§10Lesson · Capstone

Putting It All Together

A complete real-world scenario using every concept

15 min readLast reviewed 2026-06-05Capstone

Scenario: A Student Logs In to a Research Portal

This capstone walkthrough follows a complete, real-world scenario that uses every concept from the previous 9 lessons.

Trust Anchor: edu-federation.gov

Intermediate: uni-alliance.edu

OpenID Provider: login.state-university.edu

Relying Party: research-portal.gov

Step 1 of 14

1. TA publishes Entity Configuration

Setup

Trust Anchor edu-federation.gov publishes its Entity Configuration at .well-known/openid-federation (§9). It contains the TA's JWKS, federation endpoints, and trust_mark_issuers.

Concept Recap — Everything You Learned

L1Federation
Scalable trust hierarchy instead of N x N bilateral agreements
L2Entities & Roles
TA, Intermediate, OP, RP — each with clear responsibilities
L3Entity Statements
Self-signed Entity Configs and superior-signed Subordinate Statements
L4Trust Chains
Linked sequence of signed statements from leaf to anchor
L5Chain Resolution
Bottom-up algorithm following authority_hints
L6Metadata & Policy
Capabilities described, constrained by cascade of policies
L7Trust Marks
Certified badges verifying compliance requirements
L8Endpoints
9 HTTP APIs for discovery, fetch, resolve, and registration
L9Registration
Automatic (on-the-fly) or explicit (pre-registered)

Congratulations!

You've completed the core curriculum. Continue to the Advanced and Going Deeper sections to explore topology design, real-world use cases, and hands-on exercises.

Further reading