Authorization
The following table lists the operations of the signing identity management API. For each operation, the value is specified that must be contained by the scope of the access token that is inserted in the operation request message for the requesting application to perform the operation. This indication is made by specifying the type of OAuth flow via which the access token must be obtained (ACG, authorization code grant, or CCG, client credentials grant).
|
Operation \ Scope |
manage |
profile |
credentials |
register |
permissions |
sign |
Observations |
|
|
|
|
ACG |
|
|
The registration scope must be the mobile signing identity registration scope of the schema to which the identity belongs. |
|
|
Create a Signing Identity and its Associated Keys on the Server |
|
|
|
ACG |
|
|
The registration scope can be any server signing identity registration scope of the schemas registered in the TRIDENT. |
|
|
|
|
ACG |
|
|
The registration scope must be the server signing identity registration scope of the schema to which the identity belongs. |
|
|
|
|
|
ACG, CCG |
|
|
The registration scope must be the server signing identity registration scope of the schema to which the identity belongs. |
|
|
CCG |
|
|
|
|
|
|
|
|
Update the Activation Password of a Server Signing Identity in the HSM |
|
|
ACG |
|
|
|
|
|
ACG, CCG |
ACG, CCG |
|
ACG, CCG |
|
|
The registration scope can be any server signing identity registration scope of the schemas registered in the TRIDENT. |
|
|
ACG, CCG |
ACG, CCG |
|
ACG, CCG |
|
|
The registration scope must be the server or mobile signing identity registration scope of the schema to which the identity belongs. |
|
|
ACG, CCG |
|
|
ACG, CCG |
|
|
The registration scope must be the server or mobile signing identity registration scope of the schema to which the identity belongs. |
|
|
Obtain Information on Access Permissions to a Signing Identity |
ACG |
ACG |
|
ACG |
ACG |
|
|
|
Obtain Information on a User's Access Permissions to a Signing Identity |
ACG |
ACG |
|
ACG |
ACG |
|
|
|
|
|
|
|
ACG |
ACG |
|
|
|
|
|
|
|
ACG |
ACG |
|
In operations in which multiple values are specified, the scope only needs to contain one of the values. The values specified are abbreviations of the following values (which are the values that the scope must contain):
manage: urn:safelayer:eidas:sign:identity:manage.
profile: urn:safelayer:eidas:sign:identity:profile.
credentials: urn:safelayer:eidas:sign:identity:manage:server:credentials.
register: mobile or server signing identity registration scope. For example, urn:safelayer:eidas:sign:identity:register.
permisions: urn:safelayer:eidas:sign:identity:manage:permissions.
sign: urn:safelayer:eidas:sign:identity:manage:permissions:sign.