FRS-Partner-Management.md

Table Of Contents

• 1. Users and Roles
  • 1.1 User Creation (PM FR 1.1)
  • 1.2 Role Mapping
    • 1.2.1 MISP (PM_FR_1.2)
    • 1.2.2 Partner (PM_FR_1.3)
    • 1.2.3 Policy Manager (PM_FR_1.4)
    • 1.2.4 Partner Manager (PM_FR_1.5)
  • 1.3 Policy Group Assignment (Regulator) (PM FR 1.6)
• 2. MISP Activities
  • 2.1 License Key Management (PM FR 2.1)
• 3. Partner Activities
  • 3.1 Registration (PM FR 3.1)
  • 3.2 API Key Management (PM FR 3.2)
  • 3.3 Certificate Management (PM FR 3.3)
• 4. Policy Manager Activities
  • 4.1 Policy Management
    • 4.1.1 Creation and Publication of Authentication Policies (PM_FR_4.1)
    • 4.1.2 List, View, Add, Edit, Activate, Deactivate Policies (PM_FR_4.2)
    • 4.1.3 Filtered by Policy Group (Regulator) (PM_FR_4.3)
• 5. Partner Manager Activities
  • 5.1 Partner Management (PM_FR_5.1 & 5.2)
    • 5.1.1 Filtered by Policy Group (Regulator) (PM_FR_5.3)
  • 5.2 Partner Policy Assignment (PM_FR_5.4)
• 6. Impact on Authentication

• List of Configurable Parameters and Processes
• Partner Management API
• Process View

Introduction of Partner Management

1. Users and Roles [↑]

1.1 User Creation [↑]

MOSIP allows the creation of the following roles: MISP, Partners, Partner Manager, and Policy Manager.

MOSIP Admin will create and manage the roles MISP, Policy Manager and Partner Manager. Partners are created in a self-service mode.

The system also allows Updation, Retrieval, Activation and Deactivation of the user.

1.2 Role Mapping [↑]

1.2.1 MISP [↑]

A. MISP Creation

Upon receiving a request to create MISP with the parameters, the system performs the following steps:

1. Validates the credentials of the MOSIP Admin.
2. The system then validates if the MISP is not registered earlier using the same MISP Organization Name.
3. The system then generate MISP ID as per the logic defined below:
   • The MISP ID is a numeric 3 digit number. The length can be configurable
   • Each new MISP ID should be incremented by 1 for each new request
   • MISP ID generation should start from 100
   • Each generated ID should be unique
4. In case of Exceptions, system triggers relevant error messages.
5. The system then generates MISP License key and sets the default expiry of the key as 6 months. The License Key expiry is configurable.
6. The default status of MISP and MISP License Key is active.
7. The actor responds with the parameters: MISP ID, MISP status, MISP License Key, MISP License Key expiry, MISP License Key status, err (as applicable).

B. Retrieve MISPs

An Admin user can retrieve a MISP ID

Upon receiving a request from the admin user to retrieve MISP ID, the system performs the following steps:

1. Validates the credentials of the MOSIP Admin
2. A standard MISP retrieval request must have the following parameters based on which the system will retrieve the MISP-MOSIP Admin Username, MOSIP Admin Password, MISP Organization Name
3. The system fetches the data based on complete or partial match. Partial Match is defined as ‘when the input string is available in any part of a MISP Organization Name’
4. The system then fetches all the MISPs available in the system if the input parameter is not provided
5. The system responds with the following parameters: MISP ID, MISP status, MISP Organization Name,MISP Contact Number, MISP Email ID, MISP Address,MISP License Key, MISP License Key expiry, MISP License key status for all the MISPs retrieved, err (as applicable).

C. Update MISPs

An Admin user can update MISPs

Upon receiving a request from the admin user to update an MISP, the system performs the following steps:

1. Validates the credentials of the MOSIP Admin
2. Ideally an update MISP request should have the following parameters: MOSIP Admin Username, MOSIP Admin Password, MISP ID, MISP Organization Name, MISP Contact Number, MISP Email ID, MISP Address
3. The system updates the record based on the MISP ID and based on the requested parameters and responds with a status, err (as applicable)

D. Deactivate/Suspend MISP and MISP License

An Admin user can update MISP License key status

Ideally an update MISP License key status request should have the following parameters: MOSIP Admin Username, MOSIP Admin Password, MISP ID, MISP status, MISP License Key and MISP License key status

Upon receiving a request from the admin user to update an MISP License key status the system performs the following steps:

1. Validates the following:
   • The credentials of the MOSIP Admin
   • Validates if MISP ID is valid
   • Validates if MISP License Key is associated to the MISP ID
2. The system updates the ‘MISP License Key Status’ for the MISP ID and MISP License key in the request
3. The system updates the ‘MISP Status’ for the MISP ID
4. The system validates if the status to be updated is ‘‘Deactive' then the MISP/MISP Admin should not be allowed to access any services of PM.
5. The system validates if the status to be updated is ‘Active’ from ‘Deactivated’ for the MISP License Key, then the expiry time period tracking for License key time validity as per configuration should be re-initiated
6. The system then responds with a status, err (as applicable).

1.2.2 Partner [↑]

A. Partner Creation

Upon receiving a request to generate partner ID, the system performs the following steps:

1. Partner ID will be created based on default logic.
2. The number of digits for Partner ID generation will be configurable
3. The system then responds with the Partner ID, err (as applicable) to the source
4. Raises an alert in case of exceptions

B. Create Auth/E-KYC Partners

For creation of Auth/E-KYC Partners its necessary that Partners Role exists in the system. The partner must download digital certificates signed by MOSIP and upload digital certificate (either MOSIP provided/third party provided).

1. Upon receiving a request to create Partner with the parameters: Partner Organization Name, Partner Contact Number, Partner Email ID, Partner Address Policy Group the system validates if the a partner is not registered earlier using the same Partner Organization Name in the policy group
2. The system then generates Partner ID (PM to integrate with IAM to obtain the Partner ID (user-id)
3. The default status of Partner is set as active.
4. The system responds with the parameters: Partner ID, Partner status, err (as applicable). partner ID generated will be the partner User Name

1.2.3 Policy Manager [↑]

A. Generate Policy Manager ID

Upon receiving a request to generate Policy Manager ID, the system performs the following steps:

1. MOSIP Admin will create Policy Manager.
2. The system then responds with the Policy Manager ID, err (as applicable) to the source
3. Raises an alert in case of exceptions

1.2.4 Partner Manager [↑]

A. Generate Partner Manager ID

Upon receiving a request to generate Partner Manager ID, the system performs the following steps:

1. MOSIP Admin will create Partner Manager
2. The system then responds with the Partner Manager ID to the source
3. Raises an alert in case of exceptions

1.3 Policy Group Assignment (Regulator) [↑]

• A Country should define all the policy groups in the Country
• One Partner Manager should be created in IAM for each of these policy groups
• In general Partner Manager and Policy Manger should be mapped to any of the policy groups created above

2. MISP Activities [↑]

2.1 License Key Management [↑]

A. Generate MISP License Key

Upon receiving a request to generate License Key, the system performs the following steps:

1. MISP License key will be issued during creation of MISP.
2. Generates License Key as per default License Key generation logic defined below:
   • License Key Generation should follow a random generation pattern
   • License Key should be alphanumeric
   • License Key generated should be of length of 8 digits
   • Each generated key should be unique
3. The system then responds with the License Key, err (as applicable) to the source
4. The system raises an alert in case of exceptions

B. Regenerate MISP License Key

Upon receiving a request to regenerate License Key with the input parameter, such as MISP Admin Username, MISP Admin Password/Security token, and MISP License Key, the system performs the following steps:

1. Validates if the MISP License Key is active.
2. Validates if the status of the MISP License key is expired.
3. Generates a new license key and associates expiry (configurable) to the License key. The default period is 6 months
4. Sets the default status of MISP License Key as active.
5. Responds with the parameter, such as MISP License Key, MISP License key Status, MISP License Key expiry, err (as applicable).

3. Partner Activities [↑]

3.1 Registration [↑]

A. Create Auth/E-KYC Partners

Upon receiving a request to create Partner with the input parameters, such as Partner Organization Name, Partner Contact Number, Partner Email ID, and Partner Address Policy Group, the system performs the following steps:

1. Validates if a partner is not registered earlier using the same Partner Organization Name in the policy group.
2. Generates Partner ID.
3. Sets the default status of Partner as active.
4. Responds with the parameters, such as Partner ID, Partner status, err (as applicable).
   • Partner ID generated will be the partner User Name.

B. Retrieve Auth/E-KYC Partners

Upon receiving a request to retrieve Partner with the input parameters, such as Partner Username and Partner Password/Security token, the system performs the following steps:

1. Validates the credentials of the partner, such as Partner Username and Partner Password/security token.
2. Fetches the data based on exact match of Partner Username/Partner ID.
3. Responds with the parameters, such as PartnerID, Partner status, Partner Organization Name, Partner Contact Number, Partner Email ID, Partner Address, and err (as applicable).

C. Update Auth/E-KYC Partners

Upon receiving a request to update Partner with the input parameters, such as Partner Username, Partner Password/security token, Partner Organization Name, Partner Contact Number, Partner Email ID, and Partner Address, the system performs the following steps:

1. Validates the credentials of the partner, such as Partner Username and Partner Password/security token.
2. If Partner Organization Name is provided for update, the system validates if the provided Partner Organization Name is not registered earlier for an entity in the policy group.
3. Updates the input data provided based on the located Partner ID (Partner Username).
4. Responds with the parameters, such as status message, and err (as applicable).

3.2 API Key Management [↑]

A. View policies available for policy group to place a request for a partner API key

Upon receiving a request to fetch a Policy with input parameters, such as Partner Username, Partner Password/security token, the system performs the following steps:

1. Validates the credentials of the partner, such as Partner Username and Partner Password/security token.
2. Retrieves all the active policies defined for the Policy Group.
3. Responds to the source with the attributes, such as Policy ID, Policy Name, Policy Description, and Policy file for all the policies retrieved.

B. Submit Partner API key request

Upon receiving a request to submit Partner API key request with input parameters, such as Partner Username, Partner Password/security token, Policy Name, and Use Case Description, the system performs the following steps:

1. Validates the credentials of the partner, such as Partner Username and Partner Password/security token.
2. Generates Partner API key Request Number and sets the default status to ‘In Progress’.
3. Responds to the source with the attributes, such as Partner API key Request Number, and err (as applicable).

C. View Partner API key status

Upon receiving a request to view Partner API key status with the input parameters, such as Partner Username, Partner Password/security token, Partner API key Request Number, the system performs the following steps:

1. Validates the credentials of the partner, such as Partner Username and Partner Password/security token.
2. Retrieves the status of the Partner API key Request Number. The status can be ‘In Progress', ‘Approved’, ‘Rejected’, 'Issued’
3. Validates if the status is ‘Issued’ then retrieves the Partner API key corresponding to the Partner API key Request Number.
4. Responds to the source with the attributes, such as Partner API key Request Status, Partner API key and Partner API key Time Validity (as applicable), and err (as applicable).

3.3 Certificate Management [↑]

A. Upload Partner digital certificate

Upon receiving a request to upload digital certificate with the input parameters, such as Partner Username, Partner Password/security token, and Partner Digital Certificate, the system performs the following steps:

1. Validates the credentials of the partner, such as Partner Username and Partner Password/security token.
2. Sends the reference of the digital certificate to be stored in kernel.
3. Sends the response with status and err (as applicable).

B. Download MOSIP digital certificate

Upon receiving a request to download digital certificate with the input parameters, such as Partner Username and Partner Password/security token, the system performs the following steps:

1. Validates the credentials of the partner, such as Partner Username and Partner Password/security token.
2. Integrates with kernel component to retrieve MOSIP digital certificate.
3. Sends the response with MOSIP Digital Certificate and err(as applicable).

4. Policy Manager Activities [↑]

4.1 Policy Management [↑]

4.1.1 Creation and Publication of Authentication Policies [↑]

Upon receiving a request to create a Policy with input parameters (Policy Manager Username, Policy Manager Password, Policy Name, Policy Description, and Policy File), the system performs the following steps:

1. Validates the credentials of the Policy Manager.
2. Validates if the policy file contains only the authentication types supported in MOSIP.
3. Validates if the policy file contains only the eKYC attributes supported in MOSIP.
4. Creates a policy and store the policy attributes and associate the policy created to the Policy Group of the Policy Manager.
5. The status of the policy will be set as ‘Active’ by default.
6. Sends the response with ‘Policy ID’, ‘Policy Status’

4.1.2 List, View, Add, Edit, Activate, Deactivate Policies [↑]

A. Retrieve Auth/E-KYC Policy

Upon receiving a request to fetch a Policy with input parameters (Policy Manager Username, Policy Manager Password, and Policy Name), the system performs the following steps:

1. Validates the credentials of the Policy Manager
2. Fetches the data based on a complete/partial match of Policy Name and the Policy Group of the Policy Manager
3. If the input parameter received is null or empty, then fetches all the data of the Policies of the Policy Group of the Policy Manager.
4. Responds to the source with the attributes, such as Policy ID, Policy Name, Policy Description, Policy Status, and Policy file.

B. Update Auth/E-KYC Policy

Upon receiving a request to update a Policy with input parameters (Policy Manager Username, Policy Manager Password, Policy ID, Policy Name, Policy Description, and Policy File), the system performs the following steps:

1. Validates the credentials of the Policy Manager
2. Validates if the policy file contains only the authentication types supported in MOSIP.
3. Validates if the policy file contains only the eKYC attributes supported in MOSIP.
4. Validates if the Policy ID and the Policy Manager belong to the same Policy Group.
5. Updates the policy details based on the Policy ID and the other request parameters
6. Responds to the source with the required success message.

C. Deactivate Auth/E-KYC Policy

Upon receiving a request to update a Policy with input parameters (Policy Manager Username, Policy Manager Password, Policy ID, and Policy Status), the system performs the following steps:

1. Validates the credentials of the Policy Manager.
2. Validates if the Policy ID and the Policy Manager are associated to the same Policy Group.
3. Responds to the source with the required success message.

4.1.3 Filtered by Policy Group (Regulator) [↑]

5. Partner Manager Activities [↑]

5.1 Partner Management [↑]

A. Activate/Deactivate Auth/E-KYC Partners

Upon receiving a request to update the partner status with the input parameters, such as Partner Manager Username, Partner Manager Password/security token, Partner ID, and Partner Status, the system performs the following steps:

1. Validates the credentials of the partner, such as Partner Manager Username and Partner Manager Password/security token.
2. Validates if Partner ID is valid.
3. Validates if Partner ID belong to the policy group of the Partner Manager.
4. After all the validations are performed, the system updates the ‘Partner Status’ for the requested Partner ID and responds with the status message.

B. View Auth/E-KYC Partners

Upon receiving a request to retrieve the Partner with the input parameters, such as Partner Manager Username and Partner Manager Password/Security token, the system performs the following steps:

1. Validates the credentials of the partner, such as Partner Manager Username and Partner Manager Password/security token.
2. Retrieves the policy group of the Partner Manager.
3. Fetches all the partner details of the partners registered in the policy group.
4. Then the system responds with the parameters, such as PartnerID, Partner status, Partner Organization Name, Partner Contact Number, Partner Email ID, Partner Address, and err (as applicable).

5.1.1 Filtered by Policy Group (Regulator) [↑]

A. View Partner API key requests based on 'policy group'

Upon receiving a request to retrieve the Partner API key with the input parameters, such as Partner Manager Username and Partner Manager Password/Security token, the system performs the following steps:

1. Validates the credentials of the partner, such as Partner Manager Username and Partner Manager Password/security token.
2. Retrieves the policy group of the Partner Manager.
3. Fetches all the partner API key requests of the partners registered in the policy group.
4. Then the system responds with the parameters, such as PartnerID, Partner status, Partner Organization Name, Policy Name, Use Case Description, Partner API key Request Number, err (as applicable).

B. Approve/Reject Partner API key requests based on 'policy group'

Upon receiving a request to retrieve the Partner API key with the input parameters, such as Partner Manager Username, Partner Manager Password/Security token, Partner API key Request Number, and Partner API key Request Status, the system performs the following steps:

1. Validates the credentials of the partner, such as Partner Manager Username and Partner Manager Password/security token.
2. Validates if the Partner API key Request Number is available in the database.
3. Retrieves the policy group of the Partner Manager.
4. Validates if the Partner API key Request Number is from the partner of the same policy group.
5. Updates the Partner API key Request Status in the request for the Partner API key Request Number.
6. Validates if the status to be updated is ‘Approved’ and generates a Partner API key.
7. Then the system responds with the parameters, such as status, Partner API key (as applicable), Partner API key status (as applicable), and err (as applicable).

5.2 Partner Policy Assignment [↑]

A. Generate Partner API key

Upon receiving a request to generate Partner API key, the system performs the following steps:

1. Generates Partner API key as per the defined logic mentioned below:
   • Partner API key Generation must follow a random generation pattern
   • Partner API key must be alphanumeric
   • Partner API key generated must be of length of 6 digits
2. Responds with the Partner API key, err (as applicable) to the source.
3. In case of exceptions, system triggers the relevant error messages.

B. Retrieve Auth/E-KYC Policy for policy group to assign relevant policy to partner API key

Upon receiving a request to fetch a Policy with the input parameters, such as Partner Manager Username, Partner Manager Password, and Policy Name, the system performs the following steps:

1. Validates the credentials of the Policy Manager.
2. Validates if the policy name is available in the database.
3. Fetches the data based on a complete/partial match of Policy Name and the Policy Group of the Partner Manager
4. If the input parameter received is null or empty, then the system fetches all the data of the Policies of the Policy Group of the Partner Manager.
5. Responds to the source with the attributes, such as Policy ID, Policy Name, Policy Description, Policy Status, and Policy file.

C. Create “Partner API key to Policy” Mappings

Upon receiving a request to retrieve Partner API key requests with the input parameters, such as Partner Manager Username, Partner Manager Password/Security token, Partner API key, and policy ID, the system performs the following steps:

1. Validates the credentials of the partner, such as Partner Manager Username and Partner Manager Password/security token.
2. Validates if the policy ID and partner API key are available in the database.
3. Retrieves the partner ID, who has placed the request for the partner API key.
4. Validates if the policy ID and the partner ID belong to the policy group of the Partner Manager.
5. Assigns the policy ID to the Partner API key.
6. Retrieves the status of the Partner API key request number.
7. Updates the status of the Partner API key request number to ‘Issued’
8. Sets the status of the Partner API key to ‘active’.
9. Then the system responds with the parameters, such as status, err (as applicable).

D. Retrieve “Partner API key to Policy” Mappings

Upon receiving a request to retrieve Partner API key requests with the input parameters, such as Partner Manager Username, Partner Manager Password/Security token, and Partner API key, the system performs the following steps:

1. Validates the credentials of the partner, such as Partner Manager Username and Partner Manager Password/security token.
2. Validates if the Partner API key is available in the database.
3. Validates if the Partner API key was issued by the Partner Manager (belongs to the same policy group of the Partner Manager).
4. Fetches the data based on a complete match of Partner API key of the Partner Manager.
5. If the input parameter received is null or empty, the system fetches the policy of all the Partner API keys of the Policy Group of the Partner Manager.
6. Then the system responds with the parameters, such as policy ID, err (as applicable) for the partner API keys retrieved.

E. Activate/deactivate Partner API key based on 'policy group'

Upon receiving a request to retrieve Partner API key requests with the input parameters, such as Partner Manager Username, Partner Manager Password/Security token, Partner API key, and Partner API key status, the system performs the following steps:

1. Validates the credentials of the partner, such as Partner Manager Username and Partner Manager Password/security token.
2. Validates if the Partner API key is available in the database.
3. Retrieves the policy group of the partner who is issued the Partner API key.
4. Validates if the policy group of the Partner Manager is same as that of the Partner
5. Updates the status of the Partner API key and then responds with the parameters, such as status, err (as applicable).

F. Update Partner API key to Policy Mappings

Upon receiving a request to retrieve Partner API key requests with the input parameters, such as Partner Manager Username, Partner Manager Password/Security token, Partner API key, old policy ID, and new policy ID, the system performs the following steps:

1. Validates the credentials of the partner, such as Partner Manager Username and Partner Manager Password/security token.
2. Validates if the Partner API key is available in the database.
3. Validates if old policy ID is available in the database.
4. Validates if new policy ID is available in the database.
5. Validates if the Partner API key is assigned the old policy ID.
6. Retrieves the partner ID who has placed the request for the partner API key.
7. Validates if the new policy ID and the partner ID belong to the policy group of the Partner Manager.
8. Unassigns the old policy ID from the Partner API key.
9. Assigns the new policy ID to the Partner API key.
10. Retrieves the status of the Partner API key request number.
11. Updates/retains the status of the Partner API key request number to ‘Issued’ if the policy is successfully assigned.
12. Updates/retains the status of the Partner API key to ‘active’ if the policy is successfully assigned.
13. Responds with the parameters, such as status, err (as applicable).

6. Impact on Authentication

A. ID Authentication Validates MISP License key

Upon receiving a request from ID Authentication to check the status of MISP License Key with input parameter (MISP License Key), the system performs the following steps:

1. Validates if the status of the MISP License Key is active.
2. Retrieves the MISP status corresponding to the MISP License key in the request.
3. Validates if the status of MISP is active.
4. Responds with the parameters, such as status, err (as applicable).

B. ID Authentication retrieves policy of a partner with partner-ID and partner API key

Upon receiving a request from ID Authentication to retrieve the policy with input parameters (Partner ID and Partner API key), the system performs the following steps:

1. Validates if the status of the Partner ID is active.
2. Validates the length and pattern of the Partner API Key.
3. Validates if the status of Partner API Key is active.
4. Validates if the Partner API key belong to the partner.
5. Retrieves the policy ID mapped to the Partner API key.
6. Responds with the parameters, such as policy ID, Policy Name, Policy Description, Policy Status, Policy file, and err (as applicable).

List of Configurable Parameters and Processes [↑]

1. Configurable Parameters

• (Work in Progress)

2. Configurable Processes

• (Work in Progress)

Partner Management API [↑]

• (Work in Progress)

Process View [↑]

• (Work in Progress)