Versions Compared

Old Version 12

changes.mady.by.user Stefan Halen

Saved on

compared with

New Version 13

changes.mady.by.user Stefan Halen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Fetching and Validating Trust Marks:

Trust Marks are also represented as JWTs and must be validated before use. Retrieve them from the Entity Configuration Document of the entity they apply to. Trust Marks are included in the metadata under the trust_marks claim.

The validation process of the Trust Mark’s signature aligns with the steps outlined in Validating Metadata Signatures:.

Fetch the Trust Mark Issuer’s Metadata:

...

  • Use the validated public keys of the Trust Mark Issuer to verify the cryptographic signature of the Trust Mark JWT.
  • Confirm that the Trust Mark is valid and applies to the intended entity.

Inspecting Decoded JSON:

  • After validation, use tools like jq to explore the JSON payload:

    Code Block
    languagebash
    echo '<Decoded JSON>' | jq

Security Notes:

Always validate JWT signatures using trusted public keys before using the data. Ensure the key’s kid (Key ID) in the JWT header matches a key in the jwks.json document.