<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Hi!<div class=""><br class=""></div><div class="">New topic to discuss.</div><div class=""><br class=""></div><div class="">Taken from the OIDC federation draft specification (section 4.3):</div><div class=""><p id="rfc.section.4.3.p.1" style="margin-left: 2em; margin-right: 2em; font-family: verdana, helvetica, arial, sans-serif; font-size: 13.333333015441895px;" class="">In this specification we use the US NSTIC definition</p><p id="rfc.section.4.3.p.2" style="margin-left: 2em; margin-right: 2em; font-family: verdana, helvetica, arial, sans-serif; font-size: 13.333333015441895px;" class="">"A trustmark is used to indicate that a product or service provider has met the requirements of the Identity Ecosystem, as determined by an accreditation authority"</p><p id="rfc.section.4.3.p.3" style="margin-left: 2em; margin-right: 2em; font-family: verdana, helvetica, arial, sans-serif; font-size: 13.333333015441895px;" class="">Technically trust marks as used by this specification are signed JWTs that represents a statement of conformance to a well-scoped set of trust and/or interoperability requirements.</p><p id="rfc.section.4.3.p.4" style="margin-left: 2em; margin-right: 2em; font-family: verdana, helvetica, arial, sans-serif; font-size: 13.333333015441895px;" class="">The trust marks are signed by a federation accredited authority.</p><div class="">Examples on possible trust marks could be:</div></div><div class=""><br class=""></div><div class="">- OIDC protocol conformance</div><div class="">- SIRTFI compliance</div><div class="">- Entity category compliance (R&S, CoCo, ..)</div><div class="">- …</div><div class=""><br class=""></div><div class="">I am sure you can come up with more examples.</div><div class=""><br class=""></div><div class="">Some trust marks can be self-signed, some MUST be signed by a trusted 3rd party.</div><div class=""><br class=""></div><div class="">Examples of trust marks can be </div><div class=""><br class=""></div><div class="">self-signed (OIDC protocol conformance)</div><div class=""><pre style="margin-left: 3em; background-color: lightyellow; padding: 0.25em; font-size: 13.333333015441895px;" class=""><font face="Helvetica" class="">{
"iss": "<a href="https://example.com/op" class="">https://example.com/op</a>",
"sub": "<a href="https://example.com/op" class="">https://example.com/op</a>",
"iat": 1579621160,
"id": "<a href="https://openid.net/certification/op" class="">https://openid.net/certification/op</a>",
"mark": "<a href="http://openid.net/wordpress-content/uploads/2016/05/oid-l-certification-mark-l-cmyk-150dpi-90mm.jpg" class="">http://openid.net/wordpress-content/uploads/2016/05/oid-l-certification-mark-l-cmyk-150dpi-90mm.jpg</a>",
"ref": "<a href="https://openid.net/wordpress-content/uploads/2015/09/RolandHedberg-pyoidc-0.7.7-Basic-26-Sept-2015.zip" class="">https://openid.net/wordpress-content/uploads/2015/09/RolandHedberg-pyoidc-0.7.7-Basic-26-Sept-2015.zip</a>"
}</font></pre><div class="">and by trusted 3rd party</div></div><div class=""><br class=""></div><div class=""><pre style="margin-left: 3em; background-color: lightyellow; padding: 0.25em; font-size: 13.333333015441895px;" class=""><font face="Helvetica" class="">{
"iss": "<a href="https://swamid.sunet.se" class="">https://swamid.sunet.se</a>",
"sub": "<a href="https://umu.se/op" class="">https://umu.se/op</a>",
"iat": 1577833200,
"exp": 1609369200,
"id": "<a href="https://refeds.org/wp-content/uploads/2016/01/Sirtfi-1.0.pdf" class="">https://refeds.org/wp-content/uploads/2016/01/Sirtfi-1.0.pdf</a>",
}</font></pre><div class="">I’d like us to discuss these things:</div></div><div class=""><br class=""></div><div class="">1) are the trust mark properties listed in the specification sufficient ?</div><div class="">2) I assume that there will be a small set of commonly known trust mark IDs. We should agree on who those are.</div><div class=""><br class=""></div><div class="">I have a side meeting on Friday@TNC20 and this is one of the things I will bring up there.</div><div class="">See no reason to wait until then with starting this discussion though.</div><div class=""><br class=""></div><div class=""><div class="">
<div dir="auto" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">— Roland</div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><br class=""></div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">The higher up you go, the more mistakes you are allowed. Right at the top, if you make enough of them, it's considered to be your style. </div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">-Fred Astaire, dancer, actor, singer, musician, and choreographer (10 May 1899-1987)</div></div>
</div>
<br class=""></div></body></html>