Configuring a Wallet

Scope and Audience

This section is meant for an administrator of an FPX network, and covers how to register a new Wallet or update an existing one in an FPX environment directly through the Admin API.

Required Reference

The reader of this document should be familiar with the architecture and terminology associated with the FPX specification. This specification extends the UMA 2.0 specification by enabling privacy preservation and governable network actors.

If you are unfamiliar with Resource Definitions or Scopes, refer to the Glossary and the Partners section of the guide for more information before trying to add a resource definition.

Overview

Before a Wallet can begin to interact with a Federated Privacy Exchange (FPX) Network, an FPX Admin User must register their service at the AS (Authorization Server). This process can be scripted and automated by directly integrating with the associated AS Admin API.

Onboarding is a simple one-step process. The Wallet must be registered and set up as both an OAuth 2.0 Client and an OAuth 2.0 Provider of the Authorization Server. The Wallet will act in an OAuth Provider role when the Authorization Server federates out to a Wallet to do claims-gathering with the user. The Wallet will act as an OAuth Client role when it requests ticket information from the Authorization Server.

Wallets will represent the user, and have visibility on user data and transactions. It is integral from a security standpoint that Wallet partners are from vetted, regularly audited sources. Many FPX networks may wish to deploy and operate their own Wallet without allowing third-party Wallets.