...
- Publish Metadata
- Make the Issuer's metadata available at the following URL:
https://<issuer-entity-id>/.well-known/openid-federation
- Make the Issuer's metadata available at the following URL:
- Share the Entity ID
- Once the metadata is published, provide the `entity_id` to the Superior Entity.
- The Superior Entity will retrieve the metadata from the `/.well-known/openid-federation` endpoint and complete the registration process.
- Obtain Approval
- The Superior Entity must approve the Issuer's inclusion in the federation.
- If additional details are required, ensure they are provided as per the federation's guidelines.
...
EHIC Credential:
ID: http://dc4eu.example.com/EHICCredential/se
PDA1 Credential:
idID: http://dc4eu.example.com/PDA1Credential/se
...
Inputs to Trust Mark Issuer:
id
: The identifier for the Trust Mark (e.g.,http://dc4eu.example.com/EHICCredential/se
).sub
: The entity's unique identifier ( entity_id).
Steps:
Supply the
id
andsub
to the Trust Mark Issuer.Retrieve the issued Trust Mark as a signed JWT.
Validation:
- Use a JWT library to verify the Trust Mark's signature using the Trust Mark Issuer's public key:
- Retrieve public keys from the Trust Mark Issuer's /.well-known/jwks.json endpoint.
- Validate claims such as
iss
,sub
,id
, andiat
for compliance.
- Use a JWT library to verify the Trust Mark's signature using the Trust Mark Issuer's public key:
Include in Metadata: Add issued Trust Marks to your issuer’s metadata:
Code Block language yml trust_marks: - "eyJhbGciOiJIUzI1NiIsInR..." - "eyJhbGciOiJIUzI1NiIsInR..."
...