Skip to content

Commit ada9a6a

Browse files
authored
Merge pull request #3 from MobileID-Strong-Authentication/docs/fix-reference-guide-typos
replace wrong whitespace char
2 parents 892cfd0 + 1a69e36 commit ada9a6a

5 files changed

Lines changed: 104 additions & 104 deletions

File tree

docs/index.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ features:
2525
icon:
2626
src: /img/icon-security.svg
2727
class: feature-icon-security
28-
details: Follow this guide to integrate MobileID into your application through the OpenIDConnect (OIDC) standard.
28+
details: Follow this guide to integrate Mobile ID into your application through the OpenID Connect (OIDC) standard.
2929
link: /oidc/introduction
3030
- title: Release Notes
3131
icon:

docs/reference-guide/app-provider-client-integration.md

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
1-
# ApplicationProviderClientIntegration
1+
# Application Provider Client Integration
22

3-
This chapter describes how an **ApplicationProvider(AP)** integrates its backend with the **SwisscomMobile ID signatureservice**. It covers the necessary preconditions, endpoint configuration, and use of **mutualTLSauthentication**.
3+
This chapter describes how an **Application Provider (AP)** integrates its backend with the **Swisscom Mobile ID signature service**. It covers the necessary preconditions, endpoint configuration, and use of **mutual TLS authentication**.
44

55
## Preconditions
66

@@ -14,10 +14,10 @@ Before using the **Swisscom Mobile ID** web service, some initial provisioning s
1414
2. **The Mobile ID customer receives from Swisscom:**
1515
- An **AP_ID** (Application Provider Identifier) value.
1616
- A **DataToBeDisplayed (DTBD) Prefix** value:
17-
- The DTBD Prefix is an AP‑specific keyword that must be included as a prefix in every MobileID request text message sent to a MobileID user (the message displayed on the user’s mobile phone).
17+
- The DTBD Prefix is an AP‑specific keyword that must be included as a prefix in every Mobile ID request text message sent to a Mobile ID user (the message displayed on the user’s mobile phone).
1818
- **Example:** `"Bank ACME: "`
1919

20-
## EndpointAddress
20+
## Endpoint Address
2121

2222
The Swisscom Mobile ID web service is accessible through LAN-I or Internet. If not otherwise specified use the following default access details.
2323

@@ -85,11 +85,11 @@ A certificate-based mutual authentication when accessing the Mobile ID web servi
8585
- The **Enhanced Key Usage** value of client certificates must include **Client Authentication** (`1.3.6.1.5.5.7.3.2`).
8686
- See **[Create X509 Client Certificates](/reference-guide/create-client-certs.md)** for examples of creating self‑signed certificates.
8787

88-
- All requests to the **MobileID service** must originate **only** from servers that you control.
88+
- All requests to the **Mobile ID service** must originate **only** from servers that you control.
8989
- Never send requests directly from client‑side code such as **mobile apps** or **JavaScript**, as this may compromise your credentials.
9090

91-
- To validate the **chain of trust** for the MobileID server certificate:
92-
- Add the **SwissSignGold CA – G2** root certificate to your client **TrustStore**.
91+
- To validate the **chain of trust** for the Mobile ID server certificate:
92+
- Add the **SwissSign Gold CA – G2** root certificate to your client **TrustStore**.
9393
- The intermediate CAs are returned dynamically by the MID server and may change.
9494

9595
::: info

docs/reference-guide/best-practices.md

Lines changed: 25 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,10 @@
11
# Best Practices
22

3-
The **Swisscom Mobile ID Strong Authentication** GitHub repository provides various examples of MobileID client implementations.
3+
The **Swisscom Mobile ID Strong Authentication** GitHub repository provides various examples of Mobile ID client implementations.
44

5-
The repository **[`mobileid-client-java`](https://github.com/SwisscomTrustServices/mobileid-client-java)** serves as the *main* Java‑based reference implementation for building **MobileID REST** and **SOAP** API clients.
5+
The repository **[`mobileid-client-java`](https://github.com/SwisscomTrustServices/mobileid-client-java)** serves as the *main* Java‑based reference implementation for building **Mobile ID REST** and **SOAP** API clients.
66

7-
This library is ideal for Java8+ projects that require **secure authentication and authorization** using a mobile phone.
7+
This library is ideal for Java 8+ projects that require **secure authentication and authorization** using a mobile phone.
88
It can be added as a dependency to your project and used in any scenario requiring access to the **Swisscom Mobile ID** service.
99

1010
## MSS Signature
@@ -13,13 +13,13 @@ It can be added as a dependency to your project and used in any scenario requiri
1313

1414
When constructing an **MSS Signature** request, the following best‑practice guidelines should be followed:
1515

16-
1. **Define a unique `AP_TransID` (TransactionID)**
16+
1. **Define a unique `AP_TransID` (Transaction ID)**
1717
Each signature request must have a unique transaction identifier.
1818

1919
2. **Set the current time for `Instant` (with time zone)**
20-
The `Instant` parameter must include time zone information and must not deviate excessively from the Mobile ID Service’s current time; otherwise, a fault response with sub‑code**101** will be returned.
20+
The `Instant` parameter must include time zone information and must not deviate excessively from the Mobile ID Service’s current time; otherwise, a fault response with sub‑code **101** will be returned.
2121
- **Example:** `2020-01-01T12:00:00.000+01:00`
22-
- Must conform to the [W3C`xs:dateTime`](https://www.w3.org/TR/xmlschema-2/#dateTime) format.
22+
- Must conform to the [W3C `xs:dateTime`](https://www.w3.org/TR/xmlschema-2/#dateTime) format.
2323

2424
3. **Ensure uniqueness across the triplet `(AP_ID, AP_TransID, Instant)`**
2525
The combination of these three fields must be unique for every transaction.
@@ -31,19 +31,19 @@ When constructing an **MSS Signature** request, the following best‑practice gu
3131
- **Example:** `+41791234567`
3232

3333
5. **Set a valid `UserLang` value**
34-
The value must be one of the supported languages —**EN**,**DE**,**FR**, or **IT**and must match the language used in the **DataToBeDisplayed** (`DTBD`) message.
34+
The value must be one of the supported languages — **EN**, **DE**, **FR**, or **IT** and must match the language used in the **DataToBeDisplayed** (`DTBD`) message.
3535

3636
6. **Define the `DataToBeDisplayed` (DTBD) message**
3737
The text shown on the user’s mobile device must comply with the following guidelines:
3838
- Encoded in **UTF‑8** [<sup id="a17">17</sup>](#17).
39-
- Should include a **unique transaction reference** (e.g., timestamp, customerID, contractID).
39+
- Should include a **unique transaction reference** (e.g., timestamp, customer ID, contract ID).
4040
- **Length limits:**
41-
- Maximum **239characters** if all characters are in the standardGSM DA characterset.
42-
- If any character falls outside this set (e.g., the lowercasecedilla “ç”), the maximum length reduces to **119characters**.
41+
- Maximum **239 characters** if all characters are in the standard GSM DA character set.
42+
- If any character falls outside this set (e.g., the lowercase cedilla “ç”), the maximum length reduces to **119 characters**.
4343
- Keep the message as **short and user‑friendly** as possible.
4444

4545
**Example DTBD:**
46-
> `BankACME:Proceedwiththelogin?(TXN‑3D5K)`
46+
> `Bank ACME: Proceed with the login? (TXN‑3D5K)`
4747
4848
---
4949

@@ -61,26 +61,26 @@ When constructing an **MSS Signature** request, the following best‑practice gu
6161

6262
### Signature Response
6363

64-
After receiving the **MSS Signature Response**, the client (ApplicationProvider –AP) must perform proper response validation to ensure authenticity, integrity, and consistency with the original request.
64+
After receiving the **MSS Signature Response**, the client (Application Provider – AP) must perform proper response validation to ensure authenticity, integrity, and consistency with the original request.
6565

6666
The key validation aspects are as follows:
6767

6868
1. **Match Request and Response Identifiers**
6969
- Verify that the **`AP_TransID`** and **`MSISDN`** values in the response are identical to those sent in the original request.
7070
- Any mismatch should be treated as an invalid response and rejected.
7171

72-
2. **Validate the MobileUser’s X.509Certificate**
72+
2. **Validate the Mobile User’s X.509 Certificate**
7373
- Ensure the user certificate chains up to a **trusted root CA** contained in your local **TrustStore**.
74-
- The client should only trust certificates that link to a **trust anchor** matching the expected SwisscomMobileID CA.
75-
- Your **TrustStore** should only contain the **relevant root CAcertificate** (see **[Root CA Certificates](/reference-guide/root-ca-certs.md)**).
74+
- The client should only trust certificates that link to a **trust anchor** matching the expected Swisscom Mobile ID CA.
75+
- Your **TrustStore** should only contain the **relevant root CA certificate** (see **[Root CA Certificates](/reference-guide/root-ca-certs.md)**).
7676

77-
3. **Verify the DigitalSignature**
77+
3. **Verify the Digital Signature**
7878
- Confirm that the received digital signature is **cryptographically valid**.
7979
- The **signed content** must correspond exactly to the **`DataToBeDisplayed (DTBD)`** text from the earlier signature request.
8080
- The client must be capable of validating both **RSA** and **ECDSA** signatures.
8181

82-
4. **(Optional) Validate the Mobile ID SerialNumber**
83-
- For the **highest level of assurance** and a fully **strong two‑factor authentication** process, validate the **MobileID serial number** as described in **SectionMobile ID Serial Number Validation**.
82+
4. **(Optional) Validate the Mobile ID Serial Number**
83+
- For the **highest level of assurance** and a fully **strong two‑factor authentication** process, validate the **Mobile ID serial number** as described in **Section Mobile ID Serial Number Validation**.
8484

8585
5. **Implement Proper Fault and Status Handling**
8686
- Handle all **status** and **fault codes** using structured exception handling logic to ensure stable, predictable behavior of the client application.
@@ -89,14 +89,14 @@ The key validation aspects are as follows:
8989

9090
**Important Note:**
9191
Certificate revocation checks are **not recommended**.
92-
MobileID user certificates are **never revoked** individually — the **MobileID service backend** manages account validity and state directly.
92+
Mobile ID user certificates are **never revoked** individually — the **Mobile ID service backend** manages account validity and state directly.
9393

9494

9595
### Signature Concurrency Control
9696

97-
This section describes the behavior of the **MobileID Service** when an **Application Provider (AP)** submits a new **MSS Signature** request while another signature transaction is already in progress for the **same MSISDN** and the **same authentication method**.
97+
This section describes the behavior of the **Mobile ID Service** when an **Application Provider (AP)** submits a new **MSS Signature** request while another signature transaction is already in progress for the **same MSISDN** and the **same authentication method**.
9898

99-
Concurrency handling depends on whether the request targets the **SIM** method or the **Mobile ID App** method.
99+
Concurrency handling depends on whether the request targets the **SIM** method or the **Mobile ID App** method.
100100

101101
---
102102

@@ -105,18 +105,18 @@ If both signature requests target the **SIM‑based authentication method**, and
105105

106106
- **Fault Code:** `406 / PB_SIGNATURE_PROCESS`
107107
- **Description:** The subscriber already has an active signature operation in process.
108-
- See **Section6** for detailed fault code definitions.
108+
- See **Section 6** for detailed fault code definitions.
109109

110110
---
111111

112112
##### App Method Concurrency
113-
If both requests target the **Mobile ID App‑based authentication method**, the behavior is different:
113+
If both requests target the **Mobile ID App‑based authentication method**, the behavior is different:
114114

115115
- The **existing first signature transaction** is **canceled** automatically by the backend.
116-
- The **second signature request** is then displayed on the mobile device via the Mobile ID App.
116+
- The **second signature request** is then displayed on the mobile device via the Mobile ID App.
117117

118118
- **Fault Code (cancellation of first transaction):** `401 / USER_CANCEL`
119-
- See **Section6** for further information.
119+
- See **Section 6** for further information.
120120

121121
## Mobile ID Serial Number Validation
122122

0 commit comments

Comments
 (0)