Application Process
Step 1: Submit Required Information
Revision: 22 Jan 2022

Before beginning this step, please first read the Virtual Operator Policies.

Interested Virtual Operators should have the member in-charge draft an email to the POSCON Director of Operations (for now will be handled through the support ticket system). This email must contain the following required information:

  1. The name of the Virtual Operator and the way you would like the name branded on our website. For example, the Positive Control Network brands POSCON as all capital letters, not as PosCon.
  2. The real-world operating certificate number for this airline, if applicable. For example, American Airlines' real-world certificate number is "AALA025A". If you cannot find this information or you don't have one, we will make one up for you.
  3. ICAO airline codes you wish to operate under with the respective IATA codes if applicable. Also give us the telephony for radio communication. For example, American Airlines is:
    • ICAO = "AAL"
    • IATA = "AA"
    • Telephony = "American"
  4. Please list the ICAO codes for all the hub airports applicable to your Virtual Operator.
  5. Please list the ICAO codes for your entire aircraft fleet.
  6. Please provide a link to the Virtual Operator's publicly accessible website, member list (if public), and the names of at least five POSCON members on the roster.
  7. Please provide a link to where POSCON members can register with your Virtual Operator.
  8. Please provide social links to the Virtual Operator's Facebook, Twitter, YouTube, Twitch, Instagram, and Discord Invite (link must not expire). It is okay if you don't have all social accounts, just provide the ones that you have.
  9. Provide your Virtual Operator's logo and banner images.
    • The logo should have a transparent background and be close to a 1:1 size ratio.
    • The banner image should be closer to a 3:1 size ratio.
  10. Who is the Point of Contact (POC)? We need the POSCON user ID and email address of the person POSCON should contact in regards to this Virtual Operator.
  11. Please provide us with the management personnel for the Virtual Operator. We need names, titles, and emails.
  12. Please provide us with the title of the regulations under which your Virtual Operator simulates operations. For example, in the United States, airlines operate under "14 CFR Part 121".
  13. Please provide us with the aviation safety authority name. For example, in the United States it is the Federal Aviation Administration (FAA).
  14. Please list the types of operations conducted (e.g. scheduled air carrier, unscheduled, military/governmental, charters, etc.)
  15. Please provide us with a link to training documentation, if applicable.

After receiving confirmation that your application has been received, processed, and approved, you may move to Step 2.

Step 2: Add Authentication via OAuth
Revision: 22 Jan 2022

Ensure Step 1 has been approved by the Director of Operations or his designee.

The next step requires your Virtual Operator's technical lead to get involved. POSCON needs a way to verify which members of your Virtual Operator are also members of POSCON. Connecting with POSCON is relatively straightforward, but you must have experience with authenticating via OAuth.

The steps below outline the basic process of authenticating with POSCON via OAuth. Note that this is similar to any other OAuth/SSO system.

image.png.c87c9599f9f006c872145ff2e1fb9fb2.thumb.png.6022d1e0cc684f65aced706c01db255a.png

  1. Create a button on the page from where you would like your users to connect. The button can be named for example "Connect with POSCON" (see image above as an example)
  2. The button would link to the "POSCON SSO Authorize URL". The URL would have additional parameters such as the response_type, redirect_uri, scope, client_id, and optionally a state. This will send the user to the POSCON Login page.
  3. Once the user has logged in successfully, they will be redirected to the redirect_uri that is provided in the URL in step 2. In this redirect, you will notice that a parameter for code is sent. This code is what you will need in the next step to retrieve an access token which will allow you to retrieve user information.
  4. Using the code from the previous step, you must now make a POST request to the "POSCON SSO Token URL" and include the parameters: grant_type, client_id, client_secret, code, redirect_uri, and scope.
  5. Once the POST request from the previous step is successful, you will receive a response with the access token, refresh token, expire time, and expire at time. You can now use this access token to get user information in the next step.
  6. With the access token, you can send a GET request to the "POSCON SSO User Info URL" and provide the access token in the headers such as "Authorization: Bearer {access token}" and also ensure that "Accept: application/json" is set in the headers.
  7. If the above step is successful, you will receive the user information. That's all!

POSCON SSO Authorize URL: https://sso.poscon.net/oauth/authorize
POSCON SSO Token URL: https://sso.poscon.net/api/oauth/token
POSCON SSO Token Info URL: https://sso.poscon.net/api/oauth/token_info
POSCON SSO User Info URL: https://sso.poscon.net/api/oauth/userinfo

grant_type: authorization_code
scope: openid%20profile
redirect_uri{your redirect URL}

PLEASE NOTE: When applying for the OAuth, you must provide us with your "redirect URL". This is the URL that the OAuth will redirect to once the user is signed in.

We’ve made some example code to help you connect to our SSO. Just plug in your Client ID, secret and callback URL. 

PHP
https://gitlab.com/-/snippets/2239220

NodeJS
https://gitlab.com/-/snippets/2239718

When you have completed Step 2, reach out via the same support ticket that you submitted for Step 1 so that our team can review the user flow. Once Step 2 has been tested and approved, you may move to Step 3.

Step 3: Add Required POSCON Information
Revision: 22 Jan 2022

Ensure Step 2 has been approved by the Director of Operations or his designee.

The Virtual Operator Policies require all Virtual Operators to:

  1. Have clear language on their website that points users to instructions on how to register and connect to POSCON.
  2. Have the POSCON logo clearly visible and labeled as a "partner" logo and it must link to the POSCON website. Use one of the following images:
Purple White
POSCON_purple.thumb.png.8a3b6c1b4f4f5bc3a986f523f99c835e.png POSCON_white.thumb.png.cc61fb65da3fab2647ad3263fa80e764.png

Once these requirements are added to your website, reach out via the same support ticket you submitted for Step 1. Once approved, you may move to Step 4.

Step 4: Submit Requested Ops Specs
Revision: 22 Jan 2022

Ensure Step 3 has been approved by the Director of Operations or his designee.

This next will likely involve the Director of Operations or his designee to work directly with your Virtual Operator's POC in order to determine what Ops Specs work best for your Virtual Operator. We will coordinate via email or Discord to accomplish this step.

The Ops Specs are still a work-in-progress. Don't worry too much about these requirements as we will be tweaking them over the coming months.