Page History

Versions Compared

Key

This line was added.
This line was removed.
Formatting was changed.

...

URL: https://trust-anchor.oidf.swefed.se (co-located with TA)
Role: The Resolver builds trust chains using authority_hints and validates signatures up to the TA.
Endpoint: /resolve.

...

URL: https://intermediate.oidf.swefed.se
Role: Aggregates and distributes metadata.
Provides federation endpoints: fetch, list, resolve.
Declares the Trust Anchor in authority_hints.

OpenID Provider

URL: https://op.oidf.swefed.se
Role: Provides authentication and token services.
Publishes OP metadata in the metadata.openid_provider section.
Trust is established dynamically through its Entity Configuration and chain to the TA.

Relying Party

URL: https://rp.oidf.swefed.se
Role: Consumes tokens and user information from OPs.
Publishes RP metadata in the metadata.openid_relying_party section.
Trust is established dynamically through its Entity Configuration and chain to the TA.

Usage Notes

All nodes expose their Entity Configuration at /.well-known/openid-federation.
Trust chains must always be validated against the Trust Anchor.
JWT signatures must be verified with the published keys from trusted entities.
Trust Marks must be validated against the Trust Mark Issuer’s published metadata.

...