The Buypass OpenID Provider architecture is highly modular and can be configures/adapted to various use-cases.

It all begins with the definition and setup of a Security Domain. Depending on the use case/customer a generic domain (such as BuypassID) might be suitable, while in other cases a custom domain have to be defined.

In any case, the Buypass OpenID Provider can support several models.

Within an established security domain, the architecture allows for various forms of authentication methods, user interfaces and delegation to other high level Identity Providers (such as https://www.bankid.no) or more low level social Identity Providers like Facebook or Google

The tokens issued by a the Buypass OpenID Provider can be used to access Buypass provided services/APIs or be used to protect/authorise access to custom 3rd party services and APIs.

External Identity Provider can also delegate authentication the the Buypass OpenID Provider.

Buypass OpenID Provider - Architecture overview