Authorization Certificates
Article
Every electronic citizen service requires an authorization certificate for the reciprocal authentication between users and service providers.
- The authorization certificate is an electronic document checked by the ID card's chip before any data can be retrieved. It defines the personal and ID card data the service provider may retrieve from the user's ID card.
- To get an authorization certificate, service providers need an authorization by the authority responsible for issuing authorization certificates (VfB) at the Federal Office of Administration (BVA).
- With this public authorization, service providers can then purchase the necessary authorization certificates from an authorization certificates provider.
Since summer 2017, it is possible to use one authorization certificate for several services.
Another option is to commission an identification service provider with an authorization certificate in accordance with Section 21 b of the Act on Identity Cards and Electronic Identification who reads out personal and ID-related data from the ID card as a service.
Authorization certificates providers
Authorization certificates providers issue the technical authorization certificates for service providers. Authorization certificates providers
- have notified the VfB at the Federal Office of Administration of their service,
- are required to comply with the Policy and the Technical Guidelines published in the Federal Gazette by the Federal Office for Information Security (BSI).
Currently the following provider is accredited to issue authorization certificates:
If you want to embed the electronic function of the ID card in your service, please find more information here on how to do so.