[openid-specs-rande] Trust marks

Wed Feb 19 15:12:30 UTC 2020

Hi Roland,

It sounds like a very interesting topic for the WG and... a great way to
resume more regular meetings ;-)

So, I'll send an invite for the next Monday 24th Feb 3PM UTC on
https://app.gotomeeting.com/?meetingId=456253885

Thanks!
Davide

On 19/02/20 15:31, Roland Hedberg wrote:
> Hi!
> 
> New topic to discuss.
> 
> Taken from the OIDC federation draft specification (section 4.3):
> 
> In this specification we use the US NSTIC definition
> 
> "A trustmark is used to indicate that a product or service provider has
> met the requirements of the Identity Ecosystem, as determined by an
> accreditation authority"
> 
> Technically trust marks as used by this specification are signed JWTs
> that represents a statement of conformance to a well-scoped set of trust
> and/or interoperability requirements.
> 
> The trust marks are signed by a federation accredited authority.
> 
> Examples on possible trust marks could be:
> 
> - OIDC protocol conformance
> - SIRTFI compliance
> - Entity category compliance (R&S, CoCo, ..)
> - …
> 
> I am sure you can come up with more examples.
> 
> Some trust marks can be self-signed, some MUST be signed by a trusted
> 3rd party.
> 
> Examples of trust marks can be 
> 
> self-signed (OIDC protocol conformance)
> 
> { "iss": "https://example.com/op", "sub": "https://example.com/op",
> "iat": 1579621160, "id": "https://openid.net/certification/op", "mark":
> "http://openid.net/wordpress-content/uploads/2016/05/oid-l-certification-mark-l-cmyk-150dpi-90mm.jpg",
> "ref":
> "https://openid.net/wordpress-content/uploads/2015/09/RolandHedberg-pyoidc-0.7.7-Basic-26-Sept-2015.zip"
> }
> 
> and by trusted 3rd party
> 
> { "iss": "https://swamid.sunet.se", "sub": "https://umu.se/op", "iat":
> 1577833200, "exp": 1609369200, "id":
> "https://refeds.org/wp-content/uploads/2016/01/Sirtfi-1.0.pdf", }
> 
> I’d like us to discuss these things:
> 
> 1) are the trust mark properties listed in the specification sufficient ?
> 2) I assume that there will be a small set of commonly known trust mark
> IDs. We should agree on who those are.
> 
> I have a side meeting on Friday at TNC20 and this is one of the things I
> will bring up there.
> See no reason to wait until then with starting this discussion though.
> 
> — Roland
> 
> The higher up you go, the more mistakes you are allowed. Right at the
> top, if you make enough of them, it's considered to be your style. 
> -Fred Astaire, dancer, actor, singer, musician, and choreographer (10
> May 1899-1987)
> 
> 

-- 
Davide Vaghetti
Consortium GARR
Tel: +390502213158
Mobile: +393357779542
Skype: daserzw

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4136 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-specs-rande/attachments/20200219/0ac223fa/attachment.p7s>