iSHARE Authorization Registry

iSHARE is a collaborative effort to improve conditions for data-sharing for organisations within as well as across sectors. The functional scope of the iSHARE Scheme focuses on topics of identification, authentication and authorization.

iSHARE Authorization Registry

The Authorization Registry:

Manages records of Delegation and Authorization of Entitled Party (role) and/or Service Consumer (role);
Checks on the basis of the registered permission(s) whether a Machine Service Consumer (role) is authorized to take delivery of the requested service, and;
Confirms the established powers towards the Service Provider (role).

Within the iSHARE Scheme, the term Authorization Registry always refers to an external Authorization Registry (not part of the Service Provider (role) or Entitled Party (role)).

The Authorization Registry is a role for which iSHARE Certification (iSHARE) is REQUIRED.

The Authorization Registry-code that is in this repository is not a 'production-ready' Authorization Registry, meaning it has a limited set of functionalities. It can be used in proof of concepts or pilots to showcase the iSHARE Authorization protocol, however many functionalities can be improved. Furthermore, it should be noted that only the request and return made to the /delegation endpoint (as described on our Developer Portal) is specified within the iSHARE standards. How an authorization registry registers policies and translates these into delegation evidence is up to the authorization registry. This code only provides one of the options to do so.

Installation process for API

Prerequisites

Install .NET Core 3.1.106 Runtime (or SDK 3.1.106 for development).

Clone or download the Authorization Registry repository:

git clone https://github.com/iSHAREScheme/AuthorizationRegistry.git (or download zip)

Setup the development environment

Create environment variable 'ENVIRONMENT' with the value 'Development'
Navigate to iSHARE.AuthorizationRegistry.Api and create a new file named 'appsettings.Development.json'
Copy the content of 'appsettings.Development.json.template' into 'appsettings.Development.json' and complete all fields with the necessary information and save the changes
Into appsettings.Development.json file:
1. Change DigitalSigner -> PrivateKey value to the valid RSA private key value with the following format: "-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----". For this, you can use OpenSSL:
  1. Extract the private key from the certificate: openssl pkcs12 -in "certificate.p12" -out "certificate.key.pem" -nodes -nocerts -password pass:your_password_here
  2. Decrypt private key: openssl rsa -in certificate.key.pem -out certificate.key.decr.pem
  3. Extract the content from certificate.key.decr.pem and replace the endline characters with "\n"
2. Change DigitalSigner -> RawPublicKey value to the valid certificate value with the following format: "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----". For this you can use OpenSSL:
  1. Extract .pem: openssl pkcs12 -in certificate.p12 -clcerts -nokeys -out certificate.pem -password pass:your_password_here
  2. Extract the content from certificate.pem and remove the endline characters
3. Save changes
Go to Resources\Development
1. Open certificate_authorities.json
2. Add the necessary certificate authorities in the following format: "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----" (this value can be obtained from a .pem certificate by extracting the content and removing the line separators/endlines)
3. Save

Build API

Navigate to the local Authorization Registry repository and run dotnet build

Setup the database

Authorization Registry is using a SQL database that is created at runtime. Various test records are inserted from JSON files present here

iSHARE.AuthorizationRegistry.Api\Seed\Identity\Development
iSHARE.AuthorizationRegistry.Api\Seed\IdentityServer\Development
iSHARE.AuthorizationRegistry.Data\Migrations\Seed\Development

Run process

Navigate to the local Authorization Registry repository, into iSHARE.AuthorizationRegistry.Api folder and run dotnet run
Open a browser tab and navigate to localhost:61433/swagger

Installation for SPA

Prerequisites

The software you'll need before installing Authorization Registry SPA:

Node.js
Angular CLI - npm install -g @angular/cli

Install dependencies

Run npm install inside iSHARE.Spas folder to get all dependencies downloaded locally.

Run process

Run npm start -- --project=AuthorizationRegistry.

NOTE: The Authorization Registry API must be running in order for the application to work correctly
NOTE: The SPA will be available by default at http://localhost:4201/admin

Name		Name	Last commit message	Last commit date
Latest commit History 40 Commits
iSHARE.Abstractions		iSHARE.Abstractions
iSHARE.Api		iSHARE.Api
iSHARE.AuthorizationRegistry.Api		iSHARE.AuthorizationRegistry.Api
iSHARE.AuthorizationRegistry.Client		iSHARE.AuthorizationRegistry.Client
iSHARE.AuthorizationRegistry.Core		iSHARE.AuthorizationRegistry.Core
iSHARE.AuthorizationRegistry.Data		iSHARE.AuthorizationRegistry.Data
iSHARE.AzureKeyVaultClient		iSHARE.AzureKeyVaultClient
iSHARE.Configuration		iSHARE.Configuration
iSHARE.EmailClient		iSHARE.EmailClient
iSHARE.EntityFramework		iSHARE.EntityFramework
iSHARE.Identity.Api		iSHARE.Identity.Api
iSHARE.Identity.Data		iSHARE.Identity.Data
iSHARE.Identity		iSHARE.Identity
iSHARE.IdentityServer.Data		iSHARE.IdentityServer.Data
iSHARE.IdentityServer		iSHARE.IdentityServer
iSHARE.Models		iSHARE.Models
iSHARE.SchemeOwner.Client		iSHARE.SchemeOwner.Client
iSHARE.Spas		iSHARE.Spas
iSHARE.TokenClient		iSHARE.TokenClient
tests		tests
.gitignore		.gitignore
Differences.md		Differences.md
LICENSE		LICENSE
README.md		README.md
iSHARE.Open.AuthorizationRegistry.sln		iSHARE.Open.AuthorizationRegistry.sln

License

iSHAREScheme/AuthorizationRegistry

Folders and files

Latest commit

History

Repository files navigation

iSHARE Authorization Registry