This chapter describes the basic architecture of an FSC system.
Connections between Managers, Inways, Outways use Mutual Transport Layer Security (mTLS) with X.509 certificates. Components in the Group are configured to accept the same (Sub-) Certificate Authorities (CA) as Trust Anchors (TA). Each TA is a Trusted Third Party that ensures the identity of the Peers by verifying a set of fields of the subject field , section 4.1.2.6 of [[RFC5279]] that act as PeerID in each X.509 certificate. When multiple TAs are used the TAs must ensure that the elements of the subject field used to identify a Peer are the same across the TAs.
Contracts are negotiated between the Managers of Peers. The Directory provides the address of each Manager. Connections to Services are authorized by Contracts with ServiceConnectionGrants. To create a new contract, the Manager uses a selection of desired connections as input. (Typically this input comes from a user interface interacting with the Management functionality). For each desired connection, a ServiceConnectionGrant is formulated that contains identifying information about both the Outway from the Service consumer and the Service of the Service provider. One Contract may contain multiple Grants. Grants typically match the connections mentioned in a legal agreement like a Data Processing Agreement (DPA). Valid Contracts are used to configure Inways and Outways and enable the possibility to automatically create on demand connections between Peers, as defined in the Grants. Contracts can contain multiple Peers. E.g. if a Peer wants a single Contract for an application, this Contract can contain all the connections required for that application.
- The initiating Peer gets the address of the Manager from the Directory.
- The Directory return the Manager address to the Peer.
- The initiating Peer sends the Contract proposal with its accept signature to the receiving Peer.
- The receiving Peer sends back its own accept signature to the initiating Peer.
Any Peer can submit a Contract to other Peers. This Contract becomes valid when the Peers mentioned in the Contract accept the Contract by placing an accept signature.
A Contract becomes invalid when at least one Peer mentioned in the Contract revokes the Contract.
A Contract becomes invalid when at least one Peer mentioned in the Contract rejects the Contract.
A Contract becomes invalid when the validity period of the Contract expires.
Accepting, rejecting and revoking is done by adding a digital signature.
The content of a Contract is immutable. When the content of a Contract is subject to change, the Contract is invalidated and replaced by a new one.
A Group is a system of Peers using Inways, Outways and Managers that confirm to the FSC specification to make use of each other's Services.
In order to create a Group a Profile containing at least the mandatory decisions MUST be created.
Additionally optional decisions COULD be added to the profile whilst creating an FSC Group providing additional restrictions placed on the FSC Group.
Every Group is defined by one Directory that contains the Services and Peers in the Group. All Peers in the Group make themselves known to the Directory by having their Manager call the Announce endpoint of the Directory. This way the Directory contains a list of all Peers in the Group with their corresponding Manager address.
When publishing services, Managers register Services by offering Contracts with a ServicePublicationGrant or DelegatedServicePublicationGrant to the Directory.
Peers query the Directory to discover the Services available in the Group
- The Peer creates a Contract with a Service Publication Grant which contains the details of the Service.
- The Peer adds its own accept signature to the Contract.
- The Peer sends the Contract and accept signature to the Directory.
- The Directory adds its own accept signature.
- The Directory sends the accept signature to the Peer.
A connection can be established if the Peer connecting to the Service has a valid Contract containing a ServiceConnectionGrant with the Peer providing the Service. The connection Grants contains information about the Service and the public key of the Outway that is authorized to connect to the Service.
The Contract is distributed among the two Peers. Once the Contract is signed by all Peers, the Outway can connect to the Inway offering the Service.
- The Service consumer creates a Contract with a Service Connection Grant which contains the details of the Service.
- The Service consumer adds an accept signature to the Contract.
- The Service consumer sends the Contract and the accept signature to the Service Provider.
- The Service provider adds its own accept signature.
- The Service provider sends the accept signature to the Service consumer.
When the Service is being offered on behalf of another Peer the Contract is distributed among three Peers. The Peer acting as Delegator in the Service publication will also receive the Contract. Once the Contract is signed by all the Peers, the Outway can connect to the Inway offering the Service on behalf the Delegator.
- The Service consumer creates a Contract with a Service Connection Grant which contains the details of the Service.
- The Service consumer adds an accept signature to the Contract.
- The Service consumer sends the Contract and the accept signature to the Service provider.
- The Service consumer sends the Contract and the accept signature to the Delegator of Service Publication.
- The Service provider adds its own accept signature.
- The Service provider sends the accept signature to the Service consumer.
- The Service provider sends the accept signature to the Delegator.
- The Delegator adds its own accept signature.
- The Delegator sends the accept signature to the Service provider.
- The Delegator sends the accept signature to the Service consumer.
A connection on behalf of another Peer (delegation) can only be established if the Peer connecting to the Service has a valid Contract containing a DelegatedServiceConnectionGrant with the Peer providing the Service. The connection Grants contains information about the Service, the public key of the Outway that is authorized to connect to the Service and the Peer acting as Delegator.
The Contract is distributed among the three Peers. Once the Contract is signed by all the Peers, the Outway of the Delegatee can connect to the Inway offering the Service on behalf the Delegator.
- The Delegator creates a Contract with a Delegated Service Connection Grant which contains the details of the Service and the Peer who will be acting as Delegatee (who will consume the Service).
- The Delegator adds its own accept signature to the Contract.
- The Delegator sends the Contract and accept signature to the Delegatee.
- The Delegatee adds its own accept signature.
- The Delegatee sends the accept signature to the Delegator.
- The Delegatee sends the accept signature to the Service Provider.
- The Delegator sends the Contract and accept signature to the Service Provider.
- The Service Provider adds its own accept signature.
- The Service Provider sends the accept signature to the Delegatee.
- The Service Provider sends the accept signature to the Delegator.
When the Service is being offered on behalf of another Peer the Contract is distributed among four Peers. The Peer acting as Delegator in the Service publication will also receive the Contract. Once the Contract is signed by all the Peers, the Outway of the Delegatee can connect to the Inway offering the Service on behalf the Delegator.
- The Delegator creates a Contract with a Delegated Service Connection Grant which contains the details of the Service and the Peer who will be acting as Delegatee (who will consume the Service).
- The Delegator adds its own accept signature to the Contract.
- The Delegator sends the Contract and accept signature to the Delegatee.
- The Delegator sends the Contract and accept signature to the Service provider.
- The Delegator sends the Contract and accept signature to the Delegator of the Service publication.
- The Delegatee adds its own accept signature.
- The Delegatee sends the accept signature to the Delegator.
- The Delegatee sends the accept signature to the Service provider.
- The Delegatee sends the accept signature to the Delegator of the Service publication.
- The Service provider adds its own accept signature.
- The Service provider sends the accept signature to the Delegatee.
- The Service provider sends the accept signature to the Delegator.
- The Service provider sends the accept signature to the Delegator of the Service publication.
- The Delegator of the Service publication adds its own accept signature.
- The Delegator of the Service publication sends the accept signature to the Delegatee.
- The Delegator of the Service publication sends the accept signature to the Delegator.
- The Delegator of the Service publication sends the accept signature to the Service provider.
A Peer can consume a Service by sending request for said Service to an Outway. The Peer obtains an access token from the Manager of the Peer providing the Service. The Outway proxies the request including the access token to the Inway. The Inway will validate the access token and proxy the request to the Service.
- The client application sends a request to the Outway.
- The Outway creates an connection with the Inway and proxies the request. In this diagram it is assumed that the Outway already has an access token.
- The Inway validates the provided access token before proxying the request to the Service.
- The Inway proxies the request to the Service.
- The Service returns the response to the Inway.
- The Inway returns the response to the Outway.
- The Outway returns the response to the client.
Which components a Peer needs depends on the use case.
A Peer who wants to consume Services needs a Manager and an Outway.
A Peer who wants to offer Services needs a Manager and an Inway.
A Peer who wants to both consume and offer Services needs a Manager,an Outway and an Inway.