...
Item | Description | Issuer | Private Key Held By | CSR Generated by | Certificate Generated by | Action required by LFI | JWKS |
|---|---|---|---|---|---|---|---|
Enc1 | Used by the TPP to encrypt PII sent to the OFP that can only be read by the LFI The PII payloads are encrypted using the LFI’s public key in the JWKS The LFI decrypts them using their private key | OFTF | LFI | LFI | LFI | Yes | LFI’s JWKS identified by the Hosted in LFI’s JWKS on OFTF Ozone can provide scripts to generate the CSR if requested by the LFI |
3. Creating certificates
These steps are repeated for S1 S3 C4 Sig2 Sig3 - where the private keys is held by the API Hub
Ozoneto generate private keys for the certificatesOzoneto generate CSRs and hand over toLFILFIto generate certificates on OFTF Sandbox directoryLFIto provide JWKS URL and KID
These steps are repeated for C3 S4 Sig3 - where the private key is held by the LFI
LFIto generate private key for the certificateLFIto generate CSRLFIto generate the certificate from OFTF Sandbox directoryLFIto provide JWKS URL and KID