New Participant

Owned by Martin Valldeby (Unlicensed)
Last updated: 2023-11-23 by Thomas Ulveland
2 min read

This page will describe what is needed to be done and what information exists when a new company / participant should be connected to BoB Metadata (i.e. the administrative body)

Table of contents

How to get a PID?

Every organisation that wants to issue or sell BoB-tickets must have a registered PID, or Participant ID. All registered participants can be found at BoB participant metadata key registration status.

To request for a PID, send a mail to bobsupport@samtrafiken.se with organisation name, information about contact person and other relevant information.

Metadata key exchange process

The purpose of key exchange is to ensure that each party can confidently identify the sender and receiver of the participant's metadata key. More information is found in BoB Manual chapter 5 Key Management.

  1. The prerequisite is a reserved/registered PID at Samtrafiken to which the participants public key and its metadata can be tied to.

  2. The metadata keys must be in JWK format. Every key must have a kid, for more information, see MTS5.

  3. The key exchange process varies depending on whether it's for BoB Metadata Test or BoB Metadata Production environment.

    • Test

      • Key exchange can be done directly from a Participant or system vendor on behalf of the Participant.
        The key must be sent by mail to bobsupport@samtrafiken.se in a password protected ZIP-file. The password must be created by Samtrafiken.

    • Production

      • Key exchange request has to be performed by the Participant.
        The key must be sent by mail to bobsupport@samtrafiken.se in a password protected ZIP-file. The password must be created by Samtrafiken.

  4. Samtrafiken will provide Samtrafiken's public keys (primary and fallback) to the Participant. HTTPS responses from BoB Metadata endpoints have signatures that must be validated by the Participant using these public keys.

JSON Web Key (JWK) is described by RFC 7517.

It is each participant's responsibility to keep their own information up to date.

Relevant documentation is MTS4 and MTS5, found at https://bitbucket.org/account/user/samtrafiken/projects/BOBS