Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Requirement is to perform

  • install Remote SCD client (App), create keys

  • Identification at ID BB

  • Payment at payment BB

  • SCD enrollment (install App, create keys)

After that the Create SCD and Certificate API is available

Create SCD and Certificate

Caller: User via SCD

Item

Type

Description

Certificate request

CSR

CSR (public key) is collected from SCD to create a Certificate. How the CSR is sent from a remote device is currently out of scope (can be e/mail/sms with request to install app, etc). Mandatory

SCD type

  • remote SCD App

  • remote SCD App + Secure Element

  • remote SCD eSIM

  • remote SCD SIM

Type of SCD. Mandatory

SCD remote ID

String

ID in a remote system that handles the messaging between SCD-s, depends on SCD type.

For Apple devices

Mandatory

SCD key id

Number

They private key ID inside SCD for what the CSR corresponds with Mandatory

X.509 Distinguished name

Mandatory

Document ID

Name

String

Document ID based on what the verification has been performed. Optional

Authentication token

JWT

Authentication token as result of ID Building Block. Mandatory

Payment token

StringJWT

Payment token to indicate that payment has been done. If not present and payment is required HTTP 402 error is thrown. Optional

...

Item

Type

Description

SCD ID

String

SCD ID identifies the SCD and binds it with the Certificate to be used. Mandatory

Unique pseudonym

String

Unique pseudonym generated by system based on Authentication Token and made unique to identify a particular SCD to be used. Bound together with SCD ID. This is used in case passing SCD ID is not possible (e.g external website)

Certificate

PEM

Certificate that was issued. Mandatory

Status & description

  • OK

  • ERROR - in case of error also error description

Mandatory

List

...

certificates

Caller: Any BB, External service, User via SCD

SCD ID

Item

Type

Descripiton

Authentication token

or

Unique pseudonym

String Mandatory

Authentication token

String

User can query his/her certificate & status, identification at ID BB required

Mandatory

...

can be used to query all user's certificates. In case unique pseudonym is used only a particular Certificate and SCD ID is returned.

Mandatory

Filter

String

filter to filter certificates by “All”|”OK”|”Expired”|”Suspended”|”Revoked”

List certificates response

Item

Type

Descripiton

Certificate

X.509

User’s certificate

Mandatory when Status is OK

SCD ID

String

ID that is used to send the request to users SCD.

Mandatory when status is OK

Status & description

  • OK

  • ERROR - in case of error also error description should be added

  • EXPIRED

  • SUSPENDED - suspend cause should be added

  • REVOKED - also REOVOKE cause should be added

Mandatory

Update certificate status

Caller: User via SCD, Authority

Item

Type

Descripiton

SCD ID

String

Mandatory

Authentication Token

JWT

Authentication token is necessary and should belong to a user or an authority

Mandatory

Status & reason

  • SUSPENDED - add reason text

  • REVOKED - add reason text

Mandatory

...

Item

Type

Descripiton

Status & description

  • ERROR - in case of error also error description should be added

  • SUSPENDED - suspend cause should be added

  • REVOKED - also REOVOKE cause should be added

Mandatory

Usage API

Sign

Caller: Any BB, External service

Item

Type

Descripiton

SCD ID

String

Mandatory

format

  • XAdES

  • CAdES

  • ASIC

  • JWS

Pre format the signature in a given format so that it can be more easily inserted by the formatting library. Mandatory

hash

byte array in base64

Has to be signed. Hashing of document is responsibility of Signer Application and is done by formatting library. Mandatory

hash type

  • SHA2/3-256

  • SHA2/3-384

  • SHA2/3-512

  • BLAKE2B

Mandatory

data to be displayed

String

Information to be displayed on users device, can involve free text like “Accept childcare request”, transactionId, etc. Mandatory

...