WellData Implementation Guide
0.1.0 - ci-build

WellData Implementation Guide - Local Development build (v0.1.0) built by the FHIR (HL7® FHIR® Standard) Build Tools. See the Directory of published versions

Identity and Idp

WebId

The WebID is a decentralized identification standard that enables individuals and organizations to establish a unique, verifiable identity on the web. It is built upon Linked Data principles and typically represented as a URI (Uniform Resource Identifier) pointing to a publicly accessible profile document.

SOLID-OIDC

Authentication of the users in Welldata is based on the SOLID-OIDC specification. It defines how owners of the pods need to authenticate towards an IDP and how resource servers can verify the identity of pod owners based on that authentication. The SOLID-OIDC flow is described in detail here

The SOLID-OIDC flow is based on the OIDC flow.

Client Credentials OAUTH 2.0 Flow

In Solid each agent has a WebId associated with it. The WebId contains information on how the agent can authenticate itself. In We Are application agents are registered in the We Are IDP. This is an IDP specifically for applications, which allows applications to identify themselves. Clients are authorized via the client credentials flow to receive an access token.

Authorization of the client by the Client Credentials flowAuthorization of the client by the Client Credentials flowWelldata BEWe Are IDPWelldata BEWelldata BEWe Are IDPWe Are IDPWe Are Client Credentials flowGET https://openid.we-are-acc.vito.be/tokenaccess token and id token

The token endpoint is called with the following parameters:

  • grant_type: client_credentials
  • client_id: the client Id from the application registered in the We Are IDP
  • client_secret: accompanying secret for the client Id

In order to access the resource in the pod, the client needs to exchange it's token for yet another token by calling the UMA service of Inrupt.

GIDS Anonymous Login

GIDS Anonymous Login