Skip to end of banner
Go to start of banner

New entity / participant

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 32 Next »

This page will describe what is needed to be done and what information exists when a new company / participant should be connected to BoB Metadata (i.e. the administrative body)

Table of contents

How to get a pid?

A pid is a participant id, every organisation that wants to issue or sell BoB-tickets must have a registered pid. All registered participants are found at BoB participant metadata key registration status.

To ask for a pid, send a mail to bobsupport@samtrafiken.se with organisation name, information about contact person and other relevant information. We will most likely give you the next number in sequence at the above list and reply with that information.

Metadata key exchange process

The thought of key exchange is that each party should be sure of who is sharing a key and from who a key is received. More information is found in BoB Manual chapter 5 Key Management.

  • The prerequisite is a reserved/registered pid at Samtrafiken to which the participants public key and its metadata can be tied to.
  • The process of the key exchange is dependent on which environment (Test or Production) the key is to be published to.
    • Test: key exchange can be done directly from a participant or system vendor on behalf of the corresponding PTA through mail, preferably with the key in an encrypted ZIP-file.
      The participant sends the key to bobsupport@samtrafiken.se and Samtrafiken will in return share its public key to the Test environment.
    • Production: key exchange request has to be granted from the Participant and from/to whom the exchange will be performed.
      This information is sent by mail to bobsupport@samtrafiken.se.
      The key must be sent by mail to bobsupport in an encrypted ZIP-file.
      Bobsupport will respond with a mobile phone number to which a password for the encrypted ZIP-file can be sent to. Also include your kid in the message.
  • We, at Samtrafiken, will give you our public key and key name (kid) in an encrypted ZIP-file (at least for Production) and from you we will get your public key. We will also inform you of your pid (participant id), if that information hasn't previously been related.
  • The keys must be in JWK format. Every key must have a kid, for more information take a look in MTS5.

JSON Web Key (JWK) is described by RFC 7517

What shall a client implement?

A Participant Metadata client is used to retrieve information about a participant that you want to communicate with. By calling the Participant Metadata service you get metadata information such as endpoints, auth token public keys, mtb public keys, etc for each participant. There is one method that retrieves all information about all participants and there are several methods to get specific data for one participant. There are also methods for updating your own information.

It is each participant's responsibility to keep their own information up to date.

The BoB Metadata service implements the interface https://bitbucket.org/samtrafiken/bob-api-participant-metadata/src/master/participantMetadata.yaml (can be viewed in http://editor.swagger.io/#/, easier at BoB Participant Metadata v2 OpenAPI)

One must implement a REST-client that calls the API above and interprets the responses.

Relevant documentation is MTS4 and MTS5, found at https://bitbucket.org/account/user/samtrafiken/projects/BOBS

Samtrafiken has implemented the BoB Metadata service in Java and we choose to use jose4j as library/framework, https://bitbucket.org/b_c/jose4j/wiki/Home, for JWT/JWS/...-support.
Programming language and library/framework is of course up to you to choose! 

Support and forum

Please see the BoB Support page for more information.

  • No labels