Introduction
Digidentity as SERMI Trust Centre¶
As part of previous SERMI requirements, IOEs were required to receive a hardware token including special software drivers to access security-related RMI. As the contracted Trust Centre, Digidentity will now deliver these tokens with the same level of trust and security, but using a much more easily-integrated approach.
Following UC IO.5 scheme rules, Digidentity will deliver secure tokens based on a hybrid solution between the Digidentity App and a Hardware Security Module based in Digidentity’s own datacenter. This allows both the IO and VM to access security-related RMI without needing to install special software/drivers in the local environment (causing UC EM4 to be no longer applicable).
OpenID Connect¶
As per UC EM3 scheme rules, the IOE must have access to security-related RMI content, and the VM must check the authorization status of the IOE to enable access (UC VM5). To meet this requirement, the VM would previously require a separate, shielded environment beside the regular RMI. As Trust Centre, Digidentity allows VMs to meet this requirement using the extra authentication layer it provides via the OpenID Connect protocol.
This documentation page describes the implementation process for an OpenID Connect integration with the Digidentity platform under the SERMI scheme, and serves as the implementation guide mentioned in the UC VM6 VM download from the SERMI website (currently OCSP & SOAP).