Authentication is about recognising a returning user. It is important to have an easy way to allow them to authenticate their identity each time they login to a website, app or service.
# Authentication provider
Authentication provider is another name for eID (see below).
Authorisation is about what a user is allowed to do. Whilst authentication will allow a user to log into an account, and thereby prove who they are, authorisation states what the user can now do. Examples could be allowing access to the HR system, or being allowed to enter new employees into the HR system.
See Identity Broker.
A certificate, or digital certificate, is an electronic document used to prove the ownership of a public key. The certificate includes information about the key, information about the identity of its owner (called the subject), and the digital signature of an entity that has verified the certificate's contents (called the issuer). For Signicat, certificates are either used to secure connections or as a means of logging in.
# Digital identity
A digital identity is person's identity in the digital space, meaning - in the broadest sense - the sum of all digital information that can be linked to the person. Digital Identity may also be used in a more narrow sense, e.g. for the person's official identity attributes from an identity document or from an eID.
eHerkenning, or eRecognition in English, is the standardised login system with which Service Providers in the Netherlands can allow users to log in on behalf of their organisations. It provides access to Dutch public services and Governmental Bodies. It is the only Dutch eID method that allows you to act on behalf of a company.
Service providers in the Netherlands can allow users of (non-Dutch) European eIDs to log into their services by using the eHerkenning network.
eIDs, or electronic IDs, are the individual methods used for authentication or signing. An eID is a means for a person to provide certain identity attributes, such as name, national identification number, date of birth, and so on. These attributes are stored within the eID.
eIDAS is a 2014 regulation of the European Parliament and Council on electronic identification and trust services for electronic transactions in the internal market. In the Netherlands, eIDAS is provided via the eHerkenning network.
# Electronic identification
The process of using personal identification data in electronic form which uniquely represents either a natural or legal person, or a natural person representing a legal person.
# Electronic signature
This is data in electronic form, which is attached to or logically associated with other data in electronic form, that is used by the signatory to sign.
In Signicat terms, the end-user is the person who ultimately uses a product. For example, in B2C signing, the end-user is not the company using the Sign solution to get their documents signed, but rather the private person who signs the document.
# Identity Broker
Signicat's Identity Broker is a cloud platform where customers (Service Providers) can easily integrate a wide variety of international eIDs (Identity Providers). The Identity Broker has a simple user interface/front-end through which you can establish eID (IdP) connections.
The Signicat Identity Broker can be used for Identity Proofing and Authentication, offering you more certainty about the identity of the user.
# Identity proofing
Identity proofing is the act of determining the identity of an individual or organisation. This is something the individual or organisation will do themselves. It can be done, for example, by using an eID (which will have already been verified), or by scanning an identity document in conjunction with providing a selfie; but requirements will differ. Identity proofing is useful for first time interactions with a customer, such as registration or onboarding.
# Identity provider (IdP)
An identity provider is the supplier of the identification method and of the electronic identity. They are responsible for issuing the digital identities to a person. Customers can choose one or more of these identity providers to enable the end-user to log on to their online applications or services.
# Know Your Customer (KYC)
KYC is the process of a business verifying the identity of its clients. The objective of KYC guidelines is to prevent banks from being used, intentionally or unintentionally, by criminal elements for money laundering activities.
# Level of Assurance (LoA)
Level of Assurance (LoA) refers to the degree of trust or confidence in the claimed identity of a person and how certain a Service Provider is about that person's claimed identity when using their eID to authenticate a service. The Level of Assurance refers to the difficulty one would have trying to use someone else’s eID.
According to eIDAS regulations, there are three levels of assurance: Low, Substantial and High.
- Low: Self-registration in a web-page, without any identity verification.
- Substantial: Providing and verifying identity information and authentication by using a user name and a password and a one-time password sent to your mobile phone.
- High: Registering in person in an office and authentication by using a smartcard, such as a National ID Card.
# National identification number
National identification numbers are used by many countries' governments as a means of tracking their citizens, permanent residents and temporary residents for the purposes of work, taxation, government benefits, health care and many other government-related functions. This number usually appears on identity documents issued by these countries.
# Natural person
A natural person, in legal terms, is defined as a living human being as opposed to a corporate body.
# Non-natural person
A non-natural person is any corporate body, unincorporated firm, partnership or body with legal personality other than an individual.
Onboarding is the process of allowing end-users to sign up to an online service whereby a verification of that user is carried out using an eID method. Onboarding refers to a first-time interaction with an end-user during the process of becoming a customer of a service and outlines what Signicat customers want to do to accept these new users to their service.
# One-Time Password (OTP)
A One-Time Password is a randomly generated password, which is given to the user; for example as a text message (SMS), an email, a postal letter, by an app on a smartphone, or by a device. When entering the OTP, the user proves that he or she is in possession of the given item. This is typically used as part of a two-step authentication.
Also see Time-Based OTP (TOTP).
# Organisation Identification Number (OIN)
An OIN is is an Organisation Identification Number, or can also be called a Government Identification Number. You use it to identify yourself as an organisation.
# Politically exposed person (PEP)
In financial regulation, a politically exposed person (PEP) is one who has been entrusted with a prominent public function. A PEP generally presents a higher risk for potential involvement in bribery and corruption by virtue of their position and the influence that they may hold.
This is a unique identifying code with which a user account can be uniquely identified or distinguished. The specific pseudonym is unique for each different combination of user, represented service consumer, intermediary and service provider. Find out more about generating pseudonyms here (opens new window).
A software development kit (SDK) is also known as a Signicat Adapter. Any service can be connected to the Signicat Identity Broker using a Signicat Adapter. With a Signicat Adapter, the connection is effectively integrated within the application in order to set up connections between your online services and various identity providers.
# Service catalogue
A service catalogue is a file specifying the level assigned to each of your services. The Service Catalogue is only used for eHerkenning and eIDAS. The catalogue can include details of multiple services and levels. Further information about the service catalogue is available here (opens new window).
# Service provider (SP)
A service provider is a Signicat customer, the party that uses the digital identity service and provides the service to the end-user. They offer one or more identity methods on their app, portal or website so that end-users can identify or gain access to these services.
# Single Logout (SLO)
With Single Logout, a user can log out of all active sessions (even over multiple different service providers) by sending a SLO request to the application of the service provider. SLO can be initiated by the end-user or the service provider, or in some cases by the IdP. SLO is session- and token-based.
# Single Sign-On (SSO)
With Single Sign-On, a user can log in to services once and access them without having to re-enter authentication factors. This only applies to services that are connected to the same SSO session. SSO is session- and token-based.
# Time-Based OTP (TOTP)
A Time-Based OTP will generate OTPs based on time, whereby the user has a certain, limited amount of time to enter the time-based OTP. Typically, the user will have an application running on a smart-phone for generating these. One such application is the Google Authenticator.
# Two-factor authentication (2FA)
Also referred to as two-step verification or dual-factor authentication, two-factor authentication is the process in which users must provide two different authentication factors to verify themselves. 2FA is a secure process that helps protect both a user's credentials and the resources the user can access.