Frdlweb API Specification

Zurückkehren Übergeordnet: technical-specifications (1.3.6.1.4.1.37553.8.1.8.1)

Technische Informationen

Punkt-Notation:	`1.3.6.1.4.1.37553.8.1.8.1.13878`
ASN.1-Notation:	`{ iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) frdlweb(37553) weid(8) org(1) webfan(8) technical-specifications(1) frdlweb-api(13878) }`
OID-IRI-Notation:	`/ISO/Identified-Organization/6/1/4/1/Frdlweb/weid/Organization/Webfan/1/13878`
WEID-Notation:	`weid:1-8-1-API-6`
DER-Kodierung:	`06:0E:2B:06:01:04:01:82:A5:31:08:01:08:01:EC:36`

Beschreibung

This specification defines the "Frdlweb API Specification".

Please note that this draft is a work in progress and will be updated or changed in the future.

Introduction

An "Frdlweb API" implements a specific subset of API specifications, provides the "Frdlweb API Workflow" and the "Frdlweb API Metadata".

Example Implementation

discover.api.webfan.de

Frdlweb API Workflow

An Frdlweb API implements

One or more API-discover document as META-Information
An OAuth2 Authorization Server
One or more JSON-RPC Version 2.0 Servers

Flow 1) The consumer may use the access_token provided by the Oauth2 Authorization Server to do an authorized request on behalf of the End-User to one of the associated JSON-RPC Servers.

The Cliet Request SHOULD specifify the access_token as "Bearer" Token in the "Authorization"-Header and the "X-Authorization"-Header of the request.

Flow 2) The consumer may use the access_token to request a protected resource which hands auth an time-limited username and password to the client to access the RPC Server methods using Digest-Auth.

If the JSON-RPC Request is a batch-request, the server MUST validate the token and its scope on each requested API method, meaning the scope/token cannot issue a complete request but a single RPC method.

The OAuth Server Origin and the JSON-RPC Server Origin must not be the same. In that case the servers may use the OAuth 2.0 Introspection Protocol to validate a token, as the RPC method requests a protected resource, but this is out of the scope of this specification.

Frdlweb API Metadata

An Frdlweb API Server MUST provide metadata documents, at least one root metadata document.

The metadata MUST refer to at least

An OAuth 2.0 Authorization Server Metadata Document as specified in the OAuth Discovery Specifiaction.
References to one or more JSON-RPC 2.0 Servers, provideing Metadata Documents via a public rpc.discover method as specified in the OpenRPC Specification.

Registrierungsstelle

FRDL/Webfan Registration Authority
E-Mail: till@webfan.de
Till Wehowski
Webfan Homepagesystem
Headquater
Wattenscheider Straße 59
44793 Bochum
Germany

Telefon: +492347921596
Mobil: +491744440298

Untergeordnete Objekte

ID	Base36	ASN.1 IDs (kommagetrennt)	IRI IDs (Kommagetrennt)	RA	Kommentar	Erstellt	Geändert
31765	OID	oid-lookup		FRDL/Webfan Registration Authority		2020-06-10	2020-06-11

Alternative Bezeichner

Bezeichner	Beschreibung
aid:D276000186B200055B35C47150DA7562 (Keine PIX erlaubt)	OIDplus Information Object Anwendungsbezeichner (ISO/IEC 7816)
guid:5b35c471-475e-8000-a6d3-7da08eb254b1	OIDplus Information Object Custom UUID (RFC 9562)
guid:898433a8-b5a8-3429-a9c0-111e1d4039c7	Namensbasierte Version 3 / MD5 UUID mit Namensraum UUID_NAMEBASED_NS_OID
guid:2e262c31-89fb-5bf0-9981-65cee7b4b563	Namensbasierte Version 5 / SHA1 UUID mit Namensraum UUID_NAMEBASED_NS_OID
mac:12-E1-50-DA-75-62	OIDplus Information Objekt Unicast MAC-Adresse (AAI)
mac:13-E1-50-DA-75-62	OIDplus Information Objekt Multicast MAC-Adresse (AAI)
weid:1-8-1-API-6	WEID-Notation
x500dn:/dc=com/dc=example/cn=oidplus/1.3.6.1.4.1.37476.2.5.2.9.4.1=1530250353/1.3.6.1.4.1.37476.2.5.2.9.4.2=1356494178	OIDplus Information Object X.500 DN