Business Relationships
When a new vendor or client is onboarded, they undergo a vetting process—such as credit checks—and are registered in sales, finance, or purchasing systems. This registration includes basic reference data, roles, services or products offered, pricing, and other relevant information. Only after this onboarding process are business transactions initiated, operating within the predefined limits set during onboarding.
Entity endpoints
Discovery in this context is about identifying the specific endpoints that are needed and are associated with a business entity, such as:
- API or connector endpoints: For accessing data, sometimes including an optional data license endpoint.
- Authorization Register endpoint: Where permissions and access rights are managed.
- Representation Register endpoint: For verifying who can act on behalf of the entity.
- Professional Qualification Register endpoint: To validate the credentials of professionals involved.
- Pub/Sub Event endpoints: For subscribing to event notifications.
- Association Register endpoint: To manage membership and affiliation details.
DNS as scalable discovery mechanism
The Internet Domain Name System is an existing discovery mechanism suitable for this demand. A standard sub-domain (for example, “_bdi.acme.com” ), secured by DNSSEC can be used to discover endpoints of an organization owning an URL. The URL is ‘discovered’ (manually) during the initial onboarding of a new client or vendor and added to the initial registration in corporate purchasing systems.
This method using a subdomain and TXT-SRV records for discovering a series of different types of endpoints has been successfully tested. A SRV record such as “ _pubsub._bdi.acme.com” points to a specific URI to be used for pubsub subscriptions, for example.
Limiting access with BDI authentication
For organizations concerned about exposing their endpoints to the public, access can be restricted using the BDI authentication mechanism. This allows only approved parties, whether maintained locally, within an Association, or in a data space, to access these endpoints. This approach balances the need for secure communication with the flexibility of scalable discovery.