Skip to content

Overview of Supported and Planned Features

Endpoints

  • Entity Configuration Endpoint
  • Subordinate Listing Endpoint
  • Fetching Endpoint
  • Resolve Endpoint
  • Trust Mark Endpoint
  • Trust Marked Entities Listing Endpoint
  • Trust Mark Status Endpoint
  • Federation Historical Keys Endpoint
  • Endpoint to automatically enroll entities
  • Endpoint to request enrollment
  • Endpoint to request to be entitled for a trust mark
  • Entity Collection Endpoint

Entity Configuration

  • Create and publish Entity Configuration
  • Set Authority Hints
  • Automatically refresh trust marks in Entity Configuration
  • Support for publishing "external" keys in jwks
  • Configurable Federation Entity Metadata
  • Support additional Claims in Entity Configuration

Federation

  • Configure Trust Mark Issuers
  • Configure Trust Mark Owners
  • General Metadata Policies for all Entities
  • Support for individual Metadata Policies per Subordinate
  • Support for Custom Metadata Policy Operators including marking critical operators
  • General Constraints for all Entities
  • Support for individual Constraints per Subordinate

Subordinates

  • Management of Subordinates
  • Full CRUD support
  • Support for individual Metadata Policies per Subordinate
  • Support for individual Constraints per Subordinate
  • Support for individual Metadata overwrite per Subordinate
  • Automatic updates of Subordinate JWKS (for key rotation)

Trust Marks

Trust Mark Issuance

  • Issuance of Trust Marks
  • Support for Trust Mark Delegation
  • Automatic, configurable Checks for Trust Mark Issuance
  • Manual management of Trust Mark Subjects
  • Additional Trust Mark Claims
  • Additional Trust Mark Claims per Subject

Trust Mark Verification

  • Trust Mark JWT Verification for non-delegated Trust Marks
  • Trust Mark JWT Verification for Trust Marks using delegation
  • Trust Mark Verification using the Trust Mark Status Endpoint

Enrollment

  • Endpoint to automatically enroll entities
  • Automatic, configurable Checks for Enrollment
  • Endpoint to request enrollment

Signing

  • Support of various signing algorithms
  • Support for Automatic Key Rotation
  • Support for pkcs11
  • Support for publishing "external" keys

Trust Evaluation

  • Collect and build Trust Chain
  • Verify Trust Chains
  • Evaluating Constraints
  • Resolve Metadata
  • Applying Metadata Policies
  • Applying Metadata from Superiors
  • Trust Evaluation via Resolve Endpoint

Technical

  • Endpoints supporting GET requests
  • Endpoints supporting POST requests
  • Endpoints supporting Client Authentication
  • JWT Type Verification

Statistics

  • Capture request metrics (timing, status, errors)
  • Client tracking (IP, User-Agent, country via GeoIP)
  • Query parameter tracking
  • REST API for statistics queries
  • CLI commands for statistics
  • CSV/JSON export
  • Automatic daily aggregation
  • Configurable data retention