Identity as a Service overview
This documentation is intended for any Subscribing organisation or service that intends to become a relying party or service provider that uses the Mydex Identity as a Service to replace their existing username and password services or to add Mydex into their supported Identity Providers.
Background
Mydex is an ISO27001 certified company and acts as an identity service provider in two specific capacities:
- On behalf of Subscribing organisations who are seeking to get out of the management of usernames and passwords and embrace a secure federated identity service model. These Subscribing organisations can select one or more preferred protocols (SAML and OpenIDConnect) that will fit in with their own security policy and preferences.
- On behalf of its members (individuals) by providing a privacy protecting reusable MydexID they can use across the internet to gain access to services that support open protocols. The aim is to put an end to the proliferation of multiple usernames and passwords issued by all sorts of organisations with all of the attending risks and issues around management of these.
- The MydexID supports a range of open standards based identity protocols: SAML and OpenIDConnect. This means our members can use it wherever these standards are supported.
- The MydexID is privacy protecting because all activity undertaken with a MydexID is recorded in the members personal data store and not shared with anyone unless the individual specifically chooses to share it via a trusted connection across the Mydex Trust Framework.
- The MydexID also ensures the individual/member controls what data is shared with third parties and provides them with the ability to revoke access directly themselves at anytime.
- This self-sovereign MydexID is the individual's for life. They control where and when it is used and can attach whatever information they wish to it to support online transactions.
- Registration services
- Authentication services including support single sign on
- Password reset and change
- Personal usage logging and tracking for the individual
- Can be integrated with Mydex Personal Data Services for storage of profiles and preferences and to access other personal data held by the citizen in their personal data store
- SAML based profiles - for registration and authentication
- OpenIDConnect profiles for authentication wherever an OpenID is supported
The key differentiation is that the MydexID is centred on the individual, self-sovereign and can be used in any context of their life for personal, business and civic engagement. The MydexID ensures that the individual remains in control of their digital identity at all times.
Mydex, as a community interest company, provides services to individuals free of charge at all times which means the MydexID and underpinning personal data store is available, free of charge, for life.
Subscribing organisations pay an initial connection fee per service connected to our identity services and a pay-as-you-go connection fee per individual they connect with. Ongoing support fees are calculated as a percentage of the total connection fees paid annually on anniversary.
Summary overview IDaaS features
The Mydex IDP API supports a number of basic functions as follows:
We can support the following protocols: