[openid-specs-rande] Trust marks

Roland Hedberg roland at catalogix.se
Wed Feb 19 14:31:14 UTC 2020 

Hi!

New topic to discuss.

Taken from the OIDC federation draft specification (section 4.3):
In this specification we use the US NSTIC definition

"A trustmark is used to indicate that a product or service provider has met the requirements of the Identity Ecosystem, as determined by an accreditation authority"

Technically trust marks as used by this specification are signed JWTs that represents a statement of conformance to a well-scoped set of trust and/or interoperability requirements.

The trust marks are signed by a federation accredited authority.

Examples on possible trust marks could be:

- OIDC protocol conformance
- SIRTFI compliance
- Entity category compliance (R&S, CoCo, ..)
- …

I am sure you can come up with more examples.

Some trust marks can be self-signed, some MUST be signed by a trusted 3rd party.

Examples of trust marks can be 

self-signed (OIDC protocol conformance)
{
  "iss": "https://example.com/op",
  "sub": "https://example.com/op",
  "iat": 1579621160,
  "id": "https://openid.net/certification/op",
  "mark": "http://openid.net/wordpress-content/uploads/2016/05/oid-l-certification-mark-l-cmyk-150dpi-90mm.jpg",
  "ref": "https://openid.net/wordpress-content/uploads/2015/09/RolandHedberg-pyoidc-0.7.7-Basic-26-Sept-2015.zip"
}
and by trusted 3rd party

{
  "iss": "https://swamid.sunet.se",
  "sub": "https://umu.se/op",
  "iat": 1577833200,
  "exp": 1609369200,
  "id": "https://refeds.org/wp-content/uploads/2016/01/Sirtfi-1.0.pdf",
}
I’d like us to discuss these things:

1) are the trust mark properties listed in the specification sufficient ?
2) I assume that there will be a small set of commonly known trust mark IDs. We should agree on who those are.

I have a side meeting on Friday at TNC20 and this is one of the things I will bring up there.
See no reason to wait until then with starting this discussion though.

— Roland

The higher up you go, the more mistakes you are allowed. Right at the top, if you make enough of them, it's considered to be your style. 
-Fred Astaire, dancer, actor, singer, musician, and choreographer (10 May 1899-1987)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-rande/attachments/20200219/3cf925db/attachment.html>

More information about the openid-specs-rande mailing list