[Openid-specs-ab] Issue #1388: Trust Mark Introspection (openid/connect)

[rolandh]

New issue 1388: Trust Mark Introspection
https://bitbucket.org/openid/connect/issues/1388/trust-mark-introspection

Roland  Hedberg:

I think it’s reasonable to assume that some of not all Trust Marks will stop being active for some reason. They might for instance have an expiration time or they might be revoked.

Regarding the former that is covered by having the expiration time in the trust mark as is now defined [here](https://openid.net/specs/openid-connect-federation-1_0.html#rfc.section.5.3.1).

When it comes to it being revoked we don’t have a convenient way of doing it right now.

That is why I proposed that we add an operation called trust\_mark to the ones we already have.

There are 4 items of informationen that together uniquely defines a trust mark

* iss
* sub
* id
* iat 

If we assume that the host hosting the endpoint is the same as the trust mark issuer then iss is implicit. The rest would be mandatory. An example of a request would then be:

```html
GET /status_endpoint?
sub=https%3A%2F%2Fopenid.sunet.se%2FRP
&id=https%3A%2F%2Frefeds.org%2Fsirtfi
&iat=1640776883
HTTP/1.1
Host: operations.swamid.se
```

And a response:

```
200 OK
Last-Modified: Wed, 29 Dec 2021 12:23:56 GMT
Content-Type: application/json

{
  "active"=true
}
```

Having the respons be JSON allows for easy addition of extra information.

‌

Responsible: Roland  Hedberg