibboleth/Shibboleth.shire" index="1"/>
+   </SPSSODescriptor>
+   <Organization>
+      <OrganizationName xml:lang="en">The Pennsylvania State University</OrganizationName>
+      <OrganizationDisplayName xml:lang="en">The Pennsylvania State University</OrganizationDisplayName>
+      <OrganizationURL xml:lang="en">http://www.psu.edu/</OrganizationURL>
+   </Organization>
+   <ContactPerson contactType="technical">
+      <GivenName>Andy Fisher</GivenName>
+      <EmailAddress>anf107@psu.edu</EmailAddress>
+   </ContactPerson>
+   <ContactPerson contactType="administrative">
+      <GivenName>Terry O'Heron</GivenName>
+      <EmailAddress>tno1@psu.edu</EmailAddress>
+   </ContactPerson>
+</EntityDescriptor>
+<EntityDescriptor entityID="urn:mace:incommon:ucla.edu">
+   <IDPSSODescriptor errorURL="https://shb.ais.ucla.edu/shibboleth-idp/WAYFerror" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
+      <Extensions>
+         <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">ucla.edu</shibmd:Scope>
+      </Extensions>
+      <KeyDescriptor use="signing">
+         <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+            <ds:KeyName>shb.ais.ucla.edu</ds:KeyName>
+         </ds:KeyInfo>
+      </KeyDescriptor>
+      <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shb.ais.ucla.edu/shibboleth-idp/Artifact" index="1"/>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+      <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://shb.ais.ucla.edu/shibboleth-idp/SSO"/>
+   </IDPSSODescriptor>
+   <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+      <Extensions>
+         <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">ucla.edu</shibmd:Scope>
+      </Extensions>
+      <KeyDescriptor use="signing">
+         <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+            <ds:KeyName>shb.ais.ucla.edu</ds:KeyName>
+         </ds:KeyInfo>
+      </KeyDescriptor>
+      <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shb.ais.ucla.edu/shibboleth-idp/AA"/>
+      <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+   </AttributeAuthorityDescriptor>
+   <Organization>
+      <OrganizationName xml:lang="en">University of California-Los Angeles</OrganizationName>
+      <OrganizationDisplayName xml:lang="en">University of California-Los Angeles</OrganizationDisplayName>
+      <OrganizationURL xml:lang="en">http://www.ucla.edu/</OrganizationURL>
+   </Organization>
+   <ContactPerson contactType="technical">
+      <GivenName>Datta Mahabalagiri</GivenName>
+      <EmailAddress>datta@ais.ucla.edu</EmailAddress>
+   </ContactPerson>
+   <ContactPerson contactType="administrative">
+      <GivenName>Albert Wu</GivenName>
+      <EmailAddress>albertwu@ucla.edu</EmailAddress>
+   </ContactPerson>
+</EntityDescriptor>
+
+</EntitiesDescriptor>
\ No newline at end of file
diff --git a/samltest/saml2/metadata/FilesystemMetadataProviderTest.h b/samltest/saml2/metadata/FilesystemMetadataProviderTest.h
new file mode 100644
index 0000000..0ba7c17
--- /dev/null
+++ b/samltest/saml2/metadata/FilesystemMetadataProviderTest.h
@@ -0,0 +1,63 @@
+/*
+ *  Copyright 2001-2006 Internet2
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "internal.h"
+#include <saml/saml2/metadata/MetadataProvider.h>
+
+using namespace opensaml::saml2md;
+
+class FilesystemMetadataProviderTest : public CxxTest::TestSuite, public SAMLObjectBaseTestCase {
+    XMLCh* entityID;
+    XMLCh* supportedProtocol;
+    MetadataProvider* metadataProvider;
+
+public:
+    void setUp() {
+        entityID=XMLString::transcode("urn:mace:incommon:washington.edu");
+        supportedProtocol=XMLString::transcode("urn:oasis:names:tc:SAML:1.1:protocol");
+        
+        auto_ptr_XMLCh MP("MetadataProvider");
+        auto_ptr_XMLCh path("path");
+        auto_ptr_XMLCh validate("validate");
+        string s=data_path + "saml2/metadata/InCommon-metadata.xml";
+        auto_ptr_XMLCh file(s.c_str());
+        DOMDocument* doc=XMLToolingConfig::getConfig().getParser().newDocument();
+        XercesJanitor<DOMDocument> janitor(doc);
+        DOMElement* root=doc->createElementNS(NULL,MP.get());
+        root->setAttributeNS(NULL,path.get(),file.get());
+        root->setAttributeNS(NULL,validate.get(),XMLConstants::XML_ZERO);
+        metadataProvider = NULL;
+        metadataProvider = SAMLConfig::getConfig().MetadataProviderManager.newPlugin(FILESYSTEM_METADATA_PROVIDER,root);
+        metadataProvider->init();
+        
+        SAMLObjectBaseTestCase::setUp();
+    }
+    
+    void tearDown() {
+        XMLString::release(&entityID);
+        XMLString::release(&supportedProtocol);
+        delete metadataProvider;
+        SAMLObjectBaseTestCase::tearDown();
+    }
+
+    void testGetEntityDescriptor() {
+        Locker locker(metadataProvider);
+        const EntityDescriptor* descriptor = metadataProvider->lookup(entityID);
+        TSM_ASSERT("Retrieved entity descriptor was null", descriptor!=NULL);
+        assertEquals("Entity's ID does not match requested ID", entityID, descriptor->getEntityID());
+    }
+
+};
diff --git a/samltest/samltest.vcproj b/samltest/samltest.vcproj
index d6a1a21..6fb2d05 100644
--- a/samltest/samltest.vcproj
+++ b/samltest/samltest.vcproj
@@ -389,6 +389,14 @@
 						</File>
 					</Filter>
 				</Filter>
+				<Filter
+					Name="metadata"
+					>
+					<File
+						RelativePath=".\saml2\metadata\FilesystemMetadataProviderTest.cpp"
+						>
+					</File>
+				</Filter>
 			</Filter>
 		</Filter>
 		<Filter
@@ -1443,6 +1451,32 @@
 						</File>
 					</Filter>
 				</Filter>
+				<Filter
+					Name="metadata"
+					>
+					<File
+						RelativePath=".\saml2\metadata\FilesystemMetadataProviderTest.h"
+						>
+						<FileConfiguration
+							Name="Debug|Win32"
+							>
+							<Tool
+								Name="VCCustomBuildTool"
+								CommandLine="\perl\bin\perl.exe -w \cxxtest\cxxtestgen.pl --part --have-eh --have-std --abort-on-fail -o &quot;$(InputDir)$(InputName)&quot;.cpp &quot;$(InputPath)&quot;"
+								Outputs="&quot;$(InputDir)$(InputName)&quot;.cpp"
+							/>
+						</FileConfiguration>
+						<FileConfiguration
+							Name="Release|Win32"
+							>
+							<Tool
+								Name="VCCustomBuildTool"
+								CommandLine="\perl\bin\perl.exe -w \cxxtest\cxxtestgen.pl --part --have-eh --have-std --abort-on-fail -o &quot;$(InputDir)$(InputName)&quot;.cpp &quot;$(InputPath)&quot;"
+								Outputs="&quot;$(InputDir)$(InputName)&quot;.cpp"
+							/>
+						</FileConfiguration>
+					</File>
+				</Filter>
 			</Filter>
 		</Filter>
 		<Filter
diff --git a/samltest/signature/SAML1AssertionTest.h b/samltest/signature/SAML1AssertionTest.h
index d3d2d2d..1e6f14d 100644
--- a/samltest/signature/SAML1AssertionTest.h
+++ b/samltest/signature/SAML1AssertionTest.h
@@ -87,9 +87,10 @@ public:
         assertEquals(expectedChildElementsDOM, b->buildFromDocument(doc));
         
         try {
-            assertion->getSignature()->registerValidator(new SignatureProfileValidator());
-            assertion->getSignature()->registerValidator(new SignatureValidator(new KeyResolver(m_key->clone())));
-            assertion->getSignature()->validate(true);
+            SignatureProfileValidator spv;
+            SignatureValidator sv(new KeyResolver(m_key->clone()));
+            spv.validate(assertion->getSignature());
+            sv.validate(assertion->getSignature());
         }
         catch (XMLToolingException& e) {
             TS_TRACE(e.what());
diff --git a/samltest/signature/SAML1RequestTest.h b/samltest/signature/SAML1RequestTest.h
index 18870b0..b9390a7 100644
--- a/samltest/signature/SAML1RequestTest.h
+++ b/samltest/signature/SAML1RequestTest.h
@@ -86,9 +86,10 @@ public:
         assertEquals(expectedChildElementsDOM, b->buildFromDocument(doc));
         
         try {
-            request->getSignature()->registerValidator(new SignatureProfileValidator());
-            request->getSignature()->registerValidator(new SignatureValidator(new KeyResolver(m_key->clone())));
-            request->getSignature()->validate(true);
+            SignatureProfileValidator spv;
+            SignatureValidator sv(new KeyResolver(m_key->clone()));
+            spv.validate(request->getSignature());
+            sv.validate(request->getSignature());
         }
         catch (XMLToolingException& e) {
             TS_TRACE(e.what());
diff --git a/samltest/signature/SAML1ResponseTest.h b/samltest/signature/SAML1ResponseTest.h
index 592edc2..6c83b22 100644
--- a/samltest/signature/SAML1ResponseTest.h
+++ b/samltest/signature/SAML1ResponseTest.h
@@ -116,12 +116,13 @@ public:
         assertEquals(expectedChildElementsDOM, b->buildFromDocument(doc));
         
         try {
-            assertion->getSignature()->registerValidator(new SignatureProfileValidator());
-            assertion->getSignature()->registerValidator(new SignatureValidator(new KeyResolver(m_key->clone())));
-            assertion->getSignature()->validate(true);
-            response->getSignature()->registerValidator(new SignatureProfileValidator());
-            response->getSignature()->registerValidator(new SignatureValidator(new KeyResolver(m_key->clone())));
-            response->getSignature()->validate(true);
+            SignatureProfileValidator spv;
+            spv.validate(assertion->getSignature());
+            spv.validate(response->getSignature());
+
+            SignatureValidator sv(new KeyResolver(m_key->clone()));
+            sv.validate(assertion->getSignature());
+            sv.validate(response->getSignature());
         }
         catch (XMLToolingException& e) {
             TS_TRACE(e.what());
diff --git a/samltest/signature/SAML2AssertionTest.h b/samltest/signature/SAML2AssertionTest.h
index 124ade2..0245bce 100644
--- a/samltest/signature/SAML2AssertionTest.h
+++ b/samltest/signature/SAML2AssertionTest.h
@@ -95,9 +95,10 @@ public:
         assertEquals(expectedChildElementsDOM, b->buildFromDocument(doc));
         
         try {
-            assertion->getSignature()->registerValidator(new SignatureProfileValidator());
-            assertion->getSignature()->registerValidator(new SignatureValidator(new KeyResolver(m_key->clone())));
-            assertion->getSignature()->validate(true);
+            SignatureProfileValidator spv;
+            SignatureValidator sv(new KeyResolver(m_key->clone()));
+            spv.validate(assertion->getSignature());
+            sv.validate(assertion->getSignature());
         }
         catch (XMLToolingException& e) {
             TS_TRACE(e.what());