Software Statements

According to the RFC 7591, software statement is a JSON Web Token (JWT RFC7519) that asserts metadata values about the client software as a bundle.

The software statement is a key component in the process of transferring data between two parties and is used, as the RFC says, to assert the data needed to create a client with an Open ID Provider -- the Authorisation Server.

Software Statements can be created by the organisation's users and on its creation, the user inserts all the metadata that refers to the Application that he has created to consume data from other parties. Once created this software statement can be used to register against any FAPI-compliant Authorisation Server that exists in Connect.

This process of registering a client on a given server is called Dynamic Client Registration DCR and its registration and update specifications are defined on RFC7591 and RFC7592

warning

Once created, some fields of the Software Statement might be blocked for editing after the Software Statement assertion is generated. A Software Statement Assertion is the JWT that asserts the Software Statement registered metadata.

Which fields are blocked for edit depends on the existing policy of the ecosystem. If the organisation user wishes to edit those fields he must request from a Trust Framework Participants to unlock the software statement.