Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Onboarding API

...

Yaml

View file
name1606_3.yaml
View file
name1905.yaml
View file
name1505.yaml
View file
nameopenapi_2804.yaml
View file
nameopenapi_2104.yaml
View file
nameopenapi3_0.yaml

Sign with pseudonym

Mermaid cloud
filenamesign with pseudonym
revision1

Prerequisite

  • install Remote SCD client (App), create keys

  • Identification at ID BB

  • Payment at payment BB

  • SCD enrollment (install App, create keys)

After that the first Create SCD and Certificate API is available and after Certificate is created, then Usage API is available

Create SCD and Certificate

Caller: User via SCD

Item

Type

Description

Name

X.509 Distinguished name

Mandatory

Document Certificate request

CSR

CSR (public key) is collected from SCD to create a Certificate. How the CSR is sent from a remote device is currently out of scope (can be e/mail/sms with request to install app, etc). Mandatory

SCD type

  • remote SCD App

  • remote SCD App + Secure Element

  • remote SCD eSIM

  • remote SCD SIM

Type of SCD. Mandatory

SCD remote ID

StringDocument

ID based on what the verification has been performed. OptionalID in a remote system that handles the messaging between SCD-s, depends on SCD type.

For Apple devices

Mandatory

SCD key id

Number

They private key ID inside SCD for what the CSR corresponds with Mandatory

Authentication token

JWT

Authentication token as result of ID Building Block. Mandatory

Payment token

StringJWT

Payment token to indicate that payment has been done. If not present and payment is required HTTP 402 error is thrown. Optional

Create SCD and Certificate response

Item

Type

Description

SCD IDCertificateID

String

SCD ID CertificateID identifies the SCD and binds it with the Certificate to be used. Mandatory

Unique pseudonym

String

Unique pseudonym for CertificateID

Certificate

PEM

Certificate that was issued. Mandatory

Status & description

  • OK

  • ERROR - in case of error also error description

Mandatory

List

...

certificates

Caller: Any BB, External service, User via SCD

Item

Type

Descripiton

SCD ID

String

Mandatory

Authentication token

String

User can query his/her certificate & status, identification at ID BB required

Mandatory

...

Authentication token

or

Unique pseudonym

String

Authentication token can be used to query all user's certificates. In case unique pseudonym is used only a particular Certificate and CertificateID is returned.

Mandatory

Filter

String

filter to filter certificates by “All”|”ACTIVE”, ”Expired”|”Suspended”|”Revoked”

List certificates response

Item

Type

Descripiton

Certificate

X.509

User’s certificate

Mandatory when Status is OK

CertificateID

String

ID that binds Certificate and SCD and is used to send the request to user.

Mandatory when status is OK

Status & description

  • OKACTIVE

  • ERROR - in case of error also error description should be added

  • EXPIRED

  • SUSPENDED - suspend cause should be added

  • REVOKED - also REOVOKE cause should be added

Mandatory

Update certificate status

Caller: User via SCD, Authority

Item

Type

Descripiton

SCD IDCertificateID

String

Mandatory

Authentication Token

JWT

Authentication token is necessary and should belong to a user or an authority

Mandatory

Status & reason

  • SUSPENDED - add reason text

  • REVOKED - add reason text

  • ACTIVE - activate

Mandatory

Allowed transitions

ACTIVE->SUSPENDED

ACTIVE->REVOKED

SUSPENDED->ACTIVE

SUSPENDED->REVOKED

Update certificate response

Item

Type

Descripiton

Status & description

  • ERROR - in case of error also error description should be added

  • SUSPENDED - suspend cause should be added

  • REVOKED - also REOVOKE cause should be added

Mandatory

Usage API

Sign

Caller: Any BB, External service

Item

Type

Descripiton

SCD ID

CertificateID or

uniquePseudonym or

Authentication Token && Payment Token

String

Mandatory

In case CertificateId or uniquePseodonym is presented SCD Signature is created,

If Authentication Token and Payment Token are presented then One time signature is created

format

  • XAdES

  • CAdES

  • ASIC

  • JWS

Pre format the signature in a given format so that it can be more easily inserted by the formatting library. Mandatory

hash

byte array in base64

Has to be signed. Hashing of document is responsibility of Signer Application and is done by formatting library. Mandatory

hash type

  • SHA2/3-256

  • SHA2/3-384

  • SHA2/3-512

  • BLAKE2B

Mandatory

data to be displayed

String

Information to be displayed on users device, can involve free text like “Accept childcare request”, transactionId, etc. Mandatory

Sign Response

Item

Type

Mandatory

signature

byte array in base64

signature that is preformatted according to format

certificate

X.509

certificate with public key

timestamp

rfc3161 asn.1 in base64

timestamp of the signature

status

  • ERROR - in case of error also error description should be added

  • OK

Mandatory