List of Signing Identities

URI

/trustedx-resources/esigp/v1/sign_identities

Description

Resource containing information on a set of signing identities.

Representation

A list of identities is represented in JSON as follows:


{
"sign_identities" : [ {
"id" : {string},
"self" : {string},
"description" : {string},
"labels" : [ {string} ],
"type" : {string},
"device_id" : {string},
"domain" : {string},
"access" : [ {
"user_id" : {string},
           "permissions": [ {string} ]
} ],
"links" : {
<operation_alias> : {
"auth" : {
"oauth2": {"scopes": [ {string} ]}
}
}
},
"status" : {
"value" : {string},
"reason" : {string}
}
}]
}

Name

Description

sign_identities[]

List of signing identities. Contains all the properties for the signing identities except details.

sign_identities[].id

Identifier of one of the signing identities.

sign_identities[].self

URL of one of the signing identities.

sign_identities[].description

Description of one of the signing identities.

sign_identities[].labels

List of labels associated with one of the signing identities.

sign_identities[].type

Type of one of the signing identities. This property currently always takes the pki:x509 value.

sign_identities[].device_id

The device where the private part of the keys associated with one of the signing identities is located. Only the signing identities on mobile devices have this property.

sign_identities[].domain

Domain one of the signing identities belongs to.

sign_identities[].access[]

Access control information for one of the signing identities.

sign_identities[].access[].user_id

Identifier of a user with access to one of the signing identities.

sign_identities[].access[].permissions

Access permissions of a user to one of the signing identities. The permissions can be one or more of the following:

  • manage: permission for managing the signing identity (update, disable, enable, query access permissions, change access permissions, etc.) but not for creating a signature with the key associated with the signing identity.

  • sign: permission for creating a signature with the key associated with the signing identity.

  • assign_for_signing: permission for self-granting the sign permission on the signing identity. This permission is for implementing the granting of the sign permission in two steps: in the first step, the user receives the assign_for_signing permission from the user with the manage permission; in the second, the user self-grants the sign permission by using the assign_for_signing permission.

sign_identities[].links

Information on operations that use one of the signing identities.

sign_identities[].links.<operation_alias>

Information on the <operation_alias> operation regarding the use of one of the signing identities. Currently, the only possible value for <operation_alias> is Signatures.create.server.raw.

sign_identities[].links.<operation_alias>.auth

Authorization information on the <operation_alias> operation regarding using one of the signing identities.

sign_identities[].links.<operation_alias>.auth.oauth2

OAuth 2.0 authorization information on the <operation_alias> operation regarding using one of the signing identities.

sign_identities[].links.<operation_alias>.auth.oauth2.scopes[]

Set of OAuth 2.0 scopes required for accessing the <operation_alias> so that the operation can use one of the signing identities.

sign_identities[].status

Information on the status of a signing identity.

sign_identities[].status.value

Status of a signing identity.

  • enabled: The signing identity is enabled.

  • disabled: The signing identity is disabled.

  • locked: The signing identity is locked.

sign_identities[].status.reason

The reason why a signing identity is in its current state. This optional property indicates why a signing identity has been locked or disabled.