Skip to main content

3rd January 2023

Delegation system - Case study

The Digital Iceland authentication and delegation system is constantly evolving. In our analysis work, we saw that users made strong demands to log in and access services on behalf of others.

veldu-notanda-rectangle

The delegation system is based on the philosophy that an individual authenticates himself/herself with an electronic ID and performs actions either for himself/herself or on behalf of other parties, such as a legal entity.

The system is implemented with open standards, such as OIDC and OAuth2, which makes it simpler for organizations to integrate Ísland.is sign-in with open source tools. In addition, the system creates personalized access codes (ID Token and Access Token) that can be used to identify users and access control functionality, all the way from interfaces to backends as well as between organizations. This architecture enables us to protect APIs and personal data much more safely than before.

The project was carried out in stages and is a collaboration between many suppliers.

Key milestones:

July 2021 - Individuals can log-in to My pages

A new log-in system was implemented on the new Ísland.is My pages. In the new log-in system, users can choose to log on with an electronic phone identification, with the app's identity, and with card identification.

April 2022 - Personal delegations

Individuals can give authorisation to others to view their data on Ísland.is My pages. For example, a person may wish to share his/her Digital Mailbox with a family member who could thus keep track of new documents received there.

June 2022 - Companies can log in to My pages

Procuring holders for businesses and legal entities such as institutions and municipalities can now sign in to Ísland.is My pages. They can then, for example, view the Digital Mailbox and finances for their companies on My pages.

June 2022 - Parents can log in to My pages

Parents can log in on behalf of their children on Ísland.is My pages. Family connections are retrieved from the custody of the Register of the National Registry.

July 2022 - Corporate delegations

Procuring holders may authorise others to view their company's data on Ísland.is My pages. For example, the procuring holder may wish to share their company's financial statement with his or her accountant.

August 2022 - Parents can log in to other systems

Parents can now log on on behalf of their children in the patient app of Landspítali (The National University Hospital of Iceland). This was a close cooperation between Digital Iceland and Landspítali to integrate the Ísland.is authentication and delegation system.

October 2022 - Personal spokespersons for the disabled

A personal spokesperson can now log on to Ísland.is My pages on behalf of those he/she assists. This is based on special agreements managed by the Centre for the Rights of Disabled, which specify such rights.

November 2022 - Access manager role

Now procuring holders of companies can specify other users as access managers. They can then give others the right to view data on Ísland.is My pages on behalf of the company.

December 2022 - Delegations for other systems

The delegation system has been opened up for other systems. The first integration was with Landspítali, where individuals can give authorisation to others to view their data in the patient app.

December 2022 - Interface improved

The interface for authorizing access was improved with user experience as a guiding principle. A new feature was also added, where the user can now see a list of all delegations they have and why. Users can then delete delegations that has been given to them.

Work will continue in adding a way for users to see where others have logged in on their behalf. We are also working on functionality that allows users to give organisations consent to retrieve specific data on their behalf.

Similarly, we will continue to integrate the Ísland.is authentication and delegation system across government agencies.

Service owner:

  • Digital Iceland

Development teams:

  • Aranja

  • Fuglar

  • Prógramm

Induction team:

  • Origo

adgangsstyring