Authorisation Domains and Roles for Organisations
Benefit from the hierarchical structure of a Trust Framework. Get assigned regulatory roles that govern the classification for your organisation, API access, available access scopes, and more.
An authorisation domain is the highest level hierarchical entity inside a data sharing ecosystem or federation. It enables Trust Framework Administrators to delineate the primary operational and regulatory areas that exist within the Trust Framework.
Organisations are assigned domains by Trust Framework Administrators only and cannot be self-assigned by Organisation Administrators.
Authorisation Domains are typically set based on a given regulation and include a clear definition of its existing actors, responsibilities, and governance. For example, a country-wide Open Data ecosystem can be divided into smaller parts like Open Banking, Open Health, Open Energy, and Open TeleCommunications enabling one governing organisation to establish different regulatory areas and delegate their administration to authorities (like Central Bank, Mininistry of Health, and more).
Each ecosystem or federation must have at least one Authorisation Domain but more can be created if needed.
For your organisation, it does not mean that it has to be assigned to one domain only - on the contrary. For example, an Insurance Provider (acting both as a Data Provider and a Data Receiver) can be assigned to a couple of domains:
- Open Insurance - to pull information about already existing insurances, provide offer comparison, and more.
- Open Banking - to pull finance-related information about the end user in order to, for example, initiate insurance payment or check account balance and prevent a Not Sufficient Funds return.
- Open Health - to pull health-related information about the end user to verify whether they can apply for a life insurance, and more.
Being a part of an Authorisation Domain defines the roles your organisation can have.
If your organisation does not have any Authorisation Domain assigned, contact with your Trust Framework Administrator.
Authorisation Domain Roles are regulatory roles associated with a specific Authorisation Domain. They can dictate what rights and permissions your organisation has, such as the ability to register certain APIs or specific types of servers. Roles can also define the set of APIs an organisation can consume and access scope its application can request.
For example, if an organisation is assigned a role defined in the Open Banking Authorisation Domain, it is able to publish or access the finance-related APIs but not health-related APIs.
Roles help to distinguish between different organisations by being a mean of classification. They can differentiate Data Providers from Data Receivers, or common organisations and technical service providers.
Additionally, roles are used to control access to Raidiam Connect APIs. By default, any organisation and their application registered in Connect is assigned a role enabling access to application- and software-statement- related APIs.
Organisations are assigned roles by Trust Framework Administrators only and cannot be self-assigned by Organisation Administrators. However, you can control which role is available to your application. If you register more than one application, it is recommend only to claim the roles the application needs within its Software Statement.
If your organisation does not have any Authorisation Domain Role assigned, contact with your Trust Framework Administrator.