Applications
Add applications to request data available within your framework. Register clients applications at Data Providers' Authorisation Servers or enable the Data Providers to discover your applications.
At the moment, in Raidiam Connect, the existence of applications and OAuth client applications per se is implied through generated Applications -- as the Centralized Directory does not store any OAuth client configuration and does not enable immediate access to Data Providers' resources without registering a client application at their Authorisation Servers.
Added Applications can be registered at the Authorisation Server:
- By the Data Provider after adding the application in Raidiam Connect if the underlying Registration Framework is an OpenID Federation.
According to the RFC 7591, software statement is a JSON Web Token (JWT) [RFC7519] that asserts metadata values about the client software as a bundle.
The software statement is a key component in the process of transferring data between two parties and is used, as the RFC says, to assert the data needed to create a client with an Open ID Provider -- the Authorisation Server.
Software Statements can be created by the organisation's users and on its creation, the user inserts all the metadata that refers to the Application that he has created to consume data from other parties. Once created this software statement can be used to register against any FAPI-compliant Authorisation Server that exists in Connect.
This process of registering a client on a given server is called Dynamic Client Registration DCR and its registration and update specifications are defined on RFC7591 and RFC7592
Once created, some fields of the Software Statement might be blocked for editing after the Software Statement assertion is generated. A Software Statement Assertion is the JWT that asserts the Software Statement registered metadata.
Which fields are blocked for edit depends on the existing policy of the ecosystem. If the organisation user wishes to edit those fields he must request from a Trust Framework Administrator to unlock the software statement.
The Application's client_id is automatically created when a software statement is registered. This means that this is the client_id to be used if the application wishes to obtain data from Connect. Additionally, with the same client_id client application gets registred automatically at the Authorisation Server if OpenID Federation is used within the ecosystem.
Field | Description | Example |
Client Name | It is recommended to use the brand name that the customers are familiar with. This is the name that the transmissor will receive and declare to the client during the journey. | Raidiam |
Client URI | Website or root URI from the resource. | https://raidiam.com/info.html |
Policy URI | Must be a defined text sequence that represents a single unique policy URI | https://raidiam.com/policy.html |
Logo URI | Brand logo URI | https://raidiam.com/logo.svg |
Terms of service URI | Must be a text string that represents the unique URI for ToS | https://raidiam.com/tos.html |
Redirect URI | Must be a text string that represents the unique URI for redirects | https://raidiam.com/cb1 https://raidiam.com/cb2 |
On Behalf of | Optional for implementation | |
Description | Must be a text string of your choice | Raidiam your service solution |
Version | The software version must be defined by a numeric value, an integer (like 1) or a floating point number (1.2, 2.2 etc) | 1 |
Additional client metadata | This field allows a user to define extra metadata to be retrieved from the token endpoint. Accepts a valid JSON block (defaults to {}) | |
Once an Application is created, it has the Active status making it possible for the app to have its certificated and generated Software Statement Assertions for DCR.
An Application can be Suspended which also suspends all application-level certificates -- moving them to a suspended keystore -- and blocks the application from generating Assertions. Suspended Applications are not able to successfully interact with other applications and servers within the ecosystem or federation due to the suspended certificates.
Note that some applications may use Organisation-Level Certificates.
If you added an Organisation-Level Certificate to your application code, the application may still be able to successfully communicate with other participant's technical resources.
You can reenable an Application by switching its status back to Active.
Suspended Applications can be moved to the Inactive status which irreversible. It is equal to soft-deleting the Application. The application can be still viewed for audit purposes but is and will be never again able to consume data offered within the ecosystem or federation.
Changing the Application's status to Inactive is permanent.
- If the Trust Framework Registration Framework is configured to use OAuth Dynamic Client Registration (DCR), generate Generate Software Statement Assertions for DCR and register your application at Data Providers' Authorisation Servers.