🔐 Trust Mark Issuer

Overview

This Trust Mark Issuer (TMI) is a federation entity that issues trust marks to entities that meet specific accreditation criteria. Trust marks are statements of conformance used for federation enrollment and trust establishment.

Trust Mark Types

This issuer is authorized to issue the following trust mark types:

No trust mark types configured.

Federation Endpoints

These endpoints are used by other federation entities to interact with this Trust Mark Issuer:

Entity Configuration

Returns the entity's configuration including public keys and metadata

Trust Mark Endpoint

Retrieves a specific trust mark for an entity (Section 8.6)

Trust Mark Status Endpoint

Validates and returns the status of a trust mark (Section 8.4)

Trust Marked Entities Listing

Lists entities with active trust marks (Section 8.5)

Admin API Documentation

Manage trust mark types and accreditation criteria through the Admin API:

📚 Open API Documentation (Swagger)

The Admin API requires an X-API-Key header for authentication.

Trust Mark Application

Entities can apply for trust marks by submitting a request to this issuer:

Application Endpoint

Request Body:

{
  "subject_entity_id": "https://entity.example.com",
  "trust_mark_type": "https://example.com/trust-marks/type",
  "metadata": {
    // Optional: Additional information for accreditation
  }
}

Trust Chain Validation

This Trust Mark Issuer is itself a federation entity with a trust chain to a Trust Anchor. Other entities must:

1. Establish trust in this TMI by building a trust chain to a common Trust Anchor
2. Verify this TMI is authorized in the Trust Anchor's trust_mark_issuers claim
3. Validate trust mark signatures using this TMI's Federation Entity Keys

Specification Compliance

This implementation follows:

• OpenID Federation 1.0 - Published February 1, 2026
• Section 7: Trust Marks
• Section 8.4: Trust Mark Status Endpoint
• Section 8.5: Trust Marked Entities Listing
• Section 8.6: Trust Mark Endpoint

View Specification