3.3.3 Initialization

Before protocol messages can be exchanged, a relying party MUST exchange metadata with requestor IP/STSs and initialize federation partner records for them in local configuration data, as specified in section 3.1.1.2.

To service protocol messages, a relying party MUST be listening for requests at the URL it has advertised to federation partners.

To service wsignin1.0 response messages, a relying party SHOULD<72> have network access to the certificate revocation list (CRL) distribution point (CDP) contained in X.509 certificates obtained from federation partners for the purpose of validating security token signatures, as specified in section 3.1.1.2.

The protocol does not require specific initialization upon receipt of a protocol message.