Rule engine when acting on behalf of another person (Delegate, Authorization)
Operating principle of the rule engine
With the rule engine, your organisation can specify mandate check rules for your e-service. The rule engine is specific to each e-service. Its settings can be used to set the requirements for acting on behalf of another person in e-services that utilise the e-Authorizations service interface.
You must set and manage the rules of the rule engine in a manner that is suitable for your e-service. In addition, it must be decided which register entries prevent transactions. For example, reasons to restrict acting on behalf of a minor dependent may include a non-disclosure order, transfer of guardianship and joint custody agreement.
Rule engine interfaces
Two interface queries are used when acting on behalf of another person: AuthorizationList and Authorization. In general, we recommend using the AuthorizationList query, because it facilitates a wider variety of uses and is simpler to run.
AuthorizationList
- Returns information on service roles in which the assignee (agent) has the right to act on behalf of the assignor (principal).
- An empty list means that there is no authorization.
- The service role based on the Population Information System (PIS) is ALL, which is used when acting on behalf of a minor dependent.
- The service role based on a mandate or the guardianship affairs register is the technical identifier (URI) for the mandate theme, which is used when acting behalf of an adult.
- The response may include several roles.
- The query returns the GUARDIAN role if rule 021.001.2.2.3 is selected and the related conditions are met.
Authorization
- Returns only an ALLOWED or DISALLOWED response.
- In general, the response is DISALLOWED. An ALLOWED response is only offered if the assignee has authorization under the defined rules.
- When acting on behalf of an adult, this query requires that the technical identifier (URI) for the mandate theme is included in the request.
Logical description of the rule engine
The e-Authorizations rule engine works as shown in the figure below when acting on behalf of another person. The rule engine rules shown in the figure are explained in more detail below.
Rule engine rules
Below are the rules which the rule engine goes through when acting on behalf of another person. The numbers for each section refer to the preceding figure.
1. Checking the eligibility of assignees to act on behalf of another person
1a. Checking the eligibility of Finnish assignees in the PIS
- their personal identification number is valid
- they are alive.
If either of these conditions is not met, the rule engine issues a Disallowed response to the e-service about the assignee's right to act on behalf of the assignor. If both conditions are met, the rule engine checks the information of the assignor.
Table 1a shows the checks run by the rule engine to determine the eligibility of Finnish assignees to act on behalf of another person.
Rule ID | Description | Optionality |
|---|---|---|
001.001.1.1 | checks that the personal identification number is valid | mandatory |
002.001.1.1.2 | checks that the person is alive | mandatory |
Table 1a. Rules used to check the eligibility of Finnish assignees to act on behalf of another person.
1b. Checking the eligibility of foreign assignees in the UTU register
The rule engine checks the UTU register for the UID level of assurance of foreign assignees.
Rule ID | Description | UID information (ALLOWED) | Optionality |
|---|---|---|---|
031.008.1.1 | checks the UID level of assurance | validated (LOA = 1) | mandatory |
Table 1b. Rules used to check the eligibility of foreign assignees to act on behalf of another person.
2. Checking the eligibility to act on behalf of another person based on the selected rules
2a. The assignee must be the guardian of the assignor
The rule engine checks the Population Information System (PIS) to confirm that the assignee is the guardian of the assignor. If the assignee is not the guardian of the assignor, the assignee is not eligible to act on behalf of the assignor without restriction.
Table 2a shows the checks run by the rule engine concerning the guardianship relationship between the assignee and assignor.
Rule ID | Description | PIS information (ALLOWED) | Optionality |
|---|---|---|---|
025.001.2.4 | Checks the assignee's guardianship relationship with the assignor. A guardianship relationship is not required if the person has the right of access to information in section 2b2. | The personal identification number of the assignee is on the guardian list of the assignor. | mandatory |
Table 2a. Rules used to check the guardianship relationship of the assignee.
2b. Assignor rules based on Population Information System information
These rules only apply when acting on behalf of a dependent minor. The rule engine checks the assignor in the Population Information System (PIS) to ensure that
- their personal identification number is valid
- they have not been taken into custody
- they have not been issued a non-disclosure order
- their other guardians have not been issued a non-disclosure order
- their age matches.
If any of these conditions are not met, the rule engine issues a Disallowed response to the e-service about the assignee's right to act on behalf of the assignor. If all the conditions are met, an Allowed response is sent and the assignee is allowed to act on behalf of the assignor.
Table 2b shows the checks run by the rule engine concerning the assignor's information.
Rule ID | Description | Optionality |
|---|---|---|
001.001.1.1 | checks that the personal identification number is valid | optional |
007.001.2.3 | checks that the person has not been taken into custody | optional |
011.001.2.6 | checks that no non-disclosure order has been issued | optional |
012.001.3.1 | checks that the person's other guardians have not been issued a non-disclosure order | optional |
013.001.2.7 | checks the person's age: higher than, equal to or lower than the age given | optional |
Table 2b. Rules used to check the assignor's information.
2b1. Guardianship of the assignor may only be agreed in terms of housing in the PIS
The rule engine checks the Population Information System (PIS) to ensure that no joint custody agreement or order (excluding housing) is in place for the assignor (see Table 2b1).
Rule ID | Description | Optionality |
|---|---|---|
021.001.2.2.3 | Checks that there is no old-type, free-form joint custody agreement or order (excluding housing) in place. This rule prevents restoring the ALL role in the role response. The rule allows restoring the GUARDIAN role in a response rejecting eligibility to act on behalf of another person if the role has been selected as ALLOWED in the rules. The rule does not apply to the possible restoring of joint custody codes for new-type joint custody agreements or orders shown in section 2b2. It therefore does not override the rules in question. | optional |
2b2. Rule for coded joint custody and right of access to information in the PIS
The rule engine checks the Population Information System (PIS) to see whether any codes for joint custody or right of access to information have been entered for the assignor's guardians or persons with the right of access to information (see Table 2b2).
Rule ID | Description | PIS information (ALLOWED) | Optionality: |
|---|---|---|---|
032.001.4.1 | Checks whether codes for joint custody or right of access to information have been entered in the Population Information System (PIS) for the assignor's guardians or persons with the right of access to information. The rule described in section 2b1 does not apply to this rule or override it. | The right to act on behalf of a minor is defined based on the minor's information in the Population Information System, which is checked using the following attributes of the assignee acting as a guardian or a person with the right of access to information:
| optional |
032.001.4.2 | Check whether any codes for joint custody or right of access to information have been entered in the Population Information System (PIS) for the principal’s guardians or persons with the right of access to information, and allow the transaction if the code is among the selected codes. The rule described in section 2b1 does not affect or override this rule. | Selectable joint custody and right‑of‑access‑to‑information codes:
| optional |
2c. Mandate transaction: Assignor rules based on Population Information System information
When dealing with Finnish assignors, the rule engine checks the Population Information System (PIS) to ensure that
- their personal identification number is valid
- they are alive.
If either of these conditions is not met, the rule engine issues a Disallowed response to the e-service about the assignee's right to act on behalf of the assignor.
Table 2c shows the checks run by the rule engine concerning a Finnish assignor's eligibility to act on behalf of another person.
Rule ID | Description | Optionality |
|---|---|---|
001.001.1.1 | checks that the personal identification number is valid | mandatory |
002.001.1.1.2 | checks that the person is alive | mandatory |
Table 2c. Rules used to check the eligibility of Finnish assignors to act on behalf of another person.
2d. Rules concerning the Population Information System and the authorization register
The rule engine may check the authorization register to see whether the assignee is authorized to act on behalf of the assignor or a company they represent.
This rule applies to acting on behalf of another person based on a mandate in the authorization register. Acting on behalf of another person based on a mandate always requires that the assignor (principal) has granted the assignee (agent) a mandate for transactions in Suomi.fi e-Authorizations. Information on the right to transactions is provided in the rule engine only in mandate themes selected under this rule. Only mandate themes authorized by the e-Authorizations service implementation team may be selected with the rule engine. You can request the authorization of mandate themes for the rule engine from the implementation team at valtuudet-kayttoonotot@dvv.fi.
This rule also makes it possible to act on behalf of a dependent minor with a mandate entered in the authorization register. The child's guardians may grant each other or a third party a mandate to act on behalf of their dependent. Acting on behalf of another person with a mandate can be restricted to only guardians with rule 035.001.2.9.
In addition, this rule enables transactions for guardians under guardianship when the guardianship restricts the transactions to mandate themes concerning the person.
Table 2d shows the checks run by the rule engine concerning the authorization register.
- Rule ID 019.003.1.1
- Optionality: selectable
Checks the authorization register whether the assignee is authorized to act on behalf of the assignor.
OR
Checks whether the assignee has received a mandate to represent from the company they represent and whether the company being represented has received a mandate from the assignor for the matter in question
Note! Representing a company (e.g. an accounting agency employee acts on behalf of an agency customer) only works using Web API interfaces.
OR
Checks whether the assignee is a guardian and under guardianship, i.e. declared legally incompetent, based on information in the Population Information System (transactions only possible in selected mandate themes concerning the person)
2e. Mandate transaction: assignor rules based on UID identifier information
The rule engine checks the UTU register for the UID level of assurance of foreign assignors.
Rule ID | Description | UID information (ALLOWED) | Optionality |
|---|---|---|---|
031.008.1.1 | checks the UID level of assurance | validated (LOA = 1) | mandatory |
Table 2e. Rules used to check the eligibility of foreign assignors to act on behalf of another person.
2f. Mandate transaction: Optional assignor rules based on Population Information System information
The rule engine checks the Population Information System (PIS) for optional assignor rules based on PIS information for acting on behalf of a minor based on a mandate.
Optionality: selectable
Rule ID | Description | PIS information (ALLOWED) | Optionality |
|---|---|---|---|
034.001.2.8 | checks that the person is at least the age given | Age is checked using the date of birth in the personal identification number. | optional |
035.001.2.9 | checks that the minor is under the guardianship of the assignee | Minor status is determined based on the date of birth in the personal identification number. | optional |
003.001.1.3 | checks that the person is not under guardianship | The level of guardianship of the person is none of the selected. | optional |
Table 2f. Optional assignor rules for acting on behalf of a minor based on a mandate checked in the Population Information System (PIS).
2g. The assignee must be the assignor's guardian or a court‑appointed guardian with a continuing power of attorney
The rule engine checks from the register of guardianship affairs whether the assignee has received a continuing power of attorney from the assignor, which grants the assignee the right to act in the mandate theme given in the interface query (Authorization) or in the mandate themes used in the e-service (AuthorizationList).
In this context, it is also checked that:
- the assignor is alive
- their personal identification number is valid.
Rule 036.010.1.4 does not affect these checks or override them.
Rule ID | Description | Authorization role | Optionality |
|---|---|---|---|
036.010.1.4 | It is checked whether the agent is the principal’s guardian or whether the agent has a continuing power of attorney granted by the principal, with competencies that entitle the agent to act alone. This authorizes acting on behalf of the principal only in an AuthorizationList query. | Authorization roles for a guardian or an attorney with a continuing power of attorney:
| optional |
3. Interpreting the rule run results and generating a response
3a. Interpreting an Authorization interface response
The assignee is granted the right to act on behalf of another person if the response given in the Authorization interface is ALLOWED.
The ALLOWED result is given if both of the following conditions are met:
- the Finnish assignee is eligible to act on behalf of another person (1a)
- An ALLOWED result is given for PIS rules (2a + 2b)
The ALLOWED result is also given if the following conditions are met:
- the Finnish or foreign assignee is eligible to act on behalf of another person (1a or 1b)
- the PIS or UID checks (2c and 2f or 2 e) for the assignor's mandate transaction are in order
- the assignee has the right to act on behalf of another person based on the authorization register rules (2d).
The ALLOWED result is also given if the assignee is the assignor's attorney based on an eligibility that applies to the mandate code sent in the interface request (2g).
If the assignee's guardianship is restrictive, the ALLOWED result is only given if a valid mandate code is sent in the interface request.
If the conditions are not met, the response will be DISALLOWED. In this case, the assignee is not granted the right to act on behalf of another person.
3b. Interpreting an AuthorizationList interface response
The assignee is granted an unrestricted right to act on behalf of another person if the response given in the AuthorizationList interface is ALL. The ALL result is given if both of the following conditions are met:
- the Finnish assignee is eligible to act on behalf of another person (1a)
- An ALLOWED result is given for PIS rules (2a + 2b)
The GUARDIAN result is given if the only rule resulting in a DISALLOWED response is 2b1 and the role in question has been configured as allowed for the rule.
The mandate code based on joint custody is returned if 2b and 2b2 result in an ALLOWED response.
If the assignee's guardianship is restrictive, the allowed mandate codes are added to the response instead of the ALL role. Guardianship does not affect the GUARDIAN role.
The assignee may have the right to act on behalf of the assignor only in certain matters (URI). The URI of the mandate theme is added to the response if all the following conditions are met:
- the Finnish or foreign assignee is eligible to act on behalf of another person (1a or 1b)
- the PIS or UID checks (2c and 2f or 2 e) for the assignor's mandate transaction are in order
- the assignee has the right to act on behalf of another person in matters specified for the service based on the authorization register rules (2d).
The URI of the mandate theme is also added to the response if the assignee is the assignor’s attorney with an eligibility applicable to the mandate theme (2g).