Technical documentation
Verifying mandates
The right to act on behalf of another person or company is affected by many factors, such as guardianship details, information on company representatives, and the data stored in the authorisation register. When verifying mandates, the organisation’s e-service submits an automated query to the e-Authorizations service. The e-Authorizations service then responds whether the person or company has the right to act on behalf of another party. The data is retrieved from the basic data registers and/or from the authorisation register. For example, the e-Authorizations service checks whether the personal identity code of the person acting on behalf of another party can be found in the Population Information System and whether they are alive.
The organisation’s e-service can include other verification rules that can prevent the use of the service if they are met. These are set in the rule engine. The use of the service is prevented if even one of the set verification rules is met. The e-service is not informed of the reason for the restriction, but only whether the person or company may act on behalf of another party or not.
Rule engine
The rule engine can be used to define service-specific mandate verification rules for the customer organisation’s e-service. Based on these, the Authorization interface provides the e-service with either an approval (ALLOWED) or rejection (DISALLOWED) response to the person’s right to use the e-service. As a rule, the response is DISALLOWED. An approval response is provided only if every rule in the specified rule set has been executed successfully and they all return the value ALLOWED.
The AuthorizationList survey can also be used in the verification of a party’s right to act on behalf of a person. The AuthorizationList response contains information on service roles for which the agent has the right to act on behalf of their client. The right to act on behalf of a client is indicated in the roles field, the value of which is either ALL (unlimited right to act on behalf of the client) or a list of matters (URI) that the right to act on behalf of the client applies to. If the list is empty, the party has no right to act on behalf of a client. In queries related to acting on behalf of a company, the query will return the company or companies related to the service user as well as their role information, such as the managing director.
- Rule engine for acting on behalf of another person (Delegate, Authorization)
- Rule engine for acting on behalf of a company (OrganizationalRoles)
Interfaces
The e-Authorizations service conducts its mandate verification queries either via the Suomi.fi Data Exchange Layer (Security Server interface) or the public Internet (Web API). The most suitable connection method for the e-service is selected on the basis of the use case. The customer organisation must build an interface for its information system to send queries and receive response messages.