Disclaimer
This document provides a practical overview of key processes related to metadata and Trust Mark validation in the OpenID Federation. It is not exhaustive and does not cover all aspects of the OpenID Federation 1.0 specification. For complete details, including advanced use cases and comprehensive workflows, refer to the OpenID Federation 1.0 specification.
Implementers are advised to consult the official specification to ensure full compliance and alignment with federation standards.
...
Table of Contents
Introduction
...
- Definition: A set of public keys in JSON format, typically published at /.well-known/jwks.json.
- Purpose: Used for verifying the signatures of JWTs.
...
- Role: The Trust Mark Issuer (TMI) certifies entities’ compliance with federation policies by issuing cryptographic Trust Marks.
- Endpoint:
https://openidfed-test-1.sunet.se:6001 - Notes: The TMI’s public keys for verifying Trust Marks are Metadata for the TMI is accessible at: https://openidfed-test-1.sunet.se:6001/.well-known/jwks.json openid-federation
...
Wallet Provider
- Role: Acts as the intermediary for wallets to interact with the federation, supporting Wallet Instance registration.
- Endpoint:
https://openidfed-test-1.sunet.se:5001 - Notes: Metadata for the Wallet Provider is accessible at:
https://openidfed-test-1.sunet.se:5001/.well-known/openid-federation
...
Credential Issuer
- Role: Issues credentials (e.g., EHIC, PDA1) to wallets upon successful interaction.
- Endpoint:
https://satosa-test-1.sunet.se/ - Notes: Supports credential issuance based on OpenID4VCI protocols.
...