:
Last modified: Mar 16, 2024

architecture

Access Management component

This is work in progress The access management will provide functionality to manage different aspects of authorization in Altinn. Delegate and revoke Altinn 2 roles Add and remove membership for Access Groups Delegate App and instance rights Manage Delegatable Maskinporten API resources List access groups members List resources that is linked to access groups Delegation & Administration of Delegated API Access This functionality allows users to delegate access throug API with help of delegating access in maskinporten. »

Authorization

The typical scenario is that some event will be triggered, or data will be read, updated, or created by a digital or analog service. A service owner owns this service and has defined some business rules for who is allowed to use the service. This service needs to control who can access and modify data. Altinn Authorization provides the capability to verify and enforce this. Users and organizations get rights to access a service from defined rules and policies. »

Altinn 3 Broker

This is work in progress Altinn Broker Introduction Introduction to the Altinn Broker Service Altinn 3 Broker Requirements Altinn 3 Broker Requirements Altinn 3 Broker Architecture Principles Altinn 3 Broker Architecture Principles Altinn 3 Broker Relevant Standards Altinn 3 Broker Relevant Standards Solution Architecture - Managed File Transfers Altinn 3 Broker Solution Architecture - Managed File Transfers (MFT) Altinn 3 Broker Advanced Use Cases Altinn 3 Broker Advanced Use Cases »

Components & Modules

In 2022-2026, Altinn will modernize its authorization architecture and components. Therefore, the below description is a mix of as-is and to-be. Altinn uses attribute-based access control (ABAC). In short, Altinn authorization control access through rules defined in XACML Policies. Each rule defines which resource the rule describes, what operation, and who can perform it. Altinn Authorization - Components The diagram below shows the future components of a new Altinn Architecture. »

Context Handler

As an example, a decision request could contain only userId and instanceId together with the action requested. <?xml version="1.0" encoding="utf-8"?> <Request xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd" ReturnPolicyIdList="false" CombinedDecision="false" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"> <Attribute IncludeInResult="false" AttributeId="urn:altinn:user-id"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">15468</AttributeValue> </Attribute> </Attributes> <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"> <Attribute IncludeInResult="false" AttributeId="urn:altinn:instance-id"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">cbdc7b44-9442-4fe0-854b-da278bf0b0e</AttributeValue> </Attribute> </Attributes> <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"> <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Read</AttributeValue> </Attribute> </Attributes> <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" /> </Request> The enriched decision request contains all the needed attributes for subject and resource so PDP can identify the correct policy and evauluate the request based on it. »

Altinn 3 Correspondence

This is work in progress Altinn 3 Correspondence Introduction Altinn 3 Correspondence Introduction Altinn 3 Correspondence Requirements Altinn 3 Correspondence Requirements Altinn 3 Correspondence Architecture Principles Altinn 3 Correspondence Architecture Principles Altinn 3 Correspondence Technical Standards Altinn 3 Correspondence Technical Standards Altinn 3 Correspondence Solution Architecture Altinn 3 Correspondence Solution Architecture Altinn 3 Correspondence Advanced use cases Altinn 3 Correspondence Advanced use cases Altinn 3 Correspondence Possible Future Extensions Altinn 3 Correspondence Possible Future Extensions »

Fremdriftplaner for modernisering av Altinn Autorisasjon

Innen juni 2025 så skal dagens Altinn løsning være modernisert og migrert til skyen. Det innebærer at mye av dagens løsning må utvikles på nytt. Overordnet målsetning for modernisering Autorisasjon skal være en selvstendig komponent og eget produkt Sikre en robust og sikker drift samtidig som vi understøtter stor vekst i bruken av autorisasjon. Øke endringstakten i Autorisasjon slik at veien fra behov til løsning blir raskere. Forbedre og forenkle brukerflyten slik at det blir enklere å administrere tilganger Tilby nye og moderne API som gjør det enklere å integrere mot og ta i bruk Altinn Autorisasjon som tilgangsstyringløsning for andre offentlige tjenester Hva skal gjøres? »

Migrering av lenketjenester fra Altinn 2

En ressurs kan opprettes på nytt eller importeres fra en Altinn 2 lenketjeneste Import fra Altinn 2 lenketjenester Hvis man har eksisterende lenketjenester i Altinn 2 som man benytter for ekstern autorisasjon må disse flyttes over til ressursregisteret i Altinn 3 plattformen. I Altinn Studio kan man velge å opprette ny ressurser basert på eksisteren lenketjenste. Velg importer ressurs Gi id som skal benyttes i Altinn ressourceregistret Når man trykker import opprettes det en ny ressurs i Altinn Studio i repositry til organisasjon. »

Notifications

API Public API The following API controllers are defined: OrdersController: API for retrieving one or more orders with or without processing details and notification summaries EmailNotificationsOrdersController: API for placing new email notification order requests EmailNotificationsController: API for retrieving email notifications related to a single order SmsNotificationsOrdersController: API for placing new sms notification order requests SmsNotificationsController: API for retrieving sms notifications related to a single order Internal API The API controllers listed below are exclusively for use within in the Altinn organization: »