| Expand | ||||
|---|---|---|---|---|
| ||||
|
1. Introduction
This document aims to explain the role of the Trust Framework in the Open Finance UAE Program and how technical users from LFIs and TPPs are expected to interact with it. Its content is derived from the https://docs.connect.raidiam.io/ Documentation, which is referenced multiple times within this document.
...
Participants can register https://docs.connect.raidiam.io/xwL5-api-resources for the products and services they offer on the schema. Only approved API endpoints and versions for go-live should be added to the Trust Framework.
...
Field Name | Field Description | Example |
|---|---|---|
Client Name | The name of the application as it will appear to end users | Finance Tracker Pro |
Description | A detailed description of the application, highlighting its key features, functionalities, and benefit | Finance Tracker Pro helps users manage their personal finances by tracking income, expenses, and savings goals. Features include budget planning, expense categorization, and financial reporting |
Client Info URI | The URL pointing to the application’s webpage. This should direct users to a webpage where they can find more detailed information about the application, including its features, pricing, and support. | |
Logo URI | The URL pointing to the application’s logo in PNG or JPEG format. This logo will be displayed alongside the application name and description on the platform, providing a visual identifier for users. |
5.4.
...
5 Shari’ah compliance flag
When registering/editing an Application a Field called “Flags” is available to be edited by the User.
...
Details about how the Shari'ah compliance will be informed to the end users can be seen on : https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1dot1final/pages/210800446/Common+Rules+and+Guidelines#21.-Shari%E2%80%99ah-compliance-of-TPP
5.4.
...
6 Registering Certifications
Clients are only authorized to Operate on the Ecosystem once they have passed their full set of certifications defined on the Certification Framework, including their FAPI 2.0 UAE Relying Party Certification.
...
There are three types of client certificates, each with specific use cases. Detailed information about client certificates can be found in the Certificate Standard https://openfinanceuae.atlassian.net/wiki/x/1ICQD
Instructions on creating server certificates are available at https://docs.connect.raidiam.io/manage-certificates-for-organisationapplication
Servers must validate the certificates and signatures used by clients on each new connection and authentication request. If a client uses a revoked or expired certificate, the server will deny the request.
...
The Technical Requirements around API and Server discovery are outlined on the security standards, on the Registration Framework https://openfinanceuae.atlassian.net/wiki/x/i4CQD
5.6.2 Establishing Connection with Servers
After retrieving all the resources, clients can call the Authorization Server token and PAR endpoints, as outlined in the Security Profile - FAPI https://openfinanceuae.atlassian.net/wiki/x/TYCQD document.
Note: Clients are not required to undergo an active registration step in the Registration Framework; servers will accept all incoming valid requests from clients.
...
In essence, Organisation Flags outline the expected products or services that an LFI should share, while https://openfinanceuae.atlassian.net/wiki/spaces/TFDocv3TFDocsv4/pages/edit-v2/168263702#4183468280#4.4.24-Registering-API-Resources reflect what they are currently sharing.
...
API Name | Endpoint | Usage | Instructions / Swagger |
|---|---|---|---|
Participants | Sandbox : https://data.sandbox.directory.openfinance.ae/participants Production : https://data.directory.openfinance.ae/participants | Provides details about all the Servers that have been registered on the Trust Framework, including :
| https://docs.connect.raidiam.io/find-data-providers-via-public-api |
Keystores | Sandbox : https://keystore.sandbox.directory.openfinance.ae/<org_id>/<app_id>/application.jwks Production : https://keystore.directory.openfinance.ae/<org_id>/<app_id>/application.jwks | Provides details about the certificates generated by the Trust Framework PKI. To verify details about client certificates, replace the <org_id> with the value of the Organisation UUID of the participant on the TF and the <app_id> with the value of the Client UUID To verify details about server certificates, remove the <app_id> from the URI path and provide only the the <org_id> with the value of the Organisation UUID of the participant | https://docs.connect.raidiam.io/public-and-private-keys#bz_0v |
PKI Chain | Provides the issuer and root certificates in | https://docs.connect.raidiam.io/public-key-infrastructure#lwJo2 | |
API Resources | Sandbox : https://web.sandbox.directory.openfinance.ae/config/apiresources Production : https://web.directory.openfinance.ae/config/apiresources | Provides the list of API Families that can be published on the TF. This API returns a JSON file which includes:
|
6.2.2 mTLS Protected APIs
...
Instructions on how to generate an Application are described on https://openfinanceuae.atlassian.net/wiki/spaces/TFDocv3TFDocsv4/pages/edit-v2/168263702#5183468280#5.4-Registering-Applications
To access these protected APIs, the participant must first generate an access token with the directory: software scope by calling the token endpoint using the client_credentials grant type. Instructions for obtaining the token can be found on https://docs.connect.raidiam.io/client-credentials-flow-obtain-access-token#YzDfh
...