The Finnish Trust Network (FTN) is a framework which allows application providers to enter into a single contract and a single integration to make use of multiple identity device providers.

In this article, I have maintained consistency with the terms used by the FTN – ‘Identification Device Provider’ and ‘Identification Broker Service’. For clarification:

  • Identification Device Provider – in SAML terminology this is ‘Identity Provider (IdP)’, in OpenID Connect this is ‘OpenID Provider (OP)’
  • Identification Broker Service – this is basically an IdP Proxy and Discovery Service

The main difference between the two is that an ‘Identification Device Provider’ is connected to a user repository or other service that stores credentials required to authenticate users.

This Finnish scheme means that app providers don’t need to make multiple contracts for their multiple identification device provider needs. Instead, app providers sign a single contract with, and integrate with, a single identity brokering service.

The Finnish Trust Network consists of providers of strong electronic identification services. Within the FTN, providers act in one of two roles: identification device providers and/or identification broker services. In many cases, a provider can act in both roles.

Identification device providers are required to implement multi-factor authentication (MFA) to strongly identify users. The result of such authentication represents a verified individual and typically contains a user’s name and Finnish personal identification code (HETU). Identity brokers are expected to pass this information through to application providers.

Why was the Finnish Trust Network formed and what has it replaced?

The Finnish Trust Network was formed in 2017 to meet new requirements – both regulatory and competition-led.

  • Regulation – in particular the ‘eIDAS Regulation’ set by the European Commission and ‘Regulation 72’ set by the Finnish Transport and Communications Agency (Traficom).
  • Competition – to enable and encourage competition in identification services, thereby advancing the identity industry.

Before the Finnish Trust Network came about there was the TUPAS identification service, which was only provided by Finnish Banks. One main driver for change is that the (almost 20 years old) TUPAS system no longer complies with the new cryptographic and other security requirements of the relevant regulations. The FTN specifications are implemented as profiles of open industry standards – SAML and OpenID Connect – whereas TUPAS was more proprietary.

What is Ubisecure’s role in the Finnish Trust Network?

Ubisecure actively contributes to the work group that was formed by Traficom to create technical specifications for interoperability in the Finnish Trust Network.

Ubisecure’s Identity Platform is used by customers in all roles within the Finnish Trust Network. There are identity device providers, identify brokering services and application providers using the Ubisecure Identity Platform to both produce and consume Finnish Trust Network services.

One such example is Telia Company, who won a European Identity and Cloud award this year for their Identity Brokering Platform, which is built with the Ubisecure Identity Platform at its core. Read more about the project here.

What happens next?

Actors within the Finnish Trust Network are working to get their services to meet criteria and become available and accessible for application providers.

The TUPAS identification service is expected to terminate by the end of September 2019, which clearly means significant changes for many customers of TUPAS services.

Many other European countries are also creating national identification services. As things start to stabilise on a national level, we are going to see an increasing number of cross-border identification services.

If you are interested in making use of the Finnish Trust Network as an identification device provider and/or identification broker service, Ubisecure can help point you in the right direction. Get in touch here.

 

Further reading

Traficom’s information page on Electronic Identification (available in Finnish, Swedish and English): https://www.kyberturvallisuuskeskus.fi/en/electronic-identification

Finance Finland’s information on e-Identification (again, available in the same three languages): http://www.finanssiala.fi/en/payment-services/Pages/e-Identification.aspx

English translation of the Finnish Act on Strong Electronic Identification and Electronic Signatures: https://www.finlex.fi/en/laki/kaannokset/2009/20090617