NOTE: Trivore ID Documentation has moved to https://trivoreid.com

The content on this site IS OUT OF DATE!

This space has been archived!

Please go ahead to the new site!

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Permalink:

This document  details the methodology of onePortal strong identification. As the concept of Strong Identification is not globally exactly and uniformly defined, it is important to describe onePortal behaviour. We emphasise the API in this document.

In general, Strong Identification can be conducted using several methods, with varying degrees of strength. The organization utilising onePortal decides the policies and requirements pertaining to Strong Identification to implement these methods accordingly. These organisational requirements are constructed according to the business needs of the organisation. As onePortal is multi-tenant platform, these requirements may vary between tenants.

The following table highlights the Strong Identification methods used by onePortal. The Resource column contains the REST endpoint where data on Strong Identification is available. The Method / Source column details the Strong Identification methods supported by that endpoint. Column Data contains information on which kind of data is available on each Resource. Please note, the OpenAPI documentation contains updated and full information for developers.

ResourceMethod / SourceData
​/user​/{userId}​/strongidentification

Supports multiple identification methods. This includes In Person, govermental identification methods, Management API.

Independent endpoint with fsull set of data available for Strong Identification.
​/user​/{userId}​​Supports multiple identification methods. This includes In Person, govermental identification methods, Management API.Data-segment in JSON containing information on the latest executed Strong Identification plus few extra attributes like when first Strong Identification was executed and how many times Strong Identification has been done.
/user​/{userId}​/legalSupports only govermental identification methods.Contains only the Personal Identity Code attribute and value in JSON, no other related metadata.

LoA, Level of Assurance

LoA is a broad concept not described here in detail. It basically describes the trustworthiness of executed Strong Identification, or any identification for that matter. Normal identification is considered to be LoA 1, and a strong one at least LoA 2. LoA is also applicable for authorisation, a.k.a. sign-in.

Identification methods

In Person (directly on onePortal WebUI)

In-Person identification is an external, strong method of identification. Typically an approved external source like customer care performs the identification. Identification is executed based on physical documentation (password, identity card, drivers license, etc.) and the information is entered forwarded by customer service to the API.

Available LoA is 2.

Govermental Identification Methods

Official goverment supported identification methods (in Finland the "suomi.fi-tunnistus" service) are a stronger method of identification. Depending on the legal and procedural requirements of the organization's govermental resources, this utilizes an external digital identification interface.

CountryMethodRemarks
Finlandsuomi.fi-tunnistusThe most authoritative method available in Finland. Available LoAs are 2 and 3. LoA 2 is the default and LoA 3 is a special use case only.
Finlandsuomi-fi-valtuudetSubordinate method to suomi.fi-tunnistus, and thus equally reliable. Always requires it. Considered to be separate method because it is technically different and the use cases are different.
EUeIDASCurrently considered to be the same as suomi.fi-tunnistus, as it uses the same work flows and APIs.

Management API (either automated or separate WebUI)

onePortal Management API methods involve direct http-calls to provide identification data according to onePortal documentation.

It is possible to use similar WebUI to the one available in onePortal directly. That WebUI shall be identified as Management API as identification method.

Available LoAs are 1 and 2. By default these identifications are considered to be LoA 1.


  • No labels