Globally, digital identity ecosystems are increasingly complex and consist of a wide range of identity models and actors with diverse responsibilities, interests, and priorities.
Digital identities are created and used as part of a life-cycle that includes three fundamental stages:
- registration, including enrollment and validation
- issuance of documents or credentials
- authentication for service delivery
List of entities and names used to describe UANATACA's services
Registration Authority (RA)
The RA manages the entire life-cycle of digital identities, from the certificate issuance to suspension, reactivation, renewal and revocation of the PKI credentials.
Registration Authority Officer (RAO)
The RAO follows strict guidelines and policies defined to ensure the trust of the CA. RAO is responsible for managing the requests for digital certificates and verifying the content of the requests as well as vetting people requesting them.
The Account having access to the APIs provided by the system. It is generally used for a server to server interaction.
Certificate Request (Request)
It is a request to issue a new certificate. A request can be associated with only
one RA and has a status attribute to monitor the progress of the application:
2) Enrolled Ready
Created: The request has been created and associated to an RA, but the content of the request has not been validated yet. In this state, data can also be inconsistent, the system will not throw an error. The content of the request can be edited at any moment to make it valid.
Enrolled Ready: The certificates are ready to be issued. The request arrives at this stage, if it has been approved and signed by a RAO, who is part of the RA in charge of the request.
Issued: Certificates issued. The request is ready to be enrolled from the user's self-service page on the platform. The user must first set PIN and PUK codes of his or her choice and then enable the digital identity.
Secret codes (Scratchcard)
It is a virtual scratch card containing the secret codes of the user.
The card contains:
- a serial number: it uniquely identifies the user
- an enrollment code: secret code, that is sent to the user by email
It is important to notice that a Scratch Card can be used only once. Every Request must be associated with a different Scratch Card.