This part of the iSHARE Scheme is considered normative and is therefore compliant with RFC 2119.
Besides Machine2Machine interaction, it can occur that it is relevant if a specific person requests data or a service. In order to provide a Service Provider with identity information on a human subject, iSHARE uses the OpenID Connect 1.0 protocol.
The iSHARE use of OpenID Connect 1.0 is based on the requirements from the official standard.
iSHARE facilitates an ecosystem within which parties can interact with previously unknown parties, pre-registration is therefore not a prerequisite and thus requires alterations to the official standard.
...
Whereas the integration of OAuth 1.0a with OpenID 2.0 required an extension, in OpenID Connect, OAuth 2.0 capabilities are integrated with the protocol itself.
iSHARE H2M authentication flow
Based on the described standards and specifications in this scheme, the generic iSHARE Human2Machine Authentication flow is described in the following sequence diagram.
iSHARE Identity JWTs
The OpenID Connect 1.0 flow contains 2 important iSHARE-specific JWTs, which are described in more detail in this section of the developer portal.
| Note |
|---|
Authorisation in OpenID Connect flowThe generic OpenID Connect 1.0 flow does not take into account Authorisations of a human. However, in iSHARE it is essential that authorisations of a user are combined with their identity details before a service can be offered. This authorisation flow is heavily dependent on the pseudonym used to refer to humans without exposing their identity. This section of the scheme is under construction and parties wishing to implement authorisations of a user are advised to contact support@ishareworks.org. |