...
Requirement is to perform
install Remote SCD client (App), create keys
Identification at ID BB
Payment at payment BB
SCD enrollment (install App, create keys)
After that the Create SCD and Certificate API is available
Create SCD and Certificate
Caller: User via SCD
Item | Type | Description | ||
---|---|---|---|---|
Certificate request | CSR | CSR (public key) is collected from SCD to create a Certificate. How the CSR is sent from a remote device is currently out of scope (can be e/mail/sms with request to install app, etc). Mandatory | ||
SCD type |
| Type of SCD. Mandatory | ||
SCD remote ID | String | ID in a remote system that handles the messaging between SCD-s, depends on SCD type. For Apple devices
Mandatory | ||
SCD key id | Number | They private key ID inside SCD for what the CSR corresponds with Mandatory | X.509 Distinguished name | Mandatory |
Document ID | Name | String Document ID based on what the verification has been performed. Optional | ||
Authentication token | JWT | Authentication token as result of ID Building Block. Mandatory | ||
Payment token | StringJWT | Payment token to indicate that payment has been done. If not present and payment is required HTTP 402 error is thrown. Optional |
...
Item | Type | Description |
---|---|---|
SCD ID | String | SCD ID identifies the SCD and binds it with the Certificate to be used. Mandatory |
Unique pseudonym | String | Unique pseudonym generated by system based on Authentication Token and made unique to identify a particular SCD to be used. Bound together with SCD ID. This is used in case passing SCD ID is not possible (e.g external website) |
Certificate | PEM | Certificate that was issued. Mandatory |
Status & description |
| Mandatory |
List
...
certificates
Caller: Any BB, External service, User via SCD
Item | Type | Descripiton | SCD ID||
---|---|---|---|---|
Authentication token or Unique pseudonym | String Mandatory | Authentication token | String | User can query his/her certificate & status, identification at ID BB required Mandatory |
...
can be used to query all user's certificates. In case unique pseudonym is used only a particular Certificate and SCD ID is returned. Mandatory | ||
Filter | String | filter to filter certificates by “All”|”OK”|”Expired”|”Suspended”|”Revoked” |
List certificates response
Item | Type | Descripiton |
---|---|---|
Certificate | X.509 | User’s certificate Mandatory when Status is OK |
SCD ID | String | ID that is used to send the request to users SCD. Mandatory when status is OK |
Status & description |
| Mandatory |
Update certificate status
Caller: User via SCD, Authority
Item | Type | Descripiton |
---|---|---|
SCD ID | String | Mandatory |
Authentication Token | JWT | Authentication token is necessary and should belong to a user or an authority Mandatory |
Status & reason |
| Mandatory |
...
Item | Type | Descripiton |
---|---|---|
Status & description |
| Mandatory |
Usage API
Sign
Caller: Any BB, External service
Item | Type | Descripiton |
---|---|---|
SCD ID | String | Mandatory |
format |
| Pre format the signature in a given format so that it can be more easily inserted by the formatting library. Mandatory |
hash | byte array in base64 | Has to be signed. Hashing of document is responsibility of Signer Application and is done by formatting library. Mandatory |
hash type |
| Mandatory |
data to be displayed | String | Information to be displayed on users device, can involve free text like “Accept childcare request”, transactionId, etc. Mandatory |
...