The typical scenario is that some event will be triggered, or data will be read, updated, or created by a digital or analog service. A service owner owns this service and has defined some business rules for who is allowed to use the service.
This service needs to control who can access and modify data.
Altinn Authorization provides the capability to verify and enforce this.
User scenario Users and organizations get rights to access a service from defined rules and policies. »
What is the Altinn 3 Broker Transition Solution For broker service owners whose end users are reliant on using Altinn 2, but who wish to migrate their broker service to Altinn 3, Altinn is offering a Transition service. This enables communication between senders and receivers of files regardless of which Altinn Broker service they are integrated to.
This service will allow service owners to link an existing Altinn 2 service to an Altinn 3 resource, and to forward Altinn 2 Broker Service requests to the Altinn 3 Broker Service app while not substantially changing the Altinn 2 Broker Service End User experience. »
This is work in progress The access management will provide functionality to manage different aspects of authorization in Altinn.
Delegate and revoke Altinn 2 roles Add and remove membership for Access Groups Delegate App and instance rights Manage Delegatable Maskinporten API resources List access groups members List resources that is linked to access groups Delegation & Administration of Delegated API Access This functionality allows users to delegate access throug API with help of delegating access in maskinporten. »
Find out more Read more about Altinn Authorization
About Altinn Authorization About Altinn Authorization What do you get? Get started Create your first resource
Create your first resource »
As an example, a decision request could contain only userId and instanceId together with the action requested.
<?xml version="1.0" encoding="utf-8"?> <Request xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd" ReturnPolicyIdList="false" CombinedDecision="false" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"> <Attribute IncludeInResult="false" AttributeId="urn:altinn:user-id"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">15468</AttributeValue> </Attribute> </Attributes> <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"> <Attribute IncludeInResult="false" AttributeId="urn:altinn:instance-id"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">cbdc7b44-9442-4fe0-854b-da278bf0b0e</AttributeValue> </Attribute> </Attributes> <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"> <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Read</AttributeValue> </Attribute> </Attributes> <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" /> </Request> The enriched decision request contains all the needed attributes for subject and resource so PDP can identify the correct policy and evauluate the request based on it. »
About Altinn CorrespondenceWhat is Altinn 3 Correspondence?
What do you get?Main features of Altinn Correspondence
Getting Started with Altinn CorrespondenceTutorials for how to get started with Altinn 3 Correspondence, for service owners, senders and recipients
How-to-guidesHow-to-guides for Altinn 3 Correspondence
ConceptsExplanation of concepts related to Altinn 3 Correspondence
Reference documentationReference documentation for Altinn 3 Correspondence
News and plansNews and plans for development of Altinn 3 Correspondence. »
API Public API The following API controllers are defined:
AppController : publishes (store and forward) and retrieve app events EventsController : publishes (store and forward) and retrieve generic events SubscriptionController : creates, retrieves, validates and deletes event subscriptions Private API The API controllers listed below are exclusively for use within the Notification solution:
StorageController : saves incoming events to persistent storage (database) InboundController : pushes events to events-inbound queue OutboundController : identify and authorize event subscribers and push event and subscriber details to events-outbound queue WebhookReceiverController : provides end point to support automated testing of subscriptions Database Events data is persisted in a PostgreSQL database. »
En ressurs kan opprettes på nytt eller importeres fra en Altinn 2 lenketjeneste
Import fra Altinn 2 lenketjenester Hvis man har eksisterende lenketjenester i Altinn 2 som man benytter for ekstern autorisasjon må disse flyttes over til ressursregisteret i Altinn 3 plattformen.
I Altinn Studio kan man velge å opprette ny ressurser basert på eksisteren lenketjenste.
Velg importer ressurs
Migration Gi id som skal benyttes i Altinn ressourceregistret
Migration Når man trykker import opprettes det en ny ressurs i Altinn Studio i repositry til organisasjon. »
API Public API The following API controllers are defined:
OrdersController: API for retrieving one or more orders with or without processing details and notification summaries EmailNotificationsOrdersController: API for placing new email notification order requests EmailNotificationsController: API for retrieving email notifications related to a single order SmsNotificationsOrdersController: API for placing new sms notification order requests SmsNotificationsController: API for retrieving sms notifications related to a single order Internal API The API controllers listed below are exclusively for use within in the Altinn organization: »
In Altinn Platform there is currently no Policy Administration Point functionality, but Altinn Platform provides functionality used by the other Policy Administration Points in Altinn 3. The PRP provides API for storing policies and retrieving them.
Policy Administration Point for applications The authorization policy for apps is defined in Altinn Studio when developing the app.
See Policy Administration Point in Altinn Studio for details.
Delegated Policies Access Management component will allow end users to delegate rights to persons, enterprise users and organizations »
