MOSIP Docs 1.2.0
GitHubCommunityTech BlogsWhat's NewChatBot
  • MOSIP
    • Overview
    • License
    • Principles
      • Inclusion
      • Privacy and Security
        • Security
        • Data Protection
        • Privacy
    • Technology
      • Architecture
      • Digital ID DPI Framework
      • Technology Stack
      • API
      • Sandbox Details
    • Standards & Specifications
      • MOSIP Standards
        • 169 - QR Code Specifications
        • 169 - QR Code Specifications 1.0.0
    • Inji
    • eSignet
  • ID Lifecycle Management
    • Identity Issuance
      • Pre-registration
        • Overview
          • Features
        • Develop
          • Developers Guide
          • UI Specifications
        • Test
          • Try It Out
          • End User Guide
          • Pre-registration Collab Guide
      • Registration Client
        • Overview
          • Features
        • Develop
          • Developers Guide
          • UI Specifications
        • Test
          • Try It Out
          • End User Guide
          • Registration Client Collab Guide
        • Deploy
          • Installation Guide
          • Operator Onboarding
          • Configuration Guide
          • Settings page
        • Telemetry from Registration Client
      • Android Registration Client
        • Overview
          • Features
        • Develop
          • Developer Guide
          • UI Specification
          • Technology Stack
        • Test
          • End User Guide
          • Collab Guide
        • Deploy
          • Configuration Guide
      • Registration Processor
        • Overview
          • Features
        • Develop
          • Registration Processor Developers Guide
        • Test
          • Credential Requestor Stage
          • Manual Adjudication and Verification
        • Deploy
          • Configurations Details
          • Deploy
      • ID Repository
        • Credential Request Generator Service Developers Guide
        • Identity Service Developers Guide
        • VID Service Developers Guide
        • .well-known
        • Custom Handle Implementation Guide
    • Identity Verification
      • ID Authentication Services
        • ID Authentication Demographic Data Normalization
        • ID Authentication Service Developers Guide
        • ID Authentication OTP Service Developer Guide
        • ID Authentication Internal Service Developers Guide
        • MOSIP Authentication SDK
      • ID Authentication
    • Identity Management
      • ID Schema
      • Identifiers
      • Resident Portal
        • Overview
          • Features
        • Develop
          • Developers Guide
          • UI Developers Guide
          • UI Specifications
          • Technology Stack
        • Test
          • Functional Overview
          • End User Guide
          • Collab Guide
        • Deploy
          • Deployment Guide
          • Configuration Guide
          • Configuring Resident OIDC Client
          • Browsers Supported
    • Support Systems
      • Administration
        • Develop
          • Admin Services Developers Guide
        • Test
          • Try it out
          • Admin Portal User Guide
          • Admin Portal Collab Guide
        • Masterdata Guide
      • Partner Management System
        • Partners
        • Overview
          • Features
        • Develop
          • Architecture
          • Technology Stack
          • Backend Developers Guide
          • UI Developers Guide
          • Build and Development Guide
          • New Language Support
          • Browsers Supported
        • Test
          • Try It Out
          • Partner Administrator
          • Policy Manager
          • Authentication Partner
          • Device Provider
          • FTM Chip Provider
          • PMS Collab Guide
        • Deploy
          • PMS Configuration Guide
          • API changes with PMS Revamp
        • PMS Legacy
          • Partner Management System
          • Partner Management Portal
          • Auth Partner
          • Device Provider
          • Foundational Trust Provider
          • Partner Management Services Developers Guide
      • Reporting
        • Anonymous Profiling Support
    • Supporting Components
      • Biometrics
        • ABIS
        • ABIS API
        • Biometric SDK
        • Biometric Devices
        • FTM
        • Biometric Specification
        • MDS Specification
        • CBEFF
        • Compliance Tool Kit
      • Commons
        • Commons Developers Guide
        • Audit Manager Developers Guide
        • OpenID-Bridge Developers Guide
        • ID Generator
      • Datashare
      • Keycloak
      • Persistence
        • Postgres DB
        • Object Store
      • Packet Manager
        • Registration Packet Structure
      • Quality Manager
        • Automation
          • API Test Rig Automation
          • DSL Test Rig Automation
          • UI Test Rig Automation
          • Automation Testing
        • Manual
    • Supporting Services
      • Mock Services
      • Key Manager
        • Keys
        • Hadware Security Module (HSM)
        • Key Manager Developers Guide
      • Module Configurations
      • WebSub
        • WebSub Developers Guide
  • Setup
    • Deployment
      • Getting Started
        • Helm Charts
        • Versioning
        • Wireguard
          • Wireguard Bastion Host
          • Wireguard Administrator's Guide
          • Wireguard Client Installation Guide
        • Production
          • Server Hardware Requirements
          • Production Hardening Guide
          • Administration Using Rancher
      • V3 installation
        • On-Prem Installation Guidelines
        • On-Prem without DNS Installation Guidelines
        • AWS Installation Guidelines
        • Testrig
        • MOSIP External Dependencies
        • MOSIP Modules Deployment
    • Implementations
      • Implementations
      • Reference Implementations
    • Upgrade
      • Adopting LTS 1.2.0
        • Upgrade Runbook
          • Deployment Architecture Upgrade
          • Platform Upgrade
          • Additional Information
            • Handling Duplicate Entries
            • Adapting Changes in Administration Roles
            • Identifying Applicant Type
            • Changes in Camel Route
            • Changes in Role Management based on Client IDs
            • Handling Case Insensitive Duplicated User Details
            • Managing Unequal Certificates
            • Update Identity Mapping file in Configuration
            • New Datashare Properties
            • Handling Non-Recoverable Packets
            • Partners' Certificate Expired
            • Handling Partner Organization Name Mismatch Issue
            • Pre-Registration UI Upgrade
            • Registration Client Upgrade
            • Guide to Reprocess Packets Manually
        • Documentation for 1.1.5
      • Java 21 Migration Guide
  • Interoperability
    • Integrations
      • MOSIP - CRVS
        • Scope
        • Approach
          • Technical Details
        • Existing Integrations
          • OpenCRVS
      • MOSIP e-Manas
      • Digital Signature
      • MOSIP Token Seeder
        • MTS Versions
          • Version 1.0.0
          • Version 1.0.1
          • Version 1.1.0 (WIP)
        • MTS Developer Guides
          • Developer Guide 1.0
          • Developer Guide 1.1
        • MTS Connector
        • OpenG2P-registry MTS Connector
      • MOSIP eSignet
        • ID Authentication
        • Partner Management
        • Configuring eSignet
      • Print Service Integration
        • Verified Credentials
  • Community
    • Contributions
    • Code Contributions
      • Code of Conduct
      • MOSIP Release Process
        • Go/No Go Release Checklist
      • MOSIP Branching Strategy
    • Community Calendars
    • Documentation Credits
  • Roadmap and Releases
    • Roadmap
      • Roadmap 2025
      • Roadmap 2024
      • Roadmap 2023
    • Releases
      • PMS Revamp Release 1.2.2.1 (Patch)
      • v1.2.1.0 - Registration Processor
        • Test Report
      • Android Registration Client v0.11.0
        • Test Report
      • API Test Commons Releases
        • v1.3.2
        • v1.3.1
        • v1.3.0
      • 1.2.1.0-beta.1 (Part 3)
        • Test Report
      • Partner Management System 1.2.2.0
        • Test Report
      • Resident Services v0.9.1
        • Test Report
      • 1.2.0.2 - Reg Processor & ID Repo
        • Test Report
      • 1.2.1.0-beta.1 (Part 2)
        • Enhancements and Bug Fixes
        • Test Report
      • 1.2.1.0-beta.1(Part 1)
      • Android Registration Client 0.11.0-beta.1
        • Test Report
      • Partner Management System 1.3.0-dp.1
        • Test Report
      • 1.2.2.0 (Mosip - Config)
      • Api Test Commons Releases
      • Android Registration Client v0.10.0
        • Test Report
      • Resident Services 0.9.0
        • Test Report
      • 1.2.1.0 (ID Authentication)
        • Functional Test Report
      • 1.2.0.2
        • Test Report
      • 1.2.0.1
        • Enhancements and Bug Fixes
        • Test Report
      • Android Registration Client 0.9.0
        • Test Report
      • 1.2.0.1-B4 (Beta)
        • Test Report
      • Android Registration Client DP1
      • Resident Services DP1
      • 1.2.0.1-B3 (Beta)
        • Test Report
      • 1.2.0.1-B2 (Beta)
      • 1.2.0.1-B1 (Beta)
        • Functional Test Report
        • Sonar Report
      • 1.2.0
        • Enhancements
        • Functional Test Report
        • Sonar Scan Report
        • Performance Test Report
        • Security Test Report
        • Feature Health Report
  • General
    • Glossary
    • Resources
    • MOSIP Support Policy
    • Collab Environment Guides
      • Use Cases
        • Loan Application
      • Generating Demo Credentials
    • MOSIP Documentation Style Guide
Powered by GitBook

Copyright © 2021 MOSIP. This work is licensed under a Creative Commons Attribution (CC-BY-4.0) International License unless otherwise noted.

On this page
  • Partner Management Services
  • Admin-Services
  • Pre-registration
  • ID Authentication
  • Digital-card-service
  • Print
  • ID Repository
  • Resident Services
  • Compliance-Tool-Kit

Was this helpful?

Edit on GitHub
Export as PDF
  1. Setup
  2. Upgrade
  3. Adopting LTS 1.2.0
  4. Upgrade Runbook
  5. Additional Information

Changes in Role Management based on Client IDs

Partner Management Services

In previous versions (1.1.5.x) of our system, we utilized the mosip-partner-client for Partner Management Services (PMS). However, starting from version 1.2.0.1 onwards, we have implemented the use of mosip-pms-client instead. This transition has led to updates in service account roles, client scopes, and client configurations.

Please find below the details of the changes made to service account roles and client scopes.

Service account roles for Partner-Management-Services

mosip-partner-client (1.1.5.x)
mosip-pms-client (1.2.0.1)

offline access

CREATE_SHARE

REGISTRATION_PROCESSOR

default_roles_mosip

uma_authorization

DEVICE_PROVIDER

PARTNER

PARTNER_ADMIN

PMS_ADMIN

PMS_USER

PUBLISH_APIKEY_APPROVED_GENERAL

PUBLISH_APIKEY_UPDATED _GENERAL

PUBLISH_CA_CERTIFICATE_UPLOADED_GENERAL

PUBLISH_MISP_LICENSE_GENERATED_GENERAL

PUBLISH_MISP_LICENSE_UPDATED_GENERAL

PUBLISH_OIDC_CLIENT_CREATED_GENERAL

PUBLISH_OIDC_CLIENT_UPDATED _GENERAL

PUBLISH_PARTNER _UPDATED _GENERAL

PUBLISH_POLICY_UPDATED _GENERAL

REGISTRATION_PROCESSOR

SUBSCRIBE_CA_CERTIFICATE_UPLOADED_GENERAL

ZONAL_ADMIN

Client Scopes for Partner-Management-Services:

mosip-partner-client (1.1.5.x)
mosip-pms-client (1.2.0.1)

email

add_oidc_client

profile

email

roles

get_certificate

web-origins

profile

roles

send_binding_otp

update_oidc_client

uploaded_certificate

wallet_binding

web_origins

Admin-Services

In version 1.1.5.x, the mosip-admin-client was utilized for administrative services. We are also continuing to utilize the same client in version 1.2.0.1. While there have been modifications to the service account roles, the Client scopes have remained unchanged. Please find below the updated service account role adjustments. Additionally, it is worth noting that MOSIP Commons is also utilizing this client.

Service account roles for Admin-Services:

mosip-admin-client (1.1.5.x)
mosip-admin-client (1.2.0.1)

MASTERDATA_ADMIN

Default-roles-mosip

offline_access

ZONAL_ADMIN

uma_authorization

offline-access

PUBLISH_MASTERDATA_IDAUTHENTICATION_TEMPLATES_GENERAL

PUBLISH_MASTERDATA_TITLES_GENERAL

PUBLISH_MOSIP_HOTLIST_GENERAL

uma_authorization

Client scopes are the same for mosip-admin-client in 1.2.0.1 & 1.1.5.1

  • email

  • profile

  • roles

  • web-origins

Pre-registration

In version 1.1.5.x, we utilized the 'mosip-prereg-client' for Pre-Registration. This client is also utilized in version 1.2.0.1. There have been modifications in the service account roles, while the client scopes have remained unchanged. Please find below the updated service account roles.

Service account roles for Pre-Registration:

mosip-prereg-client in 1.1.5.x
mosip-prereg-client in 1.2.0.1
  • INDIVIDUAL

  • offline_access

  • PRE_REGISTRATION_ADMIN

  • PREREG

  • REGISTRATION_PROCESSOR

  • uma_authorization

  • default_roles_mosip

  • PRE_REGISTRATION_ADMIN

  • PREREG

  • REGISTRATION_PROCESSOR

Note: Prior to proceeding with the upgrade, please ensure that the INDIVIDUAL role has been removed.

Client scopes are the same for mosip-prereg-client in 1.2.0.1 & 1.1.5.1

  • email

  • profile

  • roles

  • web-origins

ID Authentication

In the previous version 1.1.5.x, the mosip-ida-client module was responsible for handling ID authentication. However, starting from version 1.2.0.1, we have switched to using mpartner-default-auth for this purpose. This transition has brought about several changes, including modifications to service account roles, client scopes, and client configurations. Below is an overview of the changes in service account roles and client scopes.

Service account roles for id-authentication:

mosip-ida-client in (1.1.5.x)
mpartner-default-auth (1.2.0.1)
  • AUTH

  • AUTH_PARTNER

  • ID_AUTHENTICATION

  • offline_access

  • uma_authorization

  • CREDENTIAL_REQUEST

  • default_roles_mosip

  • ID_AUTHENTICATION

  • offline_access

  • PUBLISH_ANONYMOUS_PROFILE_GENERAL

  • PUBLISH_AUTH_TYPE_STATUS_UPDATE_ACK_GENERAL

  • PUBLISH_AUTHENTICATION_TRANSACTION_STATUS_GENERAL

  • PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL

  • PUBLISH_IDA_FRAUD_ANALYTICS_GENERAL

  • SUBSCRIBE_ACTIVATE_ID_INDIVIDUAL

  • SUBSCRIBE_APIKEY _APPROVED_GENERAL

  • SUBSCRIBE_APIKEY _UPDATED _GENERAL

  • SUBSCRIBE_AUTH_TYPE_STATUS_UPDATE_ACK_GENERAL

  • SUBSCRIBE_AUTH_TYPE_STATUS_UPDATE_INDIVIDUAL

  • SUBSCRIBE_CA_CERTIFICATE_UPLOADED_GENERAL

  • SUBSCRIBE_CREDENTIAL_ISSUED_INDIVIDUAL

  • SUBSCRIBE_DEACTIVATE_ID_INDIVIDUAL

  • SUBSCRIBE_MASTERDATA_IDAUTHENTICATION_TEMPLATES_GENERAL

  • SUBSCRIBE_MASTERDATA_TITLES_GENERAL

  • SUBSCRIBE_MISP_LICENSE_GENERATED_GENERAL

  • SUBSCRIBE_MISP_LICENSE_UPDATED_GENERAL

  • SUBSCRIBE_MOSIP_HOTLIST_GENERAL

  • SUBSCRIBE_OIDC_CLIENT_CREATED_GENERAL

  • SUBSCRIBE_OIDC_CLIENT_UPDATED_GENERAL

  • SUBSCRIBE_PARTNER_UPDATED_GENERAL

  • SUBSCRIBE_POLICY _UPDATED_GENERAL

  • SUBSCRIBE_REMOVE _ID_INDIVIDUAL

  • uma_authorization

Client Scopes for id-authentication:

mosip-ida-client (1.1.5.x)
mpartner-default-auth (1.2.0.1)
  • email

  • profile

  • roles

  • web-origins

  • add_oidc_client

  • email

  • profile

  • roles

  • update_oidc_client

  • web-origins

Digital-card-service

In the previous version, 1.1.5.x, we did not employ any clients for our digital card service. However, in the latest version, 1.2.0.1, we have implemented the use of the mpartner-default-digitalcard client. Please find below the service account roles and client scopes associated with the mpartner-default-digitalcard client.

Service account roles assigned to _mpartner-default-digitalcard_** in 1.2.0.1**

  • CREATE_SHARE

  • CREDENTIAL_REQUEST

  • default_roles_mosip

  • PRINT_PARTNER

  • PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL

  • SUBSCRIBE_ CREDENTIAL_ISSUED_INDIVIDUAL

  • SUBSCRIBE_IDENTITY_CREATED_GENERAL

  • SUBSCRIBE_IDENTITY_UPDATED _GENERAL

Client scopes assigned to _mpartner-default-digitalcard_** in 1.2.0.1**

  • email

  • profile

  • roles

  • web-origins

Print

In version 1.1.5.x, we do not employ any clients for printing. However, beginning from version 1.2.0.1, we utilize the mpartner-default-print client. Please find below the service account roles and client scopes associated with the mpartner-default-print client.

Service account roles assigned to _mpartner-default-print_** in 1.2.0.1**

  • CREATE_SHARE

  • default_roles_mosip

  • PUBLISH_CREDENTIAL_STATUS_UPDTAE_GENERAL

  • SUBSCRIBE_ CREDENTIAL_ISSUED_INDIVIDUAL

Client scopes assigned to _mpartner-default-print_** in 1.2.0.1**

  • email

  • profile

  • roles

  • web-origins

ID Repository

In version 1.1.5.x, we utilized the mosip-regproc-client for id-repository. Starting from version 1.2.0.1, we have transitioned to using mosip-idrepo-client. This switch has led to modifications in service account roles, client scopes, and client settings. Below are the details of the changes in service account roles and client scopes.

Client Scopes for id-repository:

mosip-regproc-client (1.1.5.x)
mosip-idrepo-client (1.2.0.1)
  • email

  • profile

  • roles

  • web-origins

  • email

  • profile

  • roles

  • web-origins

Service account roles for id-repository:

mosip-regproc-client (1.1.5.x)
mosip-idrepo-client (1.2.0.1)
  • ABIS_PARTNER

  • CENTRAL_ADMIN

  • CENTRAL_APPROVER

  • CREDENTIAL_INSURANCE

  • CREDETIAL_PARTNER

  • Default

  • DEVICE_PROVIDER

  • DIGITAL_CARD

  • FTM_PROVIDER

  • GLOBAL_ADMIN

  • INDIVIDUAL

  • KEY_MAKER

  • MASTERDATA_ADMIN

  • MISP

  • MISP_PARTNER

  • ONLINE_VERIFICATION_PARTNER

  • POLICYMANAGER

  • PRE_REGISTRATION

  • PRE_REGISTRATION_ADMIN

  • PREREG

  • REGISTRATION_ADMIN

  • REGISTRATION_OFFICER

  • REGISTRATION_OPERATOR

  • REGISTRATION_SUPERVISOR

  • ZONAL_ADMIN

  • ZONAL_APPROVER

  • default_roles_mosip

  • ID_REPOSITORY

  • offline_access

  • PUBLISH_ACTIVATE_ID_ALL_INDIVIDUAL

  • PUBLISH_AUTH_TYPE_STATUS_UPDATE_ALL_INDIVIDUAL

  • PUBLISH_AUTHENTICATION_TRANSACTION_STATUS_GENERAL

  • PUBLISH_DEACTIVATE_ID_ALL_INDIVIDUAL

  • PUBLISH_IDENTITY_CREATED_GENERAL

  • PUBLISH_IDENTITY_UPDATED _GENERAL

  • PUBLISH_REMOVE _ID_ALL_INDIVIDUAL

  • PUBLISH_VID_CRED_STATUS_UPDATE_GENERAL

  • SUBSCRIBE_VID_CRED_STATUS_UPDATE_GENERAL

  • uma_authorization

Resident Services

In version 1.1.5.x, we utilized the mosip-resident-client for Resident Services. This client is also employed in version 1.2.0.1. Although there were modifications in service account roles, the client scopes remain unchanged. Below the details of the alterations made in service account roles.

Service account roles for Resident-Services:

mosip-resident-client (1.1.5.x)
mosip-resident-client (1.2.0.1)
  • CREDENTIAL_ISSUANCE

  • CREDENTIAL_REQUEST

  • offline_access

  • RESIDENT

  • uma_authorization

  • CREDENTIAL_REQUEST

  • default_roles_mosip

  • offline_access

  • RESIDENT

  • SUBSCRIBE_AUTH_TYPE_STATUS_UPDATE_ACK_GENERAL

  • SUBSCRIBE_AUTHENTICATION_TRANSACTION_STATUS_GENERAL

  • SUBSCRIBE_CREDENTIAL_STATUS_UPDATE_GENERAL

  • uma_authorization

Client Scopes for Resident-Services:

mosip-resident -client (1.1.5.x)
mosip- resident -client (1.2.0.1)
  • email

  • profile

  • roles

  • web-origins

  • email

  • ida_token

  • individual_id

  • profile

  • roles

  • web-origins

Compliance-Tool-Kit

In previous iterations (1.1.5.x) of our system, we did not employ any clients for the compliance toolkit. However, beginning with version 1.2.0.1, we have implemented the use of mosip_toolkit_client. The following information outlines the service account roles and client scopes associated with mosip_toolkit_client.

Service account roles assigned to _mosip_toolkit_client_** in 1.2.0.1**

  • default_roles_mosip

Client scopes assigned to _mosip_toolkit_client_** in 1.2.0.1**

  • email

  • profile

  • roles

  • web-origins

Last updated 1 year ago

Was this helpful?