Versions Compared

Old Version 18

changes.mady.by.user Stefan Halen

Saved on

compared with

New Version 19

changes.mady.by.user Stefan Halen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • URL: https://trust-anchor.oidf.swefed.se (co-located with TA)
  • Role: The Resolver builds trust chains using authority_hints and validates signatures up to the TA.
  • Endpoint: /resolve.

...

  • URL: https://op.oidf.swefed.se
  • Role: Provides authentication and token services.
  • Publishes OP metadata in the metadata.openid_provider section.
  • Trust is established dynamically through its Entity Configuration and chain to the TA.

Relying Party

  • URL: https://rp.oidf.swefed.se
  • Role: Consumes tokens and user information from OPs.
  • Publishes RP metadata in the metadata.openid_relying_party section.
  • Trust is established dynamically through its Entity Configuration and chain to the TA.

Usage Notes

  • All nodes expose their Entity Configuration at /.well-known/openid-federation.
  • Trust chains must always be validated against the Trust Anchor.
  • JWT signatures must be verified with the published keys from trusted entities.
  • Trust Marks must be validated against the Trust Mark Issuer’s published metadata.

Entity Integration

This section explains how to connect an entity to the Swefed Sandbox Trust Infrastructure. It covers metadata exposure, configuration of trust anchors, authority hints, and trust marks.

...