Organisation statuses and lifecycle in Raidiam Connect
Every organisation in Raidiam Connect has a status that determines whether it can actively participate in the ecosystem. Statuses govern the full participant lifecycle — from initial onboarding through to offboarding and potential reinstatement.
Available statuses
Active
When an organisation is created, it is assigned the Active status. An active organisation can fully interact with other participants in the ecosystem:
-
Its applications can register at provider authorisation servers and make API calls.
-
Its authorisation servers and API resources are discoverable by other participants.
-
Its certificates are valid and can be used for mutual TLS and request signing.
Withdrawn
Changing an organisation's status to Withdrawn offboards it from the ecosystem. This is typically done when an organisation breaches the terms and conditions of the ecosystem, voluntarily exits, or is removed by a regulatory action.
When an organisation is withdrawn:
-
Its applications can no longer successfully interact with other participants' authorisation servers.
-
Its authorisation servers and API resources are no longer discoverable through the participant directory.
-
Other participants that query the directory will see the organisation's status as withdrawn and should refuse to interact with it.
Status transitions
| Transition | Trigger | Who can perform it |
|---|---|---|
| Active → Withdrawn | Compliance breach, voluntary exit, regulatory action, or cybersecurity incident | Super User or Data Administrator |
| Withdrawn → Active | Issue resolved, reinstatement approved by the ecosystem governance | Super User or Data Administrator |
What withdrawal means for connected participants
When a relying party queries the participant directory and discovers that a counterpart has been withdrawn, it should treat the organisation as untrusted. Existing access tokens or client registrations associated with the withdrawn organisation should be revoked or ignored, depending on the ecosystem's governance policy.
Trust Framework Administrators can use withdrawal as a rapid response mechanism during a cybersecurity incident — removing a compromised organisation from the ecosystem within minutes while preserving the ability to reinstate it once the issue is resolved.
