Net iD Access and Net iD Access Server – Documentation

1 – Document history

0.9 – 2012-09-04 – Initial version
1.0 – 2012-10-04 – First official version
1.01 – 2012-12-17 – Minor editorial

2 – Introduction

This documentation describes how a service provider can use Net iD Access and Net iD Access Server for authentication and signing in different types of Internet services by using their smart card and PIN together with their mobile device, rather than in a traditional USB smart card reader connected to the traditional computer.

Abbreviations and naming conventions in this documentation:

NiA = Net iD Access (The App used for login and signing)

NiAS = Net iD Access Server (The Web Service communicating with the service and with Net iD Access)

The Service = The heart of the solution with webserver, applications server, databases etc.

2.1 – Four use cases

App

The end users connects to the service from a dedicated app on their phones or tablets.

The smart card for authentication/signing is used on the same phone or tablet.

Mobile web

The end users connects to the service from the built in web browser on their phones or tablets.

The smart card for authentication/signing is used on the same phone or tablet.

Web

The end users connects to the service from a web browser on their computers or devices.

The smart card for authentication/signing is used on another phone or tablet.

Voice

The end users connects to the service over the phone.

The smart card for authentication/signing is used on the phone or tablet.

access_concept_overview_v2

2.2 – Supported platforms

The ‘Net iD Access’ app is currently available for iOS.
(Android, Windows (x86/x64), Windows 8 Phone, Windows 8 RT, Mac OS X and Linux will follow.)

Net iD Access Server will be available for Windows and webservice for IIS. Support for other platforms and application servers will be considered.

2.3 – References

A)
Supported operations can be found at this URL: https://access.www.secmaker.com/nias/

Use:
– Authenticate -> To create a login request
– Sign -> To create a sign request
– Collect -> To get status information
– Register -> To register the name and logo of an application using Net iD Access Server

B)
Formal definitions can be found here: https://access.www.secmaker.com/nias/ServiceServer.asmx?WSDL

Access.www.secmaker.com is only intended for testing and pilots.

No production services are allowed to use access.www.secmaker.com. You will have to deploy your own instance.

3 – Overview – Net iD Access and Net iD Access Server

For an authentication or signing operation to be possible the end user first of all have to install Net iD Access. Net iD Access will be free of charge and published on AppStore. Later an Android version will be available on Google Play but when depends on if we can find a good smart card reader with drivers for Android.

A Net iD Access enabled service makes simple web service calls to a Net iD Access Server. The end user can configure their device for usage of several Net iD Access Servers. For example:

access.telia.com – For citizen services with eID

access.inera.se – For national healthcare services

access.region.se – For services in a specific region

access.municipality.se – For local services

The communication is asyncronous and the service first asks Net iD Access Server for a specific function and then regulary checks for results. The technical interface is described in chapter 9, here. Net iD Access Server will only be accessible by services using a valid and trusted server certificate.

If Net iD Access is installed on the same device the user uses to access the service itself, Net iD Access can be started automatically. Use case 2 and 3 above.

If the user accesses the service in another way, use case 1 or 4, the user must start Net iD Access manually.

Please keep in mind that Net iD Access and Net iD Access Server does not protect data and information presented in you service. Net iD Access and Net iD Access Server handles login and sign operations, only.

Use HTTPS to establish an encrypted tunnel for transport of information.

Session handling is not covered by Net iD Access Server. You must handle that part in your app/service.