Skip to content

Norway Overview

PinkieSwirl edited this page Jun 28, 2017 · 4 revisions

Norway uses SAML 2.0 for their eID services. According to the specification (Direktoratet for forvaltning og IKT, 2014)[1], the architecture is heavily based on the Danish version of eGov profile. Further technical information can also be found in (Nets Norway AS, 2015)[2].

The architecture consists of the following parts, see Figure 1:

  • User agent (Web browser)
  • Service Provider
  • ID-Porten (ID-Portal): Trust anchor for the public sector. It links public agencies and e-ID providers together.
  • eID provider: One of the (currently) four registered eID providers: MinID, Commfides, Buypass, and BankID.

Norwegian eID Service Architecture (Direktoratet for forvaltning og IKT, 2014)

Figure 1 Norwegian eID Service Architecture (Direktoratet for forvaltning og IKT, 2014)

The authentication process relies on the SAML 2 messages. The user communicates with the ID-Porten using SAML HTTP Redirect/POST binding. The direct communication between the Service Provider and ID-Porten is established with the SAML SOAP binding. The process works as follows:

1) The end user visits the Service Provider.

2) The Service Provider creates an authentication request and redirects the user to the ID-Porten.

3-4) ID-Porten evaluates the required security level, chooses the appropriate eID provider, and the user authenticates at this eID provider.

5) After a successful authentication, ID-Porten sends a Response to the Service Provider.

6) Service Provider verifies the user identity by sending a SAML Request over SOAP to the ID-Porten.

7) ID-Porten delivers personal information about the end user.

8) End user can access the desired Service Provider.

In addition to the login procedure, the specification describes SAML logout[1].

Reference

1. ^ ^ Direktoratet for forvaltning og IKT. (2014). Integrasjonsguide for ID-porten.
2. ^ Nets Norway AS. (Januar 2015). E-Ident Integration Guide. Retrieved from https://www.nets.eu/dk-da/l%C3%B8sninger/nemid/signering-identificering/Documents/Nets%20E-Ident%20Integration%20guide_EN.pdf

Clone this wiki locally