Concepts

Accesses 

An access is an ID created to represent a relation between an application and a certain user via their role account or personal account. An access has separate keys which can sign transactions individually in order to create traceability for the application when a user acts in a role account or personal account. 

CDI REST API

The REST API is a web service interface for letting an application communicate with the Lequinox platform. It is used for handling roles, user accounts, server accounts, accesses and transactions. This API can be used for everything from business-to-business interaction where your application is interacting with users from other organisations, to business-to-consumer or consumer-to-consumer interaction where your application creates platform-managed external personal accounts and can create transactions between role accounts and personal accounts in a variety of interactions.

Lequinox-enabled applications

This refers to an application that is utilising Lequinox platform functionality.

Lequinox global ID

Anything that needs to be found and located in the Lequinox platform environment is given a global ID. The ID can refer to a role, a role account, a personal account, or an access.

Internal vs external

The internal and external concepts are applied to roles, role accounts and personal accounts (labelled "personal identities" in the REST API). Internal roles and internal role accounts are sometimes labelled proper roles and proper role accounts, in that they are more closely linked to the organisation. External roles and external role accounts are sometimes labelled substitute roles and substitute role accounts in that they exist in the absence of a proper role account in another Lequinox-validated organisation that the user would otherwise utilise via an access.

The basics around the concepts "internal" and "external" are that you are always looking at users from your own organisation, everything is done from the viewpoint of your own organisation on the platform. In this way, the Lequinox platform makes it possible for the organisation to have full legality from the organisation's own perspective, legally safeguarding their interactions with other parties. 

User accounts

In the platform, a user account can be represented in the form of an internal or external role account, an external personal account (in the REST API referred to as an external personal identity) or a server account. As such, a user account is either of the corporate, private or server type.

The corporate user account types are supported by a personal account, which acts as a witness in transactions. 

Role accounts and external personal accounts must be configured as platform-managed. These, in turn, may be connected to a platform-managed access. 

A server account is also platform-managed and cannot have a personal account or any accesses.

Role accounts

A role account identifies a user representing an organisation in the Lequinox platform. Behind it is a personal account (labelled a ‘personal identity’ in the REST API), which is linked to and works as an anchor for the role account. Please note that, despite its label in the API, the personal identity is not to be regarded as an ‘identity’ in the usual meaning of the word.

Internal role accounts

Internal role accounts are primarily intended for users within the application-owning organisation, like employees, with a certain mandate to administer and perform a set of actions within your organisation based on the agreements and authorisations tied to the account. 

External role accounts 

External role accounts are primarily intended for users in organisations that are not activated on a Lequinox platform. They can be contractors, advisers and the like, which are hired but not employed by the Lequinox platform-validated organisation.

Personal accounts

A personal account identifies a user that does not represent an organisation in the Lequinox platform, in other words, a natural person acting in their own capacity. Via their external personal account, they can participate in transactions and create, open and sign transactions in business-to-consumer or consumer-to-consumer interactions.

Server accounts

In the Lequinox platform, a server account is an account representing the owner of a Lequinox-enabled application. Via the server account, the application – just as a role account – can be a participant in transactions and create, open and sign them. A server account should be used when you want traceability for events that are not related to the actions of a natural person, but an organisation or a machine or some other device.

Roles

In short, a role is a group of role accounts. They can be either internal or external.

Internal roles

Internal roles are intended for role accounts (users), in your own platform organisation, like employees.

External roles

External roles are intended for users outside your own organisation that is fully and officially activated in a Lequinox platform. These external users can be contractors, advisers and the like, which are hired but not employed by your Lequinox platform-validated organisation. 

Transactions

Definition of a transaction

The Lequinox platform allows users to create, send and open encrypted transactions via Lequinox-enabled applications. Transactions also include a number of services that determine what a participant can do with a transaction, and when.

The transaction archive and traceability 

The archive offers traceability for organisations that have a Lequinox-enabled application registered to their platform organisation. 

User agreements

In the Lequinox platform, user agreements apply to the use of applications and roles. 

Application user agreements

Any application that an organisation wants to assign to a Lequinox-enabled application requires an application user agreement.  

User groups

All applications must belong to at least one user group, which determines the user agreement that applies when the role accounts with access to that group utilise an application.