/
How-to configure LoT level of trust

How-to configure LoT level of trust

Owned by Valentin Bürgler
23. Aug 2024
2 min read

Introduction

This article will guide you through the configuration of LoT on a CoreOne Suite system using the configuration for Amt für Informatik Graubünden as an example.

Note:

  • Configuring LoT is currently only possible within the database

  • Some aspects of the identification procedure may currently still be hard-coded and their configuration is not yet possible outside of feature requests

Further reading on LoT can be found here: Level of Trust - LoT

What to configure

Observe the following graph, which represents the conceptualized LoT configuration for AIGR:

image-20240819-152351.png

On the X axis, the available entries for quality of authentication are shown, be configured in the table servicecorelogin_quality_of_authentication. Note that QoA values 3 and 4 are not in use on any LoT and should therefore not be configured.

On the Y axis, we see available entries for quality of registration, to be configured in the table servicecorelogin_quality_of_registration. The gray values on the Y axis are only there for reference, as they represent the configuration on Thurgau’s system.

The colored boxes inside the graph represent the available entries for level of trust, to be configured in the table servicecorelogin_level_of_trust

Database tables to edit

servicecorelogin_quality_of_registration

Configure the available quality of registration (QoR) entries here. In the given example, the configuration would look like this:

id

name_key

system_name

steps

quality_of_registration_strenght_id

id

name_key

system_name

steps

quality_of_registration_strenght_id

1

Module.DM.AuthenticationService.QualityOfRegistration.None.Name

urn:ktgr:authentication:qor:100

1

1

2

Module.DM.AuthenticationService.QualityOfRegistration.AutoOrManual.Name

urn:ktgr:authentication:qor:300

2

2

3

Module.DM.AuthenticationService.QualityOfRegistration.AutoOrManualAndAhv.Name

urn:ktgr:authentication:qor:400

3

3

servicecorelogin_quality_of_registration_strength

In this table, you map the QoR to what is displayed on the portal here:

image-20240823-135104.png

id

name_key

strength

id

name_key

strength

1

Module.DM.AuthenticationService.QualityOfRegistration.Strength.Low

1

2

Module.DM.AuthenticationService.QualityOfRegistration.Strength.Medium

2

3

Module.DM.AuthenticationService.QualityOfRegistration.Strength.High

3

servicecorelogin_level_of_trust

This is where the ACR values are mapped to the different LoT and their required QoR:

id

acr_value

quality_of_registration_id

id

acr_value

quality_of_registration_id

2

urn:ktgr:authentication:lot:100

1

5

urn:ktgr:authentication:lot:100+

1

3

urn:ktgr:authentication:lot:300

2

6

urn:ktgr:authentication:lot:300+

2

4

urn:ktgr:authentication:lot:400

3

7

urn:ktgr:authentication:lot:400+

3

servicecorelogin_level_of_trust__quality_of_authentication

Map the LoT to their respective QoA here:

level_of_trust_id

quality_of_authentication_id

level_of_trust_id

quality_of_authentication_id

2

1

3

1

4

1

5

1

6

1

7

1

5

2

6

2

7

2

Tables to configure for advanced LoT (AutoIdent, etc. - not relevant for basic config)

  • servicecorelogin_level_of_trust_custom_check

  • servicecorelogin_level_of_trust__level_of_trust_custom_check

  • servicecorelogin_quality_of_registration_check

  • servicecorelogin_quality_of_registration__qor_checks

  • servicedmcore_quality_of_registration_check_read_only_attribute

  • servicedmcore_quality_of_registration_check_dependency

  • servicecorelogin_setting_value

Related content

© ITSENSE AG. Alle Rechte vorbehalten. ITSENSE und CoreOne sind eingetragene Marken der ITSENSE AG.