WIP: Add documentation for using vectors of trust #464
Conversation
This commit adds documentation to describe vectors of trust. This commit does not remove ACR value documentation. ACR values will continue to be supported for some period of time while vectors of trust are rolled out. This commit primarily describes how the feature works in OIDC.
| @@ -130,6 +130,10 @@ In an **unsuccessful authorization**, the URI will contain the parameters `error | |||
| <p> | |||
| Multiple values can be joined with a space (before being URI-escaped in the final URL). | |||
| </p> | |||
| <p> | |||
There was a problem hiding this comment.
maybe in another pass we can go add markdown="1" to the <div> surrounding this so we can author text changes like this in markdown
| @@ -0,0 +1,62 @@ | |||
| --- | |||
There was a problem hiding this comment.
This filename here is intended to match up to the trustmark we have published in the repo: https://github.com/18F/identity-idp/blob/5837343cd6c1a9fe3f78d56d9931808e108e80a0/config/application.yml.default#L344
| <div class="grid-col-7"> | ||
| A URL linking to the Trustmark for the <code class="language-plaintext highlighter-rouge">vtr</code> parameter. | ||
| This should be set to <a class="usa-link" href="{{ '/vot-trust-framework/' | prepend: site.baseurl }}"> | ||
| https://developer.login.gov/vot-trust-framework</a>. |
There was a problem hiding this comment.
This URL is intentionally not configured to use the baseurl here. It needs to match the expected VTM value that the IdP knows about: https://github.com/18F/identity-idp/blob/5837343cd6c1a9fe3f78d56d9931808e108e80a0/config/application.yml.default#L344
There was a problem hiding this comment.
Our canonical domain name for these docs is the plural one (developers), should we use that here (and in the VM claim?)
| https://developer.login.gov/vot-trust-framework</a>. | |
| https://developers.login.gov/vot-trust-framework</a>. |
| ##### Why it's happening | ||
| The vectors of trust found in the VTR parameter are not valid | ||
| ##### What to do: | ||
| - Check the `vot` parameter in your authentication request. |
There was a problem hiding this comment.
Should this be vtr? In the Biometric Pilot documentation for partners, we are telling them to use the vtr parameter, such as vtr=["Pb","P1"]
There was a problem hiding this comment.
The oidc-sinatra sample app uses the vtr parameter in the auth request.
This commit adds documentation to describe vectors of trust.
This commit does not remove ACR value documentation. ACR values will continue to be supported for some period of time while vectors of trust are rolled out.
This commit primarily describes how the feature works in OIDC.