Check certs in bonafide
To fetch the provider.json we should check if the providers cert is signed from a CA trusted by the SO and any other API calls should check that the provider is signed by the provider CA.
(from redmine: created on 2016-04-30)