Modelling an Ecosystem

Authorisation Domains and Role Concept

3min

Authorisation Domain
An Authorisation Domain is highest level of authorisation categorisation available in the platform and an ecosystem must have at least one Authorisation Domain and as many as is necessary to accurately model 
﻿
An Authorisation Domain, is a free text string.
It is recommended that an Authorisation Domain not include a region or country identifier. These attributes should be conveyed by the Issuing Authorities country of registration or a Domain Role Authorisation which can be used to assign a Domain Role to a specific geographic boundary.
Examples:
Authorisation Domain
Description
PSD2
The Second Payments Service Directive authorisation domain
Open Insurance
Open Insuranace
Retail Banking
﻿
Commercial Banking
﻿
Private Banking
﻿
Open Energy
﻿
Authorisation Domain Roles
An Authorisation Domain Role is an String associated to an Authorisation Domain which 
An Authorisation Domain, is a free text string.
It is recommended that an Authorisation Domain Roles do not include a region or country identifier. These attributes should be conveyed by the Issuing Authorities country of registration or a Domain Role Authorisation which can be used to assign a Domain Role to a specific geographic area.
Examples:
Authorisation Domain
Authorisation Domain Role
Description
PSD2
PISP
Payment Initiation Service Provider
PSD2
AISP
Account Information Service Provider
Open Banking
DADOS
Data Provider or Data Consumer
Retail Banking
Data Provider
﻿
Commercial Banking
Data Receiver
﻿
Authorisation Domain Roles Metadata
Ecosystem administrators can associate specific authorisation roles to application technical authorisations. For example, an ecosystem administrator may define the Authorisation Domain of 'OpenBanking' and Authorisation Domain Role of 'PISP'. This role can then be associated with the technical oAuth scopes of 'openid' and 'payments' and oAuth grant of 'authorisation_code'.
Examples:
Authorisation Domain
Authorisation Domain Role
Technical Metadata Type
Technical Metadata value
PSD2
PISP
scope
openid payments
PSD2
PISP
grant_type
authorisation_code
Open Banking
DADOS
response_type
code id_token
Retail Banking
Data Provider
scope
make:payments
Commercial Banking
Data Receiver
grant_type
authorisation_code
﻿

Authorisation Domain	Description
PSD2	The Second Payments Service Directive authorisation domain
Open Insurance	Open Insuranace
Retail Banking
Commercial Banking
Private Banking
Open Energy

Authorisation Domain	Authorisation Domain Role	Description
PSD2	PISP	Payment Initiation Service Provider
PSD2	AISP	Account Information Service Provider
Open Banking	DADOS	Data Provider or Data Consumer
Retail Banking	Data Provider
Commercial Banking	Data Receiver

Authorisation Domain	Authorisation Domain Role	Technical Metadata Type	Technical Metadata value
PSD2	PISP	scope	openid payments
PSD2	PISP	grant_type	authorisation_code
Open Banking	DADOS	response_type	code id_token
Retail Banking	Data Provider	scope	make:payments
Commercial Banking	Data Receiver	grant_type	authorisation_code

Modelling an Ecosystem

Authorisation Domain