Interacting with the Trust Services APIs

[DeiGratia33]

Third Party Provider End To End User Guide

• We are including the SS_id at the DN so we need to inform that tls_client_auth_subject_dn is the expected format. Include the usage of private_key_jwt as na possible method too.

[RalphBragg]

The TPP and ASPSP user guides are very much early drafts. Both examples will be done. Feel free to promote a section highlighting the problems with tls_client_auth_subject_dn and how it is presented by Banks terminating proxies to an OpenID Provider.

Technically this is a Banks problem to sort out, not a TPP. https://datatracker.ietf.org/doc/html/rfc4514 Makes it very clear that the additional OIDs not outlined in this spec MAY be included as string values but in reality the majority of Banks TLS termination devices will not parse and correctly present DN's to Open ID Providers.

This means that we have to explicity tell banks to accept and parse both the string and / or OID representation of all components of a DN. This will be done in the security profile as we will need to write a specific test for it.

[RalphBragg]

This has been included in latest draft of the dynamic client registration profile and includes references to the drafts.