Advanced concepts

The fundamental element of ADUCID®’s activity is an operation. The target application requests AIM to perform an operation, AIM along with PEIG® then perform the operation and make the result available to the application. The application can then use the result of the operation (e.g. use a positive authentication result to grant access to information to a specific user in the scope of that user’s assigned rights, or use a negative result to deny access). Standard applications only use the “open” operation, which performs user authentication. Applications that manage identities (Identity Management) use other operations that support the execution of the entire lifecycle of the identity and other activities. For illustration, a list of supported operations of ADUCID® is provided with a brief description of each operation:

Unordered List ItemInitialization of an identity II Identity Initialization “init” PEIG® and AIM together form a new unique electronic identity.
Use of an identity IU Identity Use “open” PEIG® and AIM together validate the eID and provide a link to user information (authentication).
Change in an identity IC Identity Change “change” PEIG® and AIM together change the existing internal values of the identity while preserving the entire context of personification (including all associated personal data).
Termination of an identity IE Identity End “delete” PEIG® and AIM together invalidate the electronic identity and prevent anyone from performing any operation using this identity.
Reparative change of an identity RC Reparative Identity Change “rechange” Change of an identity performed if the validity of previous identity has expired.
Reparative initialization RI Reparative Identity Init “reinit” Identical with II, performed if corresponding identity exists on PEIG® (this operation’s purpose is to restore AIM).
Extended Use XUSE Advanced operation to create replicas, display dialogs and work with personal factor.

The issue of authentication results from linking the target application together with the protection of the data channel between the client and server part of the target application. This is called “binding”.

Different user scenarios exist for how to link a target application to ADUCID authentication. They have different user and security features. It is possible to take snapshot of a QR code by using a mobile phone, when the QR code is displayed on a workstation screen to log in, or it is possible to use PEIG from hard disk of the same workstation where the web browser is running, or it is possible to use a web browser on a mobile phone or tablet.

The AIM security manager can select what binding scenarios will be supported by AIM and what scenarios will be disabled. This is possible through the AIM “binding mode” attribute configuration.

  • documentation/advanced/start.txt
  • Last modified: 2018/06/27 14:52
  • by tjotov