Concept Guides
Applications
Certificates
request certificates docid\ g ci bmrum8en1ffwnzi for an application utilize transport and signing certificates to securely get data from other organisations raidiam connect enables organisations to obtain digital certificates docid\ vsjypzhvtxr to0eglujt that can be used for transport in mutual tls (mtls) authentication, both the client and the server authenticate each other using their respective certificates during the handshake process, the server presents its certificate to the client, which verifies it against raidiam's public key infrastructure docid\ ukxpxzgjtt4iswg9nbxe0 similarly, the client presents its certificate to the server for verification this mutual authentication ensures that both parties are trustworthy and authorized to communicate signing applications seeking access to resources from data providers docid\ apm ilivcfpfft1ld0puc can utilize signing keys to digitally sign their messages, thereby, enabling validation of their identity as well as granting non repudiation signatures are often done by signing the json payload using the private key in possession of the data receiver, creating a jwt ( rfc 7519 ) since the signature can be verified only with the public key registered for an application, signing messages ensures that if any part of the message is altered after the message was signed, the signature is no longer valid additionally, the signature verifies whether the message was signed by a known and trusted sender who possesses the corresponding private key once a message is signed, the sender cannot deny sending the message or its contents as the message could only have been signed by the private key, which is possessed only by the sender this property is crucial in scenarios where proof of message origin is necessary, also defined as non repudiation encryption applications or servers seeking to exchange data on unsecured channels, like the browser, can encrypt their requests (or parts of it) to ensure confidentiality and integrity of the transmitted data in this process the party that will send the message will use the other party's public key to encrypt the json object, generating a jwe ( rfc 7516 ), which technically can only be converted back into a json with the receiving party's private key encryption ensures that the data contained in the request can only be read by the intended recipient even if an attacker intercepts the encrypted data, without the corresponding public (decryption) key, the data remains unintelligible and useless additionally, any unauthorized modifications to the encrypted data would fail to decrypt, alerting the recipient to potential tampering those certificates can either be exported inside connect, in case the ecosystem uses an external certificate authority or can be minted by the platform itself, in case the ecosystem is using the raidiam trust framework public key infrastructure docid\ ukxpxzgjtt4iswg9nbxe0 whichever option is available will depend on the existing ecosystem policy