Trust Framework · Access scopes
Trust Framework — Roles 2 min read
The Trust Framework defines the rights and permissions granted to each organisation and its applications within the Open Finance ecosystem.
Roles are initially assigned to organisations during their onboarding into the ecosystem depending on their licencing with the Central Bank of the UAE. These roles reflect the Technical Access Scopes that the organisation's applications can request and use within the Open Finance ecosystem.
When creating an application, include all relevant roles required for interaction with LFIs. This ensures successful registration and full functionality across the ecosystem.
Defined roles and access scopes for TPPs
Each role grants access to two classes of API:
- User-consented
- APIs that act on a specific end user's data or instructions. They require a stored consent in the API Hub, are authorised via
authorization_codeand re-used viarefresh_token, and the access token carries an Authorization Details object that binds it to a single consent. - Application-only
- APIs that do not act on a specific end user and require no consent or user interaction (e.g. ATM locations, public product catalogues, IBAN name-match checks). Access tokens are obtained via
client_credentialsonly.
Role
Access Type
Allowed API Scopes
Allowed Authorization Details Types
Allowed Grant Types
BSIP
Bank Service Initiation Provider
Bank Service Initiation Provider
User-consented
openidpaymentsurn:openfinanceuae:service-initiation-consent:*client_credentialsauthorization_coderefresh_tokenBSIP
Application-only
confirmation-of-payee—
client_credentialsBDSP
Bank Data Sharing Provider
Bank Data Sharing Provider
User-consented
openidaccountsurn:openfinanceuae:account-access-consent:*client_credentialsauthorization_coderefresh_tokenBDSP
Application-only
atmproducts—
client_credentialsISP
Insurance Service Provider
Insurance Service Provider
User-consented
openidinsuranceurn:openfinanceuae:insurance-consent:*client_credentialsauthorization_coderefresh_token