This section contains multiple records, one for each trusted assertion issuer. It contains issuer identifier, local issuer identifier, symmetric key, and whether a public key certificate also exists or not.

The issuer identifier is the value presented in the "issuer" attribute of "<saml:Assertion>" element in the WSSE security header.

The local issuer identifier is the abbreviated name for the issuer. The purpose is to make any long issuer identifier become shorter and easier to memorize, but still remain locally unique. This data is optional; if it exists and a certificate also exists, then the certificate must take the name of this local issuer identifier with 'pem" as file extension.

The symmetric key is the shared secret that issuer used to sign the assertion. This data is optional. The length of the key also dictates which algorithm can be used for signing.

The public key certificate exists field tells whether a public key certificate exists. If it exists, the certificate should be located in the folder specified by the "CertPath" element. This field can be true while the symmetric key field also exists. At runtime, GWWS detects which key to use to validate the signature.