Suomi.fi e-Authorizations is a service for reliable verification of a person’s or organisation’s authorization, mandate or right to use digital services on behalf of another person or organisation regardless of time or place. The service provides mandates for all possible business cases and scenarios and their use cases, depending on which services the mandate is being used for. Different scenarios include: person to person mandates, person to company/organisation mandates, company/organisation to person mandates and company/organisation to company/organisation mandates.
The service consists of three main components / functionalities:
-
Registry based checking of a person’s authority for making transactions on behalf of other persons or organizations (for service providers)
-
Requesting and/or creating digital authorizations / mandates (for end-users)
-
The rule-engine for more detailed rules per digital service
e-Authorizations-service is fully open source and available on Population Register Centre (PRC) of Finland's GitHub: https://github.com/vrk-kpa. The service is being constantly developed further and latest source code is being frequently published to GitHub.
In Finland, the Suomi.fi-e-Authorizations service is run centrally by PRC and the service is available freely for public and private sector organizations.
How does the service work?
The service provider provides in its e-service or system an authorization checking query that can be sent to Suomi.fi e-Authorizations which then sends back the user’s roles and authorizations to be accessed by said service. This means that these services are able to answer whether the Mandatee has a necessary mandate or not, but the services don’t have access to the content of the mandate itself.
There are two different types of authorisations checkings that are supported:
-
Registry-based checking of a person’s authority for making transactions on behalf of other persons or organisations. In this case, the e-service obtains the mandate through the e-authorisations service from a base register (e.g. a mandate to act on behalf of one’s own children comes from Population Register). There are several registers in use and more are currently being added.
-
Requesting and/or creating digital authorisations that are then being saved in the mandate register. These are all purpose mandates, based on eMandates vocabulary. The user can either create a mandate or request a mandate. This is done through the national Suomi.fi-portal . The eID when logging into Suomi.fi e-Authorisation service can be the Certificate Card (powered by the Population Register) or other forms of identification such as bank eIDs.
Digital authorisations / eMandates are saved in the national Mandate register, where the verification of the authorisations is done. A citizen or a company can create and save authorisations / mandates in digital form directly in the national Mandate register. A Mandate itself can be valid up to 25 years. The Mandator may modify the mandate scope or duration, and to revoke it if necessary.
All Mandates that are stored in Mandate register apply to a theme instead of an organisation, a category or a specific, single transaction instance. Two examples of business cases are:
-
Preparation, planning and development of business activities: With this Mandate, the Mandatee can manage the information needed in the preparation, planning and development of business activities on behalf of the Mandator.
-
Managing matters related to healthcare: This Mandate gives the Mandatee the authority to act on behalf of the Mandator in healthcare services. The Mandatee may:
-
View information regarding the Mandator's state of health;
-
Make and change healthcare appointments;
-
Submit and receive information on the Mandator's state of health.
-
The terms and concepts used in the names and descriptions of the Mandate codes come from the ontologies of the National Library’s ontology service. The application and controlled use of these terms and concepts for the Suomi.fi-e-Authorizations system was done in consultation with The Finnish Terminology Center (TSK). So, the mandate codes adhere to the semantic framework and interoperability principles recommended for all sectors in Finland.
Benefits for the end-user
This service enables users to act on behalf of other persons or organizations in digital services, and authorize others to act on their behalf. Examples of possible uses of authorization are, for example, when a parent acts on behalf of his under-aged child or when a person who is authorized to sign for a company acts on behalf of that company.
Benefits for the service providers
The Suomi.fi e-Authorizations service offers the possibility of verifying the legal right of a person to act on behalf of another person or a company. The information about users’ role / mandate is sent directly from existing registers to the service provider’s services.
-
A better service experience, fluent self-service for the customers
-
Using electronic services and processes saves money
-
Administration of authorisations is not required
-
An automatic, reliable verification of authorisations / mandates
-
Reducing the risk of misuse
During 2018, there have been made over 2.5 million authorization checkings through the Suomi.fi-e-Authorization service (over 4 million all together). Usage has increased by about 10-15% per month. Using of the Suomi.fi-e-Authorization service means big cost savings for the service providers. The greatest savings are generated by the digitalisation of the authority authentication process, which speeds up the verification of mandates, reduces the need telephone calls, and other manual work related to authorisations validation. It is estimated that the cost saving generated by each authorization checking is about 6–10 euros.
