Version: 1.0.0

RegistryAccord Identity Service API

Portable, user-centric identity layer with authentication, authorization, consent management, and audit capabilities for the RegistryAccord protocol.

Key Features

• WebAuthn/Passkey primary authentication (phishing-resistant)
• OAuth2/OIDC for application authorization
• Granular consent management with 24-hour withdrawal SLA
• RBAC/ABAC with fine-grained scopes
• Organization and team management
• Comprehensive audit logging

Authentication Strategy

• User Authentication: WebAuthn (FIDO2) / Passkey
• App Authorization: OAuth2 authorization_code & client_credentials flows
• Enterprise SSO: SAML/OIDC federation support

Authentication

OAuth 2.0: oauth2

OAuth2 flows for application authorization

Security Scheme Type:	oauth2
OAuth Flow (authorizationCode):	Token URL: https://auth.registryaccord.com/token Authorization URL: https://auth.registryaccord.com/authorize Scopes: identity:read: Read identity information identity:write: Create and update identities identity:delete: Delete identities (RTBF) consent:read: Read consent records consent:write: Grant consents consent:delete: Revoke consents org:read: Read organization details org:write: Manage organizations audit:read: Query audit events
OAuth Flow (clientCredentials):	Token URL: https://auth.registryaccord.com/token Scopes: service:identity: Service-to-service identity operations

HTTP: Bearer Auth

JWT access tokens

Security Scheme Type:	http
HTTP Authorization Scheme:	bearer
Bearer format:	JWT

Contact

RegistryAccord Maintainers: specs@registryaccord.com

URL: https://github.com/RegistryAccord/registryaccord-specs

License

Apache-2.0