Federation Endpoints

OpenID Federation defines 1 well-known discovery URL^[1], 7 federation endpoints^[2], and 1 registration endpoint^[3]. Not every entity implements all of them — leaf entities only need the well-known URL, while Trust Anchors and Intermediates may implement up to eight. The registration endpoint is available to OpenID Providers, not TAs.

Real-World Analogy

Think of a government building with multiple service windows — each serves a specific purpose. The "Entity Configuration" window is at the front door (everyone has it). The "Fetch" and "List" windows are inside, only available to entities that manage subordinates.

Sources & References

OpenID Federation 1.0, Section 9 — Obtaining Federation Entity Configuration Information
OpenID Federation 1.0, Section 8 — Federation Endpoints
OpenID Federation 1.0, Section 12.2 — Explicit Registration

GETEntity ConfigurationAll Entities

GETFetch (Subordinate Statement)Intermediates & TA

GETList (Subordinates)Intermediates & TA

GETResolve (Trust Chain)Any Entity (optional)

GETTrust Mark StatusTrust Mark Issuers

GETTrust Marked Entities ListingTrust Mark Issuers

GETTrust Mark EndpointTrust Mark Issuers

GETHistorical KeysAll Entities (optional)

POSTFederation RegistrationOpenID Providers

Sources & References