Add Trust Anchors to "ProviderAuthority"

In order to make Merchant on-boarding simpler, ProviderAuthority objects could be augmented with trust anchors:

{
    "@context": "http://webpki.org/saturn/v3",
    "@qualifier": "ProviderAuthority",
    "httpVersion": "HTTP/1.1",
    "authorityUrl": "https://payments.mybank.com/authority",
    "homePage": "https://mybank.com",
    "serviceUrl": "https://payments.mybank.com/service",
    "extensions": {
        "http://webpki.org/saturn/v3/extensions#hybrid": "https://payments.mybank.com/hybridpay"
    },
    "paymentMethods": ["https://sepa.payments.org","https://ultragiro.se"],
    "signatureProfiles": ["http://webpki.org/saturn/v3/signatures#P-256.ES256"],
    "encryptionParameters": [{
        "dataEncryptionAlgorithm": "A128CBC-HS256",
        "keyEncryptionAlgorithm": "ECDH-ES",
        "publicKey": {
            "kty": "EC",
            "crv": "P-256",
            "x": "TfCrhFwZRU_ea7lUWwRi3HkuyT2yF9IxN5xKh2khjlk",
            "y": "nZFwxLP0TvFXD2xPKzRTIGevgLjpiMw2BP86hszj5x4"
        }
    }],
    "trustAnchors": ["MIIBtTCCAVmgAwIB....3FwxFeOawwmz1bM6"],
    "timeStamp": "2017-09-28T05:06:23Z",
    "expires": "2017-09-28T06:06:24Z",
    "signature": {
        "algorithm": "ES256",
        "signerCertificate": {
            "issuer": "CN=Payment Network Sub CA3,C=EU",
            "serialNumber": "1461174553809",
            "subject": "CN=mybank.com,2.5.4.5=#130434353031,C=FR"
        },
        "certificatePath": ["MIIBtTCCAVmgAwIB....3FwxFeOawwmz1bM6","MIIDcjCCAVqgAwIB....e_-5TddhlTUMNPvw"],
        "value": "mY1RjqTjnTGDwedG7FUQWbYKaeowrNH5....DbUcBYBteg9VpwzaIXW477mE2QVdix0w"
    }
}

The assumption is that signatures must contain all certificates except for the trust anchor.

cyberphone / saturn

Add Trust Anchors to "ProviderAuthority" #3