{
    "trust_mark_type": "https://github.com/REFEDS/MRPS/",
    "iss": "https://ta.surfconext.nl",
    "sub": "https://leaf.institution.org/op",
    "iat": 1579621160,
    "ref": "https://github.com/REFEDS/MRPS/blob/master/mrps.md"
    "mrps": "https://servicedesk.surf.nl/wiki/spaces/IAM/pages/128910076/Metadata+Registration+Practice+Statement+for+SURFconext"
}

`{`  
        `    "trust_mark_type": "https://refeds.org/trustmarks/md_scope",`  
        `    "iss": "https://ta.federation.org",`  
        `    "sub": "https://leaf.institution.org/op",`  
        `    "iat": 1579621160,`  
        `    "ref": "https://refeds.org/trustmarks/md_scope/index.html",`  
        `    "mdscope": [`  
                `        "institution.org",`  
                `        "student.institution.org",`  
                `        "institution-businessschool.com"`  
        `    ]`  
`}`

federation_trust_mark_status_endpoint (https://openid.net/specs/openid-federation-1_0.html#section-5.1.1-3.8)
OPTIONAL. The Trust Mark Status endpoint described in Section 8.4. Trust Mark Issuers SHOULD publish a federation_trust_mark_status_endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components; it MUST NOT contain a fragment component

VERIFIED Trust Mark

3 trust mark scenarios exist in the spec:

- Self issued by the Entity

- Issued by a Trustmark Issuer (TMI)

- Owned by a Trust mark Owner (TMO), issued by a Trust Mark Issuer, which the TMO has delegated to the TMI