QSCD (remote SCD) API
- Jürgen Niinre
- sasi
Yaml
Sign with pseudonym
Prerequisite
install Remote SCD client (App), create keys
Identification at ID BB
Payment at payment BB
After that first Create SCD and Certificate API is available and after Certificate is created, then Usage API is available
Create SCD and Certificate
Caller: User via SCD
Item | Type | Description |
|---|---|---|
Certificate request | CSR | CSR (public key) is collected from SCD to create a Certificate. How the CSR is sent from a remote device is currently out of scope (can be e/mail/sms with request to install app, etc). Mandatory |
SCD type |
| Type of SCD. Mandatory |
SCD remote ID | String | ID in a remote system that handles the messaging between SCD-s, depends on SCD type. For Apple devices
Mandatory |
SCD key id | Number | They private key ID inside SCD for what the CSR corresponds with Mandatory |
Authentication token | JWT | Authentication token as result of ID Building Block. Mandatory |
Payment token | JWT | Payment token to indicate that payment has been done. If not present and payment is required HTTP 402 error is thrown. Optional |
Create SCD and Certificate response
Item | Type | Description |
|---|---|---|
CertificateID | String | CertificateID identifies the SCD and binds it with the Certificate to be used. Mandatory |
Unique pseudonym | String | Unique pseudonym for CertificateID |
Certificate | PEM | Certificate that was issued. Mandatory |
Status & description |
| Mandatory |
List certificates
Caller: Any BB, External service, User via SCD
Item | Type | Descripiton |
|---|---|---|
Authentication token or Unique pseudonym | String | Authentication token can be used to query all user's certificates. In case unique pseudonym is used only a particular Certificate and CertificateID is returned. Mandatory |
Filter | String | filter to filter certificates by “All”|”ACTIVE”, ”Expired”|”Suspended”|”Revoked” |
List certificates response
Item | Type | Descripiton |
|---|---|---|
Certificate | X.509 | User’s certificate Mandatory when Status is OK |
CertificateID | String | ID that binds Certificate and SCD and is used to send the request to user. Mandatory when status is OK |
Status & description |
| Mandatory |
Update certificate status
Caller: User via SCD, Authority
Item | Type | Descripiton |
|---|---|---|
CertificateID | String | Mandatory |
Authentication Token | JWT | Authentication token is necessary and should belong to a user or an authority Mandatory |
Status & reason |
| Mandatory Allowed transitions ACTIVE->SUSPENDED ACTIVE->REVOKED SUSPENDED->ACTIVE SUSPENDED->REVOKED |
Update certificate response
Item | Type | Descripiton |
|---|---|---|
Status & description |
| Mandatory |
Usage API
Sign
Caller: Any BB, External service
Item | Type | Descripiton |
|---|---|---|
CertificateID or uniquePseudonym or Authentication Token && Payment Token | String | Mandatory In case CertificateId or uniquePseodonym is presented SCD Signature is created, If Authentication Token and Payment Token are presented then One time signature is created |
format |
| Pre format the signature in a given format so that it can be more easily inserted by the formatting library. Mandatory |
hash | byte array in base64 | Has to be signed. Hashing of document is responsibility of Signer Application and is done by formatting library. Mandatory |
hash type |
| Mandatory |
data to be displayed | String | Information to be displayed on users device, can involve free text like “Accept childcare request”, transactionId, etc. Mandatory |
Sign Response
Item | Type | Mandatory |
|---|---|---|
signature | byte array in base64 | signature that is preformatted according to format |
certificate | X.509 | certificate with public key |
timestamp | rfc3161 asn.1 in base64 | timestamp of the signature |
status |
| Mandatory |