ID Broker Service - Buypass ID Security Domain

Documentation here at Buypass Developer Space is mostly written in English - this page is both on Norwegian and English. Se both languages below.

Content this page:

1 Norsk/Norwegian
- 1.1 Buypass ID Security Domain
- 1.2 Autentisering - valg av flyt
- 1.3 Request parameter
2 Engelsk/English
- 2.1 Buypass ID Security Domain
- 2.2 Authentication - choice of flow
- 2.3 Request parameter

Norsk/Norwegian

Buypass ID Security Domain

Buypass leverer flere typer autentikatorer på nivå høyt (eIDAS LoA High). Alle er tilgjengelig via Buypass ID Security Domain.

Buypass ID på smartkort (PKI)
Buypass ID on mobile with mobile app (PKI)
Buypass ID on mobile with password and otp on SMS (PKI)
Buypass ID Fido2 (eID - nøkkel)

Brukersteder som ønsker å tilby bruk av Buypass ID’er for autentisering må implementere sine løsninger mot Buypass ID Security Domain med bruk av oidc.

Autentisering - valg av flyt

I Buypass ID Security Domain tilbyr vi i dag 2 ulike autentiseringsflyter:

ID_PKI Service som tilbyr Buypass ID basert på sertifikater - nr 1, 2 og 3 i listen ovenfor
ID Broker Service som tilbyr alle Buypass ID’er - alle i listen ovenfor

Ved implementering av Buypass ID Security Domain må ønsket autentiseringsflyt oppgis. En oidc-klient kan kun knyttes til en flyt, men det er mulig å bytte flyter.

Menyen i ID_PKI Service:

Menyen i ID Broker Service:

Request parameter

I ID Broker Service er det også mulig å angi request parameter for autentiseringsmetode for å gå direkte uten bruk av menyene.

Se beskrivelse av parameterne bp_idp_hint og bp_amr-values under Optional request parameters på siden authorization.

For valg av autentikator basert på nøkkelteknologi (Fido2) må parameteret bp_idp_hint brukes.

For valg av autentikator basert på sertifikat må parameteret bp_amr-values brukes.

Engelsk/English

Buypass ID Security Domain

Buypass supplies several authenticators for eIDAS level of assurance high (LoA High). All are accessible via the Buypass ID Security Domain.

Buypass ID on smart card (PKI)
Buypass ID on mobile with mobile app (PKI)
Buypass ID on mobile with password and otp on SMS (PKI)
Buypass ID Fido2 (eID - key)

Suppliers and service owners who wish to make available Buypass IDs for authentication must implement an oidc client in their solutions towards the Buypass ID Security Domain.

Authentication - choice of flow

At the moment we have 2 alternative authentication flows in the Buypass ID Security Domain:

ID_PKI Service that offers authentication with authenticators based on certificates - no. 1, 2 and 3 in the list above
ID Broker Service that offers authentication with all types of Buypass IDs - all in the list above

When implementing the Buypass ID Security Domain, the authentication flow wanted by the supplier must be specified. An oidc client can only be associated with one flow at the time, but it is possible to change flow.

Menu in the ID_PKI Service:

Menu in the ID Broker Service:

Request parameter

In the ID Broker Service, it is also possible to set the request parameter for authentication method to go directly without using the menus.

See description of the parameters bp_idp_hint and bp_amr-values under Optional request parameters on the page authorization.

For choosing a authenticator based on security key technology (Fido2) the parameter bp_idp_hint must be used.

For choosing a authenticator based on certificate (PKI) the parameter bp_amr-values must be used.