Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

Expand
titleContents
Table of Contents
maxLevel2

...

Certificates

A digital certificate is used as a proof of identity, and can be compared to a driver’s license or a passport.

Expand
titleMore

In the Lequinox® platform, all personal

identities

accounts, role accounts, application accesses and server accounts have three certificates used for authentication, encryption and signing. The Lequinox platform uses self-signed X.509 certificates.

Expired certificates

Every certificate has a set validity period, and once it has expired, it is no longer accepted in the Lequinox platform and needs to be renewed. For example, a sign certificate generally has a validity period of three years.

Expand
titleMore

When the certificates of a server account – the digital identity of an application, representing its owner – are about to expire, users with organisation administration access receive an email informing them that the validity of the server account is about to expire. The certificates are renewed in the Lequinox console.

Read more on how to renew an existing server account certificate.

...

Console administration levels

Info

The administration level applies to internal role accounts and is set when an account is created.

Organisation user

The lowest console administration level.

Expand
titleMore

Accounts with the administration level ‘Organisation user’:

  • Have access to transactions they have taken part in when they go to Archive in the top navigation bar.

  • Have access to the account overview.

Organisation administrator

The highest console administration level for a connected organisation.

Expand
titleMore

Accounts with the console administration level ‘Organisation administrator’:

  • Can do everything that accounts with the administration levels ‘Organisation user’ can do.

  • Can create and edit roles and role accounts, and add new applications, user groups and server accounts.

  • Can see detailed information about all the organisation's transactions in the archive.

  • Are authorised to edit information on their organisation under Settings.

  • Can add

    role and

    application agreements.

  • Has access to create statistical reports on a recurring basis.

Platform administrator

The highest console administration level, reserved for the platform owner. This administration level is not available to connected organisations.

Expand
titleMore

Accounts with the console administration level ‘Platform administrator’:

  • Can do everything that accounts with the administration level ‘Organisation administrator’ can do.

  • Can also

    add new

    connect organisations, but for integrity reasons they cannot not view their roles, role accounts, applications or transactions.

...

User accounts

...

In the platform, a user account can be represented in the form of an internal or external role account, an external personal account (in the REST API referred to as an external personal identity) or a server account. As such, a user account is either of the private, organisation (referred to as corporate in the REST API) or server type. The private and corporate organisation types can be provided with application accesses within or between platforms. In addition to these, the private and corporate . The organisation user account types are backed by a personal account (in the REST API referred to as a personal identity) account, which acts as a witness in transactions. 

Role accounts and external personal identities must be configured as platform-managed. These, in turn, may be connected to a platform-managed access.

Info

A server account is platform-managed by design and cannot have a supporting personal identity or any accesses.

...

Role accounts

A role account is used as an identifier for a user in an organisation in the Lequinox platform. When created, a role account is assigned a role, and – if it is an internal account – a console administration level as well.

...

.

Expand
titleMore

Accounts with the console administration level Organisation and Platform administrators can Platform administrator can add and edit role accounts (but not their own).  Organisation users do not have access to the Role accounts page.Organisation and Platform administrators can invite a new user to the Lequinox console by creating a role account for them. In the process, they also assign the user an organisation role and decide the console administration level of the account. Accounts with the console administration level Organisation user only have access to their transaction archive.

Internal vs external role accounts
Anchor
internalVsExternal
internalVsExternal

Internal role accounts are primarily intended for users closely linked to your organisation, like employees. External role accounts are intended for users that are not part of your organisation, like contractors, vendors or corporate customers, but  but with whom you want to interact with them via Lequinox-enabled applications and to get traceability for these interactions. 

Expand
titleMore
  • Internal role accounts can

    only

    be created via the Lequinox console, but not via the platform REST API.

  • External role accounts can be created

    through

    via the Lequinox console, as well as via a Lequinox-enabled application using functions

     in

    in the Lequinox platform REST API.

Server accounts

A server account is an account representing the owner of a Lequinox-enabled application, and provides an application with an identity in the platform. A server account can be a creator or a recipient of a transaction, and can be used for automated tasks like opening and signing a transaction, and checking participant status.

...

Roles

When a role account is created, it must be assigned to one of the available roles. To activate their account and their role, the user must sign the agreement connected to that role. Accounts with the console administration levels Organisation and Platform administrator can can add and edit internal and external roles associated with the organisation they belong to. Roles must also be connected to their respective agreements

A role is internal or external, depending on whether it is to be assigned to internal role accounts or external role accounts.

...

.

Expand
titleMore
  • Internal role accounts can

    only

    be created via the Lequinox console, but not via the platform REST API.

  • External roles can be created via the Lequinox console as well as from a Lequinox-enabled application using functions in the platform REST API.

Info

External personal accounts cannot be assigned any role.

...

Transactions

Info

The term transactions does not refer to financial transactions, but traceable transfers of data with integrity intact.

The Lequinox platform allows users or applications to create, send and open encrypted transactions via Lequinox-enabled applications. Transactions also include a number of services that affect what a transaction creator or participant can and cannot do, and when. 

Expand
titleMore

The developer decides – together with stakeholders – which services should be activated or not for a transaction and, when applicable, which values should apply. Read more about transactions on the developer concepts page.

Info
The term transactions does not refer to financial transactions, but traceable transfers of data with integrity intact

.