...

The Participant Metadata service, also called coordination function, collects, aggregates and distributes so called Metadata from the different participants. By retrieving this Metadata, participants are able to validate the authenticity of tickets issued by other entities and securely communicate directly with each other.

Implementation

Samtrafiken has developed an implementation, named BoB Metadata, of the participant metadata specification. Samtrafiken also runs the Administrative Body for Sweden, see endpoints below.

...

To retrieve all metadata for all participants, call https://bobmetadata.samtrafiken.se/api/v1v2/participantMetadata.
This is the only call, to participant metadata service that doesn't require a PoP (proof-of-posession) token, but do keep in mind that the attached JWS must be verified before using the payload data (the HTTPS, really SSL/TLS, transport should not be trusted). Since the transport might be tampered with, before any processing of the payload data takes place, the authenticity of the payload data should be established, using the mechanisms defined in RFC 7515.

...

To retrieve all test metadata for all participants in the test environment, call https://bobmetadata-pp.samtrafiken.se/api/v1v2/participantMetadata.

Technical details

Policy for what parts are required to be signed

...