Norway Overview - RUB-NDS/FutureTrust GitHub Wiki
Norway uses SAML 2.0 for their eID services. According to the specification (Direktoratet for forvaltning og IKT, 2014)[1], the architecture is heavily based on the Danish version of eGov profile. Further technical information can also be found in (Nets Norway AS, 2015)[2].
The architecture consists of the following parts, see Figure 1:
- User agent (Web browser)
- Service Provider
- ID-Porten (ID-Portal): Trust anchor for the public sector. It links public agencies and e-ID providers together.
- eID provider: One of the (currently) four registered eID providers: MinID, Commfides, Buypass, and BankID.
Figure 1: Norwegian eID Service Architecture (Direktoratet for forvaltning og IKT, 2014)
The authentication process relies on the SAML 2 messages. The user communicates with the ID-Porten using SAML HTTP Redirect/POST binding. The direct communication between the Service Provider and ID-Porten is established with the SAML SOAP binding. The process works as follows:
1) The end user visits the Service Provider.
2) The Service Provider creates an authentication request and redirects the user to the ID-Porten.
3-4) ID-Porten evaluates the required security level, chooses the appropriate eID provider, and the user authenticates at this eID provider.
5) After a successful authentication, ID-Porten sends a Response to the Service Provider.
6) Service Provider verifies the user identity by sending a SAML Request over SOAP to the ID-Porten.
7) ID-Porten delivers personal information about the end user.
8) End user can access the desired Service Provider.
In addition to the login procedure, the specification describes SAML logout[1].
1. ^ ^ Direktoratet for forvaltning og IKT. (2014). Integrasjonsguide for ID-porten.
2. ^ Nets Norway AS. (Januar 2015). E-Ident Integration Guide. Retrieved from https://www.nets.eu/dk-da/l%C3%B8sninger/nemid/signering-identificering/Documents/Nets%20E-Ident%20Integration%20guide_EN.pdf