search

openid / federation-wallet

Defines how to perform trust establishment for Wallet ecosystems with OpenID Federation
4 stars 3 forks source link

[Policy] Trust Marks examples #40

Open peppelinux opened 3 weeks ago

peppelinux commented 3 weeks ago

Example of Trust Mark establishing grants for the interaction with under age users, status lists also introduced to facilitate offline revocation checks (see #37 )

{
  "typ": "trust-mark+jwt",
  "alg": "ES256",
  "kid": "2HnoFS3YnC9tjiCaivhWnXAdNuA",

  // optionals chains like federation and or x5c
  "trust_chain": [
    $TA-EntityConfiguration,
    $TA-SubordinateStatement-about-TMIssuer,
    $TMIssuer-EntityConfiguration
  ]
}
.
{
  "id": "https://openid.net/trust_marks/rp/under-age",
  "iss": "https://trust-issuer.example.org",
  "sub": "https://relying-party.example.com",
  "iat": 1579621160,
  "exp": 1579707560,
  "ref": "https://openid.net/trust_marks/rp/under-age/v1.0",
  "status": {
    "federation_trust_mark_status_endpoint": "https://trust-issuer.example.org/status/rp/under-age",
    "status_list": {
      "idx": 0,
      "uri": "https://trust-issuer.example.org/statuslists/1"
    }
  },
  "policy_uri": "https://openid.net/trust_marks/rp/under-age/policy",
  "tos_uri": "https://openid.net/trust_marks/rp/under-age/terms"
}

There might be several others like:

https://openid.net/trust_marks/rp/disable-user https://openid.net/trust_marks/rp/health-service

// main Trust Mark ID per Open Banking https://trust-registry.openbankingfoundation.org/trust_marks/v1

// Trust Mark ID specific roles https://trust-registry.openbankingfoundation.org/trust_marks/aisp/v1 // AISP https://trust-registry.openbankingfoundation.org/trust_marks/pisp/v1 // PISP https://trust-registry.openbankingfoundation.org/trust_marks/aspsp/v1 // ASPSP https://trust-registry.openbankingfoundation.org/trust_marks/cbpii/v1 // CBPII

// Trust Mark ID principale per Healthcare https://trust-registry.healthauthority.org/trust_marks/v1

// Trust Mark ID specifici per ruoli e servizi https://trust-registry.healthauthority.org/trust_marks/hospital/v1 // Ospedali https://trust-registry.healthauthority.org/trust_marks/pharmacy/v1 // Farmacie https://trust-registry.healthauthority.org/trust_marks/laboratory/v1 // Laboratori https://trust-registry.healthauthority.org/trust_marks/telemedicine/v1 // Telemedicina https://trust-registry.healthauthority.org/trust_marks/ehr-provider/v1 // Provider EHR

// Trust Mark ID principali per settori https://trust-registry.education.org/trust_marks/university/v1 // Università https://trust-registry.education.org/trust_marks/research/v1 // Centri di Ricerca https://trust-registry.education.org/trust_marks/training/v1 // Formazione Professionale

selfissued commented 1 week ago

We briefly discussed this on today's OpenID Connect WG call. What additional explanatory text do think should accompany them so that readers understand what's being illustrated by these examples?

Also, I assume that the $ text would be replaced with actual values in a corresponding PR?