...
Add to Configuration: Add
authority_hintsin your issuer’s metadata configuration:Code Block language yml authority_hints: - "https://openidfed-test-1.sunet.se:7001"Purpose: This parameter establishes hierarchical trust relationships from your issuer to the Trust Anchor.
...
The following Trust Marks are available for issuance:
EHIC Credential:
idID:
http://dc4eu.example.com/EHICCredential/se
PDA1 Credential:
id:
http://dc4eu.example.com/PDA1Credential/se
Issuing Trust Marks
Inputs to Trust Mark Issuer:
id: The identifier for the Trust Mark (e.g.,http://dc4eu.example.com/EHICCredential/se).sub: The entity's unique identifier (entity_id).
Steps:
- Contact the Trust Mark Issuer:
https://openidfed-test-1.sunet.se:6001TBD - Supply the
idandsubto the Trust Mark Issuer. - Retrieve the issued Trust Mark as a signed JWT.
- Contact the Trust Mark Issuer:
Validation:
- Use a JWT library to verify the Trust Mark's signature using the Trust Mark Issuer's public key:
- Retrieve public keys from the Trust Mark Issuer's
.well-known/jwks.jsonendpoint. - Validate claims such as
iss,sub,id, andiatfor compliance.
- Retrieve public keys from the Trust Mark Issuer's
- Use a JWT library to verify the Trust Mark's signature using the Trust Mark Issuer's public key:
Include in Metadata: Add issued Trust Marks to your issuer’s metadata:
trust_marks: - "eyJhbGciOiJIUzI1NiIsInR..." - "eyJhbGciOiJIUzI1NiIsInR..."
...