DFC standard specifications
DFC standard specifications
DFC standard specifications
  • Introduction
  • Sources and licences
  • Contact and partners
  • Semantic specifications
    • Business ontology
    • Product ontology
    • Technical ontology
  • Technical specifications
    • Protocols specifications
    • Decentralized identifier matching reference system
    • Specifics API
    • Authentication strategy
    • Architecture representations
    • Order states
  • Prototype specifications
  • 🚧Solid client protocol
  • 🚧Connector
    • Model specifications
    • Semantizer specifications
    • Connector specifications
  • Appendixes
    • Appendix 1. General decisions
      • Federation vs Syndication
      • Stateless or stateful?
      • Service granularity
      • Directionality
      • Identification and authentication
      • Centralized or decentralized data storage
      • Metadata repository
    • Appendix 2. Technical decisions
      • Libraries to develop in semantic
      • Transition strategy fron current to ideal
      • Service standard
      • Serialization
      • Transport layer
      • Multi- or single-resource requests?
      • Right delegation between platforms and DFC
      • Data validity and inferences
    • Appendix 3. Practical Examples
      • Version 1.9
      • Version 1.8.2
      • version 1.7.4
      • version 1.7.3
      • version 1.7.1
      • version 1.7
      • version 1.6.2
      • version 1.6.1
      • version 1.6
      • version 1.5.1
      • version 1.5
      • version 1.3
      • version 1.2
  • Contributing
    • 🚧Procedures
      • Updates to the ontology
        • Patch releases procedure
        • Minor releases procedure
        • Major releases procedure
      • Ontology releases process
      • Taxonomy enrichment
        • Taxonomy updates
    • Platform Notifcations
  • Platform Register
    • Platform Register
Powered by GitBook
On this page
  • OpenID protocol
  • JWT token
  • Explanatory scheme

Was this helpful?

  1. Technical specifications

Authentication strategy

PreviousSpecifics APINextArchitecture representations

Last updated 1 year ago

Was this helpful?

OpenID protocol

In order to manage authentication, we decide to support the which is a layer on top of .

This technology is active since years and heavily supported by many big actors of the Web.

It will allow us to separate the authentication layer from the business logic one by calling a third-party application.

Each platform wishing to join the project must create a client on the server of our partner lescommuns.org. Contact the DFC team for this.

OIDC is federeted and centralized athentification protocol. Other decentralized protocol as WebID-OIDC or DID exists but are not mature.

JWT token

The OpenID authentication is based on the exchange of token based on .

Basically, these token are based on encoding JSON data into base 64. The token is signed using a public key that you can find .

Explanatory scheme

OpenID protocol
OAuth2 protocol
JSON Web Token standard
here
Platform Authentificaiton not OIDC driven
Platform Authentificaiton OIDC driven