Identifying the intended trust anchor

[malmgren01DF]

From 1.2 Terminology:

Federation Entity Discovery A process that starts with the Entity Identifier for the subject of the Trust Chain and collects Entity Statements until the chosen Trust Anchor is reached.

But how is the trust anchor chosen? Let's say that we start with a leaf entity, all we have is the entity statement URL for it, and we want to programatically find its trust anchor. So, we traverse up the trust chain through an intermediate and then to the trust anchor, for example. Given that this trust anchor potentially could have a superior, how could I, the program, know that I should stop at the current entity and that it's a trust anchor and additionally it's the trust anchor that I'm looking for?

[rohe]

The way my code works is that when I ask it to collect trust chains from an entity to a trust anchor I give it a list of trust anchors. For each new entity the collector collects it will then check against the list of trust anchors and if the entity is in the list it will add the chain (up to that point) to the list of chains it has collected. It will not stop once it has reached a trust anchor if that entity has authority_hints specified. It will stop once it can't go higher.

You decide who your trust anchors are!!

[malmgren01DF]

Thanks Roland!

It will not stop once it has reached a trust anchor if that entity has authority_hints specified. It will stop once it can't go higher.

Right, and "it can't go higher" would be equivalent to not having authority_hints specified, I presume. Or, I guess, if it's the only remaining trust anchor in your list and you've found it, then there's no need to proceed with the traversal.

Makes sense, I think I got it now, thanks!

[selfissued]

@malmgren01DF Are you OK closing this issue on this basis, or is there more than you'd like us to do?

[malmgren01DF]

Let's close it!