Getting started

This page describes the steps you have to undertake to consume services provided by iSHARE compliant Service Providers (this page assumes general knowledge of the ).

Prerequisites

Make sure you execute the following steps before trying to consume services provided by iSHARE Providers.

1. Obtain a valid identity (private key + certificate)

   • Staging: to request a test certificate. More information on .

   • Production: Acquire a certificate from an eIDAS certificate provider.

2. Register yourself as iSHARE Consumer

   • Staging: If you want to register at a specific iSHARE Satellite, contact the iSHARE Satellite through their communication channels. A registration via the Scheme Owner is also possible: contact us at .

   • Production: Register yourself with any iSHARE Satellite using their registration procedure.

Implementation

Every iSHARE Service Provider has implemented 2 standardised endpoints: * Access Token (M2M) * Capabilities

As an iSHARE Service Consumer, a minimum implementation requires connecting to the Access Token endpoint. For more information about requesting an Access Token, refer to the section about the . The request includes an iSHARE JWT, which is documented . After obtaining an Access Token, this token can be used to consume services from the Service Provider. These services themselves are not standardised by iSHARE.

Service Consumer should contact the intended to retrieve the requisites of the request

For your implementation, choose one of the following scenarios. A combination of scenarios is possible. All scenarios assume that a protected service will be consumed.

Scenario 1: Minimum implementation

The endpoint and specifications of the service that will be consumed are already available. Delegation evidence is acquired by the Service Provider.

Connection with the Service Provider

2. Use Access Token to consume service

Scenario 2: Using the /capabilities endpoint to discover services

The endpoints of the service that will be consumed are obtained through the /capabilities endpoint. Further specifications are assumed already available. Delegation evidence is acquired by the Service Provider.

Connection with the Service Provider

3. Use Access Token to consume /capabilities endpoint to discover where to consume services

4. Use result of /capabilities endpoint + Access Token to consume services

Scenario 3: Perform pre-checks on the Service Provider

If the Service Consumer provides data to a Service Provider (i.e. data that belongs to an Entitled Party), for full legal coverage it is advised to check adherence of the Service Provider, before a service is consumed. The implementation would then be as follows.

Connection with iSHARE Satellite

2. Use Access Token to request the /trusted_list endpoint

3. Validate adherence of the Service Provider by invoking the /parties endpoint, searching for the EORI of the Service Provider that should be used at the Satellite. Check if the party can be found, if the certificate is valid (check with trusted list) and if the party has the role of Service Provider.

Connection with the Service Provider

2. Use Access Token to consume service

Scenario 4: Full implementation, with prechecks and delegation evidence

If the Service Consumer wishes to provide delegation evidence to the Service Provider, the minimum implementation is as follows.

Connection with iSHARE Satellite

4. Validate adherence of the Service Provider by invoking the /parties endpoint, searching for the EORI of the Service Provider that should be used at the Satellite. Check if the party can be found, if the certificate is valid (check with trusted list) and if the party has the role of Service Provider.

Connection with the Authorization Registry

2. Use the Access Token to invoke the Delegation endpoint, to obtain Delegation Evidence

Connection with the Service Provider

2. Use Access Token and Delegation Evidence to consume service

eSEAL Guide can be referred below.