Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

To retrieve all metadata for all participants, call https://bobmetadata.samtrafiken.se/api/v1v2/participantMetadata.
This is the only call, to participant metadata service that doesn't require a PoP (proof-of-posession) token, but do keep in mind that the attached JWS must be verified before using the payload data (the HTTPS, really SSL/TLS, transport should not be trusted). Since the transport might be tampered with, before any processing of the payload data takes place, the authenticity of the payload data should be established, using the mechanisms defined in RFC 7515.

...

To retrieve all test metadata for all participants in the test environment, call https://bobmetadata-pp.samtrafiken.se/api/v1v2/participantMetadata.

Technical details

Policy for what parts are required to be signed

...