Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incomplete statement about validating Trust Mark Issuer #127

Open
selfissued opened this issue Oct 31, 2024 · 1 comment · May be fixed by #153
Open

Incomplete statement about validating Trust Mark Issuer #127

selfissued opened this issue Oct 31, 2024 · 1 comment · May be fixed by #153
Assignees
@selfissued

Comments

@selfissued
Copy link
Member

7.3. Validating a Trust Mark includes the statement:

"To validate a Trust Mark issuer, follow the procedure defined in Section 10."

where Section 10 is "Resolving the Trust Chain and Metadata".

This seems like an incomplete and confusing statement, because while resolving a trust chain is a necessary step to determine what Trust Anchor to use, that section doesn't describe how to validate a trust mark issuer.

What should we actually say that would be actionable to implementers and where should we say it?
@rohe
Copy link
Collaborator

rohe commented Nov 4, 2024
edited
Loading

To validate a trust mark issuer probably encompass these things:

  1. verify that the trust mark issuer is part of the federation and that it is possible to get verified metadata about it (section 10)
  2. verify that it is allowed to issue trust marks with a specific trust mark id (if no delegation)
  3. If it works on delegation verify the delegation. The delegation being expressed in the trust_mark_owners claim)

Have I missed something ?

@selfissued selfissued self-assigned this Nov 5, 2024
@selfissued selfissued linked a pull request Nov 30, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@selfissued selfissued

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Explain Trust Mark Issuer validation in more detail openid/federation
2 participants
@rohe @selfissued