Versions Compared

Old Version 1

changes.mady.by.user Frode Nilsen

Saved on

compared with

New Version Current

changes.mady.by.user Frode Nilsen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space PDOIDC and version Moscow_OIDC

The OpenID Connect Provider from BankID (hereafter referred to as the OIDC Provider) consists of an industry-standard interface to various identity-related services. See the product litterature section for further  for further information on the user-experience, features and functions of such services and how to get started. See the technical documentation section on on provisioning for access and how to integrate with such services via the REST API or the JS Connector. See  

See the Release Notes and in particular the Compatibility Matrix for information on services supported in this particular release of the OIDC Provider.

A distinction is made between Identity Provider (IDP) Services and Value-Added Service (VAS).  Identity Providers offer authentication of end-users whereas a Value-Added Services offer subsequent access to data on the linked to an authenticated end-user via an . Subsequent access to Value-Added services happen via associated Resource ServerServers.

A major benefit of the OIDC Provider is to simplify integration of the BankID service compared to the legacy integration option with BankID Server. The xID service, being a companion to BankID, offers zero- and one-click user experiences for applications that do not require the high security level offered by BankID. The Fraud Data service offers risk scoring for the authenticated user. The TINFO service provides additional information on the end-user, given that the end-user has consented. The PSD2 service supports various AISP and PISP use-cases under PSD2, including support for end-user consent and dynamic linking. In contrast to the Fraud Data and TINFO serviceservices, note that the PSD2 service does not implement any associated Resource Server. PSD2 resources are made availble to AISP/PISPs over an API decided by each ASPSP.

...

  • OAuth2 clients in OAuth vocabulary
  • Relying Party in OIDC vocabulary
  • Merchant in BankID vocabulary
  • ASPSPs or TPPs in PSD2 vocabulary.

...

  • .

OIDC Clients use Scopes and Claims to request access to services. Identity Providers return ID Tokens containing assertions about the end-user and (optionally) Access Tokens to gain subsequent access to Value-Added Services. Consent handling is a key feature of the OIDC Provider that puts the end-user in control of delegating rights to an OIDC Client to access any Value-Added Service on behalf of the end-user. 

...