Trust Framework · Access scopes

Trust Framework — Roles 2 min read

The Trust Framework defines the rights and permissions granted to each organisation and its applications within the Open Finance ecosystem.

Roles are assigned to organisations during onboarding based on the services they provide. All LFIs are assigned the LFI role, which enables them to make operational calls to the API Hub. In addition, you will be assigned the relevant TPP roles corresponding to the Open Finance services your institution offers, so that you can test end-to-end flows as a TPP would:

A Bank providing both payment initiation and data sharing services will be assigned BSIP and BDSP.
An Insurer providing data sharing services will be assigned ISP.

Defined roles for LFIs

Role

Description

Typical Grant Types

LFI
Licensed Financial Institution

Assigned to all LFIs. Used by the C3-hh-cm-client to make operational calls to the API Hub (e.g. GET/auth, PATCH/consents/{consentId}).

client_credentials

BSIP
Bank Service Initiation Provider

Assigned to banks offering payment initiation services. Used to test service initiation flows as a TPP.

client_credentials
authorization_code
refresh_token

BDSP
Bank Data Sharing Provider

Assigned to banks offering account data sharing services. Used to test data sharing flows as a TPP.

client_credentials
authorization_code
refresh_token

ISP
Insurance Service Provider

Assigned to insurers offering insurance data sharing services. Used to test insurance data flows as a TPP.

client_credentials
authorization_code
refresh_token

When creating an application, ensure you assign the correct roles for its purpose. Your C3-hh-cm-client must have the LFI role only; your TPP test client must have the appropriate TPP roles (e.g. BDSP for data sharing). See Creating the C3-hh-cm-client and the TPP Standards — Creating an Application for guidance.