Permalink:
This document details the methodology of onePortal Trivore Identity Service (TIS) strong identification. As the concept of Strong Identification is not globally exactly and uniformly defined, it is important to describe onePortal TIS behaviour. We emphasise the API in this document.
In general, Strong Identification can be conducted using several methods, with varying degrees of strength. The organization utilising onePortal TIS decides the policies and requirements pertaining to Strong Identification to implement these methods accordingly. These organisational requirements are constructed according to the business needs of the organisation. As onePortal TIS is multi-tenant platform, these requirements may vary between tenants.
The following table highlights the Strong Identification methods used by onePortalTIS. The Resource column contains the REST endpoint where data on Strong Identification is available. The Method / Source column details the Strong Identification methods supported by that endpoint. Column Data contains information on which kind of data is available on each Resource. Please note, the OpenAPI documentation contains updated and full information for developers.
...
LoA is a broad concept not described here in detail. It basically describes the trustworthiness of executed Strong Identification, or any identification for that matter. Normal identification is considered to be LoA 1, and a strong one at least LoA 2. LoA is also applicable for authorisation, a.k.a. sign-in.
Identification methods
In Person (directly on
...
the Web UI)
In-Person identification is an external, strong method of identification. Typically an approved external source like customer care performs the identification. Identification is executed based on physical documentation (password, identity card, drivers license, etc.) and the information is entered forwarded by customer service to the API.
...
Official government supported identification methods (in Finland the "suomi.fi-tunnistus" service) are a stronger method of identification. Depending on the legal and procedural requirements of the organization's governmental resources, this utilizes an external digital identification interface.
| CountryRegion | Method | Remarks |
|---|---|---|
| Finland | suomi.fi-tunnistus | The most authoritative method available in Finland. Available LoAs are 2 and 3. LoA 2 is the default and LoA 3 is a special use case only. |
| Finland | suomi-fi-valtuudet | Subordinate method to suomi.fi-tunnistus, and thus equally reliable. Always requires it. Considered to be separate method because it is technically different and the use cases are different. |
| EU | eIDAS | Currently considered to be the same as suomi.fi-tunnistus, as it uses the same work flows and APIs. |
Management API (either automated or separate WebUIWeb UI)
onePortal TIS Management API methods involve direct HTTP requests to provide identification data according to onePortal TIS documentation.
It is possible to use similar WebUI Web UI to the one available in onePortal TIS directly. That WebUI Web UI shall be identified as Management API as identification method.
...