The iSHARE Scheme can be characterised as an API (Application Programming Interface) architecture for identification, authentication and authorisation based on a modified version of the widely used OAuth and OpenID Connect standards. The APIs specified for every role within iSHARE enable standardised interaction between computer systems.
The API architecture of iSHARE also builds upon the following components:
- PKI and digital certificates;
For the authentication of parties and machines, iSHARE uses PKI and digital certificates.
- HTTP over TLS (HTTPS);
iSHARE uses the commonly used HTTP protocol for its communications, including TLS to encrypt the communications.
- RESTful architectural style;
iSHARE uses the RESTful architectural style to structure APIs and HTTP calls.
Data exchanged in the iSHARE context is structured using the JSON standard. Where non-repudiation is required, JWT's are used;
Delegations are structured according to a JSON port of the XACML standard.
The combination of the above standards and protocols leads to a certain dynamic between the roles in the iSHARE framework. In essence, Service Consumers acquire a token which allows them to access certain services from certain Service Providers. The roles specified in the iSHARE framework are loosely based on the OAuth standard.
For a full explanation and description of all APIs, standards and protocols, please refer to the Developer Portal.