This page will describe what is needed to be done and what information exists when a new company / participant should be connected to BoB Metadata (i.e. the administrative body)
...
Table of Contents | ||
---|---|---|
|
How to get a
...
PID?
A pid PID is a participant id, every organisation that wants to issue or sell BoB-tickets must have a registered pidregistered PID. All registered participants are found at BoB participant metadata key registration status.
...
Metadata key exchange process
The thought purpose of key exchange is to ensure that each party should be sure of who is sharing a key and from who a key is receivedcan confidently identify the sender and receiver of the participant's metadata key. More information is found in BoB Manual chapter 5 Key Management.
- The prerequisite is a reserved/registered
...
- PID at Samtrafiken to which the participants public key and its metadata can be tied to.
- The complete list of
...
- PIDs are found at BoB participant metadata key registration status
...
- .
- The metadata keys must be in JWK format. Every key must have a kid, for more information, see MTS5.
- The key exchange process varies depending on whether it's for BoB Metadata Test or BoB Metadata Production environment.
- Test
- Key exchange can be done directly from a
- Test
...
- Participant or system vendor on behalf of the
...
- Participant.
The key must be sent by mail to bobsupport@samtrafiken.se in a password protected ZIP-file.
- Participant.
...
- The password must be created by Samtrafiken.
- Production
- Key exchange request has to be
...
- performed by the Participant.
The key must be sent by mail to
- performed by the Participant.
...
- bobsupport@samtrafiken.se in a password protected ZIP-file.
...
- The password must be created by Samtrafiken.
- Samtrafiken will provide Samtrafiken's public keys (primary and fallback) to the Participant. HTTPS responses from BoB Metadata endpoints have signatures that must be validated by the Participant using these public keys.
JSON Web Key (JWK) is described by RFC 7517.
What shall a client implement?
...