Service catalog submission

A service catalog is a file specifying the level assigned to each of your services. The catalog can include details of multiple services and levels. Further information about the service catalog is available here: https://afsprakenstelsel.etoegang.nl/display/as/Service+catalog

A service catalog is created by pasting the following information into a text file, and then completing the various fields.

<?xml version="1.0" encoding="UTF-8"?>
<esc:ServiceCatalogue xmlns:esc="urn:etoegang:1.13:service-catalog" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
esc:IssueInstant="2019-12-28T10:19:57Z" esc:Version="urn:etoegang:1.13:53"
ID="198d678c-239e-43c4-acf7-b4f6f1f6d8c0">
<esc:ServiceProvider esc:IsPublic="true">
<esc:ServiceProviderID><!--OIN van organistatie--></esc:ServiceProviderID>
<esc:OrganizationDisplayName xml:lang="nl"><!--Naam van organistatie--></esc:OrganizationDisplayName>
<esc:ServiceDefinition esc:IsPublic="true">
<esc:ServiceUUID><!--unieke ID genereren via uuidgenerator.net--></esc:ServiceUUID>
<esc:ServiceName xml:lang="nl"><!--Naam van de Service--></esc:ServiceName>
<esc:ServiceName xml:lang="en"><!--Naam van de Service--></esc:ServiceName>
<esc:ServiceDescription xml:lang="nl"><!--Beschrijving van de Service--></esc:ServiceDescription>
<esc:ServiceDescription xml:lang="en"><!--Beschrijving van de Service--></esc:ServiceDescription>
<esc:ServiceDescriptionURL xml:lang="nl">http://example.etoegang.nl</esc:ServiceDescriptionURL>
<saml:AuthnContextClassRef>urn:etoegang:core:assurance-class:<!--Loa van de Service--></saml:AuthnContextClassRef>
<esc:HerkenningsmakelaarId>00000003244440010000</esc:HerkenningsmakelaarId>
<esc:EntityConcernedTypesAllowed>urn:etoegang:1.9:EntityConcernedID:KvKnr</esc:EntityConcernedTypesAllowed>
<esc:ServiceRestrictionsAllowed>urn:etoegang:1.9:ServiceRestriction:Vestigingsnr</esc:ServiceRestrictionsAllowed>
</esc:ServiceDefinition>
<esc:ServiceInstance esc:IsPublic="true">
<esc:ServiceID>urn:etoegang:DV:<!--OIN -->:services:<!--Service Index--></esc:ServiceID>
<esc:ServiceUUID><!--unieke ID genereren via uuidgenerator.net--></esc:ServiceUUID>
<esc:InstanceOfService><!-- UUID of service definition--></esc:InstanceOfService>
<esc:ServiceURL xml:lang="nl">vul hier een service url in</esc:ServiceURL>
<esc:ServiceURL xml:lang="en">vul hier een service url in</esc:ServiceURL>
<esc:PrivacyPolicyURL xml:lang="nl">vul hier een privacy url in</esc:PrivacyPolicyURL>
<esc:PrivacyPolicyURL xml:lang="en">vul hier een privacy url in</esc:PrivacyPolicyURL>
<esc:HerkenningsmakelaarId>00000003244440010000</esc:HerkenningsmakelaarId>
<esc:SSOSupport><!-- a boolean that indicates if the service supports SingleSignOn --></esc:SSOSupport>
<esc:ServiceCertificate>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo>
<ds:KeyName>..............</ds:KeyName>
<ds:X509Data>
<ds:X509Certificate>..............</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
</esc:ServiceCertificate>
</esc:ServiceInstance>
</esc:ServiceProvider>
</esc:ServiceCatalogue>

Your finished file should be sent to technicalsupport@connectis.nl. Connectis will then update the eHerkenning and eIDAS network accordingly.

Classifier

The Classifier is used to connect your service to eHerkenning or eIDAS.

Classifier

Description

No <Classifier> element

The service is connected to eHerkenning.

A <Classifier> element with <Classifier>eIDAS-inbound<Classifier>, as in the example

The service is connected to eIDAS.

EntityConcernedTypesAllowed

The EntityConcernedTypeAllowed field is used to specify the type or types of users who can log in to your service. Various types are possible, depending on whether the service is connected to eHerkenning or eIDAS.

eHerkenning

With eHerkenning, the following EntityConcernedTypesAllowed can be used.

EntityConcernedType

Description

EntityConcernedID:RSIN

This option is used if the user is to be identified from the Legal Persons and Partnerships Identification Number of the service user/intermediary that the user represents.

EntityConcernedID:KvKnr

The Trade Register number of the service user/intermediary that the user represents, or an equivalent number.

ServiceRestriction:Vestigingsnr

This option can be used only in combination with EntityConcernedID:KvKnr.

The branch number (new format) of the represented service user.

If you enter ServiceRestriction:Vestigingsnr in the EntityConcernedTypeAllowed field, users can log in even if they are subject to a restriction in the authorisations register, allowing them to access the service only on behalf of a particular branch. You, the service provider, must enforce the restriction within your application, so that the user is able to act only on behalf of the branch specified in the response.

eIDAS

EntityConcernedType

Description

EntityConcernedID:eIDASLegalIdentifier

An identifying characteristic that is used to identify a Non-Natural Person in eHerkenning via eIDAS within Electronic Access Services.

EntityConcernedID:Pseudo

Used to identify a consumer within eIDAS.

RequestedAttributes

The RequestedAttributes option is used to request additional information about the users accessing your service. Use of RequestedAttributes is optional. Within eHerkenning, provision of the requested attributes is not guaranteed. In eIDAS, however, you are always assured of receiving the requested attributes in incoming responses, providing that they are mandatory attributes. Optional attributes are provided only if they are available for the user in question.

See the trust framework's Attribute Catalogue for more information:

Natural Persons Attribute Catalogue

Non-natural Persons Attribute Catalogue

Generic Attribute Catalogue

<esc:EntityConcernedTypesAllowed>urn:etoegang:1.9:EntityConcernedID:Pseudo</esc:EntityConcernedTypesAllowed>
<esc:RequestedAttribute Name="urn:etoegang:1.9:attribute:FirstName" isRequired="true">
<esc:PurposeStatement xml:lang="en">For testing purposes.</esc:PurposeStatement>
<esc:PurposeStatement xml:lang="nl">Voor testdoeleinden.</esc:PurposeStatement>
</esc:RequestedAttribute>
<esc:RequestedAttribute Name="urn:etoegang:1.9:attribute:FamilyName" isRequired="true">
<esc:PurposeStatement xml:lang="en">For testing purposes.</esc:PurposeStatement>
<esc:PurposeStatement xml:lang="nl">Voor testdoeleinden.</esc:PurposeStatement>
</esc:RequestedAttribute>
<esc:RequestedAttribute Name="urn:etoegang:1.9:attribute:DateOfBirth" isRequired="true">
<esc:PurposeStatement xml:lang="en">For testing purposes.</esc:PurposeStatement>
<esc:PurposeStatement xml:lang="nl">Voor testdoeleinden.</esc:PurposeStatement>
</esc:RequestedAttribute>