How Raidiam Connect Works

The trust services behind the ecosystem control plane

Raidiam Connect provides an integrated set of trust services that let you build the ecosystem foundations once — then keep adding products, services, participants, and value. Here's how the services work together to make that possible.

See the platform in action

Build the business case

The Ecosystem Control Plane

The integrated trust services that let you build once and expand forever

Raidiam Connect isn't a single tool. It's the integrated set of trust services that together let you build the ecosystem foundations once — identity, certificates, governance, discovery, onboarding — then keep adding products, services, participants, and value without rebuilding.

Directory & Registration Authority

Identity verification, role accreditation, certificate authorisation

PKI & Certificate Authority

HSM-backed issuance, OCSP, CRL, JWKS, automated rotation

Federation Metadata

Signed entity statements, trust chains, trust marks, metadata policies

Discovery & Resolution

API resource discovery, OP discovery, trust chain resolution

Raidiam Connect

The integrated trust platform

Policy & Governance

Policy cascade, delegated governance, self-service domains

Shared Signals

Real-time events: revocations, metadata updates, lifecycle changes

Onboarding & Lifecycle

Business onboarding, conformance gates, go-live, lifecycle management

Operational Dashboard

Single pane of glass: entities, certificates, conformance, trust state

What each participant gets

The same platform serves both sides of every ecosystem.

Regulators, scheme operators

For ecosystem operators

Governed onboarding of all participants
Policy that cascades to every entity automatically
Real-time visibility across the entire ecosystem
Delegated governance to domain operators
Conformance and certification integrated into lifecycle
Certificate management for all participants

Banks, fintechs, wallets, agents

For participants

Self-service registration and resource management
Automatic discovery by every OP in the ecosystem
Certificate issuance bound to verified identity
Trust chain that proves their authority to the ecosystem
Real-time status: conformance, certificates, metadata
Trust marks from external authorities

How they work together

Every step of the participant journey is powered by one of the 8 trust services.

New participants and services discover each other automatically

In the ecosystem control plane, every organisation publishes its services, APIs, and credentials. New participants discover each other programmatically — no manual configuration, no bilateral exchange. The more participants you add, the more discoverable the ecosystem becomes.

Discovery eliminates the single most expensive step in partner integration: the bilateral exchange of endpoints, keys, and metadata. Without it, every new partner is weeks of manual configuration. With it, participants discover each other programmatically in seconds.

Your Federation Controller

Trust Anchor · Metadata · Discovery

Meridian BankData Provider

Retail OP

Business OP

Payments OP

AccountsTransactionsBalancesPaymentsStanding OrdersDirect DebitsBeneficiariesProducts

Nova FintechData Receiver

Nova Auth

Nova Connect AppNova Business App

Query controller

Controller responds

Select targets

Connect to OP

OP verifies client

Token issued

API access live

Key Insight

No bilateral setup. No client registration. The federation controller is the single source of truth. Applications and authorisation servers both query it. The OP pulls verified client information directly — no push-based registration needed. This works whether there are 2 organisations or 2,000.

Federation Discovery API

Applications query the controller for registered authorisation servers and API resource types. One query returns the entire ecosystem.

OP-Initiated Client Pull

When an authorisation server encounters a new client, it pulls the verified software statement and metadata directly from the federation controller.

OpenID Federation Trust Chains

Trust is established by resolving entity statements back to the trust anchor. Cryptographically verified. No pre-shared secrets.

Trust Chain Resolution

How policies cascade through the trust chain

In OpenID Federation, every entity publishes a self-signed Entity Configuration. Trust is established by resolving statements from the entity back to the trust anchor. At each level, metadata policies constrain what the entity below can claim. This is how governance scales without centralised control.

Trust Anchor

Your Federation Controller

Metadata Policy

metadata_policy: {

"grant_types": {

"subset_of": [

"authorization_code",

"client_credentials"

]

}

Sets the maximum allowed grant types for the entire ecosystem

Intermediate Authority

Open Banking Authority

Metadata Policy

metadata_policy: {

"grant_types": {

"subset_of": ["authorization_code"]

"token_endpoint_auth_method": {

"one_of": [

"private_key_jwt",

"tls_client_auth"

]

}

Narrows grant types further, requires strong client auth

Organisation

Nova Fintech

Entity Statement

{

"grant_types": ["authorization_code"],

"token_endpoint_auth_method":

"private_key_jwt",

"redirect_uris": [

"https://nova.example/callback"

]

}

Claims specific values within the policy constraints

Application / Leaf Entity

Nova Connect App

Entity Configuration

{

"grant_types": ["authorization_code"],

"token_endpoint_auth_method":

"private_key_jwt",

"redirect_uris": [

"https://nova.example/callback",

"https://nova.example/auth"

]

}

Self-signed Entity Configuration — claims its own metadata

Policy conflicts are a feature, not a bug

When an entity’s claimed metadata violates a superior’s policy, the trust chain is invalid. This is deliberate — it’s how governance is enforced without runtime dependency.

Valid chain

Trust Anchor policy

grant_types subset_of ["authorization_code", "client_credentials"]

Intermediate policy

grant_types subset_of ["authorization_code"]

Entity claims

grant_types = ["authorization_code"]

Chain valid — entity operates within policy

Invalid chain

Trust Anchor policy

grant_types subset_of ["authorization_code", "client_credentials"]

Intermediate policy

grant_types subset_of ["authorization_code"]

Entity claims

grant_types = ["authorization_code", "implicit"]

Chain invalid — "implicit" violates intermediate policy

The OP rejects the entity. No tokens are issued. No API access is granted. The ecosystem’s rules are enforced at the protocol level — no human intervention required.

Metadata policy operators

OpenID Federation defines a set of operators that control how metadata is constrained at each level of the trust chain.

subset_ofValue must be a subset of the specified set

"grant_types": { "subset_of": ["authorization_code"] }

one_ofValue must be exactly one of the specified options

"token_endpoint_auth_method": { "one_of": ["private_key_jwt"] }

valueOverrides with a specific value

"require_signed_request_object": { "value": true }

defaultSets a default if entity doesn’t specify

"scope": { "default": ["openid"] }

regexpValue must match the regular expression

"redirect_uris": { "regexp": "^https://.*" }

This is how federation enforces governance at scale. The trust anchor sets the rules. Intermediates can narrow them but never widen them. Entities must comply or their trust chain fails. All of this happens at the protocol level — cryptographically verified, machine-readable, and automatic. No spreadsheets. No manual review. No bilateral agreements.

Governance without runtime dependency

Policies are embedded in entity statements and evaluated during trust chain resolution. The trust anchor doesn’t need to be online for every transaction.

Narrowing, never widening

Each level can only constrain further. An intermediate cannot grant permissions the trust anchor hasn’t allowed. This is hierarchical governance by design.

Machine-readable compliance

Policy violations are detected automatically. An OP resolving a trust chain will reject an entity that violates any policy in the chain. Compliance is enforced by the protocol itself.

Govern Once. Expand Without Gatekeeping.

Set the rules once. They enforce themselves as the ecosystem grows.

Governance is what makes ecosystem expansion safe. Set policies at the trust anchor. They cascade automatically through every domain, every participant, and every entity. As you add use cases, sectors, and partners, governance scales with you — no manual review, no spreadsheets, no bottleneck.

At 10 participants, manual governance works. At 500, it becomes a full-time team doing nothing but approving permission changes. The ecosystem control plane makes governance self-enforcing — the capability that lets you expand without gatekeeping.

Policy chaining

Each level can only narrow permissions set above. The chain validates automatically.

Trust Anchor

Sets maximum permissions for the ecosystem

Allowed: authorization_code, client_credentials

Domain Authority

Narrows permissions for their sector

Allowed: authorization_code only

Organisation

Claims within permitted range

Using: authorization_code

Application

Operates within all constraints

auth_code + private_key_jwt

✓ Policy valid

Delegated governance

The federation operator sets the rules and delegates authority. Each domain manages itself.

Federation Operator

Sets rules and delegates authority

Domain Operator A

Manages their own participants via self-service portal

self-service

Bank A

Bank B

Fintech X

Domain Operator B

Manages their domain independently

self-service

Wallet Co

AI Platform

How it works together

The federation operator sets the rules. Domain operators manage their own participants within those rules. Participants self-manage their technical resources. Nobody waits for tickets. Nobody emails spreadsheets. The federation enforces the boundaries automatically.

Policies narrow, never widen

Each level can only constrain further. A domain operator cannot grant permissions the trust anchor hasn't allowed. Governance is hierarchical by design.

See policy chaining in detail →

Self-service within guardrails

Domain operators get their own portal. They onboard participants, manage resources, and issue certificates — all within the boundaries set by the federation operator.

See onboarding workflows →

Machine-readable compliance

Policy violations are detected automatically at the protocol level. No manual review. No audit scrambles. Compliance is built into the trust chain itself.

See trust chain resolution →

Operational Visibility

One pane of glass across every entity

Raidiam Connect gives operators and participants visibility over the structure, status, identity, trust, and assurance posture of all entities in the ecosystem.

raidiam-connect://ecosystem-dashboard

LIVE

Organisations

847

Sub-Federations

Active APIs

2,341

Credential Issuers

156

Trust Anchors

Entity Hierarchy

UK Open Banking

Payment Services

Bank AOP

Bank BAPI

Fintech XWallet

Identity Providers

EU Digital Identity

Enterprise Federation

Certificate Status

96%

Valid: 813

Expiring: 28

Revoked: 6

Conformance

Certified

724

Pending

Failed

Recent Activity

Bank A - Certificate renewed

2m ago

Fintech X - Onboarding complete

8m ago

Wallet Provider B - Conformance pending

14m ago

IdP Alpha - Metadata updated

21m ago

Verifier C - Trust chain verified

35m ago

Trust Chain Verification ALL CHECKS PASSED

Trust Anchor

Signed Metadata

Policy Published

Entities Discovered

Status: Active

This is Raidiam Connect

Platformise Your Enterprise

One control plane across every brand, department, and partner

Your enterprise is an ecosystem — retail banking, private banking, payments, open data, AI agents, partner trust. Each domain has its own services and policies. Raidiam Connect gives you one control plane to govern them all. Add new domains, brands, and use cases without creating another trust island.

Without group-wide federation, every new brand, acquisition, or cross-domain service requires a separate trust integration. That fragmentation costs millions in duplicated infrastructure and months in delayed synergies. Build the enterprise control plane once — then expand as your business grows.

Bank Federation

Enterprise trust root

Authorization Servers

APIs / Resource Servers

Credential Issuers

Third Party Providers

Authorization Servers

APIs / Resource Servers

Wallets

Key Insight

This is your enterprise platformised. One ecosystem control plane that lets you add domains, brands, partners, and use cases without rebuilding trust every time. Build once. Expand as your business grows.

Ecosystem Scale

Model a country or scheme as a federation

The same architecture that models an enterprise can model a national ecosystem. Banks, fintechs, schemes, regulators, and participants — all governed through one federated trust plane.

National Open Banking Federation

Ecosystem trust root

Major Banks

Bank A

Bank B

Bank C

Bank D

Fintechs

Payments App

Lending Platform

Data Aggregator

Scheme Operators

Open Banking Ltd

Standards Body

Trust Anchors

Accreditation Authority

Certificate Authority

Regulator

Wallet & Credential Providers

Identity Wallet

Credential Issuer

Verifier Network

Same patternMany ecosystems

UK Open Banking

340 participantsLive

UAE Open Finance

85 participantsGrowing

Brazil Open Finance

800 participantsLive

Open Property

45 participantsEmerging

Digital Identity

120 participantsGrowing

Core Principle

It does not matter whether the federation models an enterprise, a sector, or a country. The pattern is the same. The scale changes. The operating model changes. The trust architecture does not.

Build the trust layer once. Then expand to open finance, insurance, pensions, and whatever comes next.

Cross-Border Scale

A federation of federations

Multiple sector or national federations can interconnect into larger trust fabrics. A domestic smart data initiative links sectors. A global open finance network links countries. The architecture is the same.

Cross-Sector

Cross-Border

A federation can contain sub-federations

UK Smart Data links property, banking, and energy ecosystems under one governance framework.

Multiple federations can join a global trust fabric

National ecosystems remain independently governed but participate in cross-border trust.

The pattern is always the same

Whether linking sectors within a country or ecosystems across continents, the federation architecture is identical.

It does not matter whether the federation models an enterprise, a sector, or a country. The pattern is the same. The scale changes. The operating model changes. The trust architecture does not.

Common Misconceptions

What only Raidiam Connect can do

Federation is often confused with simpler concepts. Here's what makes an ecosystem control plane fundamentally different.

What people think

What federation actually provides

A participant list

Hierarchical trust model with governance and delegation

Certificate publication

Operational lifecycle management for all trust artefacts

Metadata hosting

Dynamic, signed, discoverable metadata with policy

Cloud IAM

Cross-organisation ecosystem trust above any infrastructure

One-time setup

Continuous lifecycle management, monitoring, and governance

A static trust bundle

Living trust network with real-time status and assurance

Enterprise Reference Architecture

One trust plane across every brand, jurisdiction, and stack

Your bank is not one stack. Different brands, different geographies, different vendors, different clouds. Raidiam Connect governs trust consistently across all of them.

Your bank has multiple brands, jurisdictions, and technology stacks. Raidiam Connect doesn't replace any of them — it provides the trust and federation layer that governs participant identity, certificates, and policy consistently across all of them.

Build Once. Expand Everywhere.

Where will your ecosystem take you?

Whether you're a regulator building a national digital economy, an enterprise platformising across brands and clouds, or a bank that wants to stop rebuilding trust for every new use case — there's a next step.

See It in Action

See how one investment in Raidiam Connect covers your first use case — and the next hundred

See It in Action

Request a Briefing

For regulators and central banks — how to build the foundations for an expandable digital economy

Request a Briefing

See the Proof

Brazil started with 2 data-sharing scopes. Today it has hundreds — all on the same infrastructure

See the Proof

Not sure where to start? Build the business case → · See if this is right for you → · Developer Portal & API docs → · Security & Trust Center →