Participant directory: manage organisations and APIs in your trust ecosystem

Raidiam Connect's participant directory is the centralised registry where every organisation, application, authorisation server, API, and certificate within a Trust Framework is recorded and governed. It gives Trust Framework Administrators a single place to onboard participants, delegate resource management, and enforce trust policies across the ecosystem.

---

What is a participant directory

A participant directory — sometimes called a trust registry — is a governance-backed, machine-readable registry that lists which organisations are recognised as trusted participants within a digital ecosystem. It records the identity, status, roles, and technical resources of every participant so that organisations can discover each other and interact with confidence — whether they are exchanging data, issuing digital credentials, operating wallets, or exposing APIs.

Raidiam Connect's participant directory goes beyond a static list. It combines identity management, delegated administration, API discovery, and lifecycle governance into a single platform — enabling ecosystems ranging from national Open Finance initiatives to private data sharing environments and enterprise-level federations.

What the directory manages

The participant directory stores and organises the following resources for every organisation in the ecosystem:

• Organisations — real business entities linked to a unique registration number. Depending on the ecosystem, organisations may serve as API providers, API consumers, credential issuers, wallet providers, credential verifiers, or any combination of roles.

• Applications — software statements (client applications) that request access to data or APIs within the ecosystem.

• Authorisation servers — OAuth authorisation servers/OpenID Providers published by organisations, enabling other participants to discover server configuration, register clients, and obtain access tokens.

• API resources — standardised API endpoints published by organisations, allowing other participants to discover and integrate with available services and data.

• Certificates — X.509 digital certificates issued or imported for secure mTLS communication between participants.

• Roles — regulatory and ecosystem-specific roles that govern an organisation's classification, API access, and available scopes.

Trust Framework Administrators configure the directory's structure — including domains, roles, and API profiles — while organisation administrators manage their own technical resources through delegated access.

How participant onboarding and offboarding works

The directory supports a governed lifecycle for every participant:

1. Invite — a Trust Framework Administrator or authorised user invites the organisation to the ecosystem.

2. Register — the organisation completes registration, providing identity details and a unique registration number.

3. Assign roles — the administrator assigns ecosystem roles that determine the organisation's permissions and API access.

4. Publish resources — the organisation adds its authorisation servers, API resources, applications, and certificates.

5. Integrate — the organisation connects with other participants — for example, registering clients at other organisations' authorisation servers, consuming APIs, issuing or verifying credentials, or establishing wallet trust relationships.

6. Go live — once all prerequisites are met, the organisation's status is set to active and it becomes visible to other participants.

7. Offboard — if an organisation leaves the ecosystem or faces a cybersecurity incident, the administrator can rapidly revoke its status and data exchange privileges.

For step-by-step instructions, see How to onboard organisations.

How trust is established between participants

Transitive trust model

The participant directory follows a transitive trust model. The directory itself does not participate in or have visibility into the interactions that take place between participants. Instead, both parties trust Raidiam Connect's attestations about each other's identity, authorisation, and compliance status.

In practice, this means:

• The directory verifies and publishes each participant's identity and credentials.

• One organisation trusts another because the directory attests that the counterpart is a legitimate, accredited member of the ecosystem.

• No bilateral validation between the two parties is required, reducing onboarding friction and cost.

Trust anchor integration

The participant directory works hand-in-hand with the platform's Trust Anchor to provide the cryptographic foundation for trust. Two trust schemes are supported:

• PKI / X.509 certificates — the directory's built-in Public Key Infrastructure issues and manages digital certificates so that participants can authenticate via mTLS.

• OpenID Federation — the directory acts as a federation entity that issues entity statements and subordinate statements, enabling participants to resolve trust chains back to the Trust Anchor.

Both schemes can coexist within the same ecosystem. For a deeper comparison, see Trust Schemes.

API and resource discovery

Participants use the directory to discover the servers and APIs available within the ecosystem:

• Built-in developer portal — a centralised source of truth where organisations publish their API endpoints and other participants browse available integrations.

• API resource registration — Trust Framework Administrators define standardised API profiles (API Families). Organisations set a base URL and the directory automatically publishes the corresponding endpoints, ensuring consistency across the ecosystem.

• Participants API — a machine-readable, publicly accessible endpoint that returns the full list of participants and their published resources, enabling automated discovery and integration.