Skip to end of banner
Go to start of banner

New entity / participant

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 33 Next »

This page will describe what is needed to be done and what information exists when a new company / participant should be connected to BoB Metadata (i.e. the administrative body)

Table of contents

How to get a PID?

A PID is a participant id, every organisation that wants to issue or sell BoB-tickets must have a registered PID. All registered participants are found at BoB participant metadata key registration status.

To ask for a pid, send a mail to bobsupport@samtrafiken.se with organisation name, information about contact person and other relevant information. We will most likely give you the next number in sequence at the above list and reply with that information.

Metadata key exchange process

The purpose of key exchange is to ensure that each party can confidently identify the sender and receiver of the participant's metadata key. More information is found in BoB Manual chapter 5 Key Management.

  1. The prerequisite is a reserved/registered PID at Samtrafiken to which the participants public key and its metadata can be tied to.
  2. The metadata keys must be in JWK format. Every key must have a kid, for more information, see MTS5.
  3. The key exchange process varies depending on whether it's for BoB Metadata Test or BoB Metadata Production environment.
    • Test
      • Key exchange can be done directly from a Participant or system vendor on behalf of the Participant.
        The key must be sent by mail to bobsupport@samtrafiken.se in a password protected ZIP-file. The password must be created by Samtrafiken.
    • Production
      • Key exchange request has to be performed by the Participant.
        The key must be sent by mail to bobsupport@samtrafiken.se in a password protected ZIP-file. The password must be created by Samtrafiken.
  4. Samtrafiken will provide Samtrafiken's public keys (primary and fallback) to the Participant. HTTPS responses from BoB Metadata endpoints have signatures that must be validated by the Participant using these public keys.

JSON Web Key (JWK) is described by RFC 7517.

What shall a client implement?

A Participant Metadata client is used to retrieve information about a participant that you want to communicate with. By calling the Participant Metadata service you get metadata information such as endpoints, auth token public keys, mtb public keys, etc for each participant. There is one method that retrieves all information about all participants and there are several methods to get specific data for one participant. There are also methods for updating your own information.

It is each participant's responsibility to keep their own information up to date.

The BoB Metadata service implements the interface https://bitbucket.org/samtrafiken/bob-api-participant-metadata/src/master/participantMetadata.yaml (can be viewed in http://editor.swagger.io/#/, easier at BoB Participant Metadata v2 OpenAPI)

One must implement a REST-client that calls the API above and interprets the responses.

Relevant documentation is MTS4 and MTS5, found at https://bitbucket.org/account/user/samtrafiken/projects/BOBS

Samtrafiken has implemented the BoB Metadata service in Java and we choose to use jose4j as library/framework, https://bitbucket.org/b_c/jose4j/wiki/Home, for JWT/JWS/...-support.
Programming language and library/framework is of course up to you to choose! 

Support and forum

Please see the BoB Support page for more information.

  • No labels