Parameters

Authorization

During the execution of the signature process, TRIDENT authenticates the user and obtains their authorization via OAuth 2.0 on two occasions:

• Firstly, so the document signature service can query the user's signing identities to select one.

• Secondly, so that the document signature service can request that the document be signed with the selected signing identity.

A typical authentication and authorization configuration of the TRIDENT server would provide a user experience as follows:

• The first authentication can be skipped via SSO if the user already has a session open in TRIDENT (the user may have logged in to start a session in the application). Furthermore, the authorization may be implicit in the authentication.

• The second authentication may be skipped via SSO when a signing identity in a mobile device is used (if the user has a session open in TRIDENT) because the Mobile ID application already requires that the user enters their PIN before generating the signature. However, the second authentication cannot be skipped when a server signing identity is being used. In either of these two cases (mobile or server signing identity), the subsequent authorization may be implicit in the authentication.

In general, as well as authenticating the user and obtaining their authorization for querying the signing identities and signing the document, the user is also asked to acknowledge that they have read the document before signing. When a signing identity on the server is used, obtaining this acknowledgment can be omitted if this is specified when the signature process is created (the views.document_agreement.skip_server_id parameter). This typically occurs when the client application obtains the acknowledgment by its own means prior to requesting document signing from TRIDENT.