IDP Service Introduction
This documentation is intended for any organisation or service that intends to use the Mydex Identity as Service to replace their existing username and password services or to add Mydex into their supported Identity Providers.
Mydex is an ISO27001 certified company and acts an identity service provider in two specific capacities:
- On behalf of its members (individuals) by providing a privacy protecting reusable MydexID they can use across the internet to gain access to services that support open protocols. The aim is to put an end to the proliferation of multiple usernames and passwords issued by all sorts of organisations with all of the attending risks and issues around management of these.
- The MydexID supports a range of open standards based identity protocols SAML and OpenIDConnect. This means our members can use it wherever these standards are supported.
- The MydexID is privacy protecting because all activity undertaken with a MydexID is recorded in the members personal data store and not shared with anyone unless the individual specifically chooses to share it via a trusted connection across the Mydex Trust Framework.
- The MydexID also ensures the individual/member controls what data is shared with third parties and provides them ability to revoke access directly themselves at anytime.
- This self sovereign MydexID is the individual's for life and they control where and when it is used and can attach whatever information they wish to it to support online transactions.
- On behalf of connecting organisations who are seeking to get out of the management of usernames and passwords and embrace a secure federated identity service model. These organisations can select one or more preferred protocols (SAML and OpenIDConnect) that will fit in with their own security policy and preferences. Mydex can also enable verified attribute exchange via trusted connections between individuals and organisations under a common data sharing agreement. These verified attributes can also form part of an identity assurance service that can deliver the following
- Verified proofs of claim e.g. entitlement, address, age, status on a number or key areas.
- Identity Assurance to recognised standards across the public and private sector
The key differentiation is that the MydexID is centred on the individual, self sovereign and can be used in any context of their life for personal, business and civic engagement. The MydexID ensures that the individual remains in control of their digital identity at all times.
Mydex as a community interest company provides services to individuals free of charge at all times which means the MydexID and underpinning personal data store is available for life free of charge.
Organisations pay an initial connection fee per service connected to our identity services and a pay as you go connection fee per individual they connect with. Ongoing support fees are calculated as a percentage of the total connection fees paid annually on anniversary.
Summary overview IDP API
The Mydex IDP API supports a number of basic functions as follows
- Registration services
- Authentication services including support single sign on
- Password reset and change
- Personal usage logging and tracking for the individual
We can support the following protocols
- SAML based profiles - for registration and authentication
- OpenIDConnect profiles for authentication wherever an OpenID is supported
Data Sharing via the Mydex PDS-API secure connections for personal profiles, verified attributes and access to identity assurance evidence.