Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Publish Metadata
    • Make the Issuer's metadata available at the following URL:
      https://<issuer-entity-id>/.well-known/openid-federation
  • Share the Entity ID
    • Once the metadata is published, provide the `entity_id` to the Superior Entity.
    • The Superior Entity will retrieve the metadata from the `/.well-known/openid-federation` endpoint and complete the registration process.
  • Obtain Approval
    • The Superior Entity must approve the Issuer's inclusion in the federation.
    • If additional details are required, ensure they are provided as per the federation's guidelines.

...

  • EHIC Credential:

    • ID: http://dc4eu.example.com/EHICCredential/se

  • PDA1 Credential:

    • idID: http://dc4eu.example.com/PDA1Credential/se

...

  1. Inputs to Trust Mark Issuer:

    • id: The identifier for the Trust Mark (e.g., http://dc4eu.example.com/EHICCredential/se).
    • sub: The entity's unique identifier ( entity_id).
  2. Steps:

    • Supply the id and sub to the Trust Mark Issuer.

    • Retrieve the issued Trust Mark as a signed JWT.

  3. Validation:

    • Use a JWT library to verify the Trust Mark's signature using the Trust Mark Issuer's public key:
      • Retrieve public keys from the Trust Mark Issuer's /.well-known/jwks.json endpoint.
      • Validate claims such as iss, sub, id, and iat for compliance.
  4. Include in Metadata: Add issued Trust Marks to your issuer’s metadata:

    Code Block
    languageyml
    trust_marks:
      - "eyJhbGciOiJIUzI1NiIsInR..."
      - "eyJhbGciOiJIUzI1NiIsInR..."


...