First time implementing a DSOP Solution based on the DSOP Control Common Standard.
This onboarding guide is to be used by data providers as a reference document and navigation tool that
provides access to information that is necessary for the successful establishment of DSOP Solutions based on the
DSOP Control Common Standard.
Onboarding process
To ensure good integration with the data consumer (public agency), the data provider should follow this onboarding process in 4 phases as described below.
Process | Description |
---|---|
A – Preparation | Read documentation and assess how this affects the data provider, and how and when the work should be organized. Initiate necessary technical orders internally. |
B – Registration and signing of contract | The data provider registers with Bits. Bits manages the signing of contracts/terms with the data provider. |
C – Integration | The data provider starts implementation of the solution and performs the necessary internal tests and integration tests against the data consumers before the transition to production. |
D – Production | The data provider goes in production |
In the following chapters, there are also presented recommendations about who should complete which tasks:
-
IT: IT-specific tasks
-
Business: Tasks for the business side that will implement the solution
-
All: All the above-mentioned environments.
A - Preparation
In this chapter, you will find an overview of tasks that must be done before the data provider proceeds with registration and signing of contracts (B).
Tasks | Links + relevant info to do the task | |
---|---|---|
A-1 | Go through the information-site for the DSOP Control Common Standard as well as the specific DSOP Solution(s), to understand what the solution(s) can mean for the data provider and what is needed to succeed (All). | See - About the DSOP Control Common Standard - About the DSOP Solution (find the specific DSOP Solution in the site menu) |
A-2 | Assign rights in Altinn so that the data provider can receive digital letters from the data consumers. | See document (rundskriv) with description from the data consumers for guidance: - Politiet - NAV (Vedlegg) - Skatteetaten (Vedlegg) |
B – Registration and signing of contract
Tasks that must be done prior to registration and signing of contract |
---|
A-1, A-2 |
Tasks | Links + relevant info to do the task | |
---|---|---|
B-1 | Registration form Data providers send a registration form with, among other things, the following information to Bits: - Data provider - What DSOP solutions based on the Common Standard the registration apply for - Contact details - Production date |
The registration form is sent to DSOP support by registering a case. Bits will verify the content in the form. Download registration form here. |
B-2 | Electronic signing of the necessary contracts/terms (Business) The data provider is contacted by Bits to start electronic signing of the relevant contracts (the signatory listed in the registration form receives electronic contract for signing via email from Verified). |
Signing of the agreement is done digitally via Verified and managed by Bits. |
C – Integration
Tasks that must be done prior to integration |
---|
A-1, A-2, B-1, B-2 |
Tasks | Links + relevant info to do the task | |
---|---|---|
C-1 | Implement the DSOP Solutions according to the API-specification for DSOP Control Common Standard. See all documentation for the concrete DSOP Solutions, as well as general documentation for DSOP Control Common Standard (IT) |
See all documentation for the specific DSOP Solution you are implementing (see site menu). Make sure to see the following documentation at minimum about the DSOP Control Common Standard: - API-specification - Data model for description of fields in the API specification, and a list of the relevant APIs for each DSOP solution - Specification av eOppslag for guidance to the API-specification - Functional Specification - Architecture document - Security Design describes secure communication between the data provider and the data consumers - Legal conditions (Juridiske rammebetingelser) for the concrete DSOP solutions: gives information about the data consumers that should have access to the solutions and what legal basis they have to send requests for data. - Validation of requests |
C-2 | Implement Customer Relationship Register (Kundeforholdsregister). (IT) Relevant for data providers that only register parts or none of the accounts in KAR. |
See Onboarding guide Customer Relationship Register (in norwegian) |
C-3 | Facilitate validation of the access token (IT/Business) | Get Digdir’s public certificate for token validation locally. Endpoints for both test environment and production environment must be supported: Test environment Production environment How to validate: - Maskinporten |
C-4 | Technical integration for BCL (Business Certificate Lookup). (IT) | BCL test environment: https://test-bcl.difi.blufo.net BCL production environment: https://bcl.difi.blufo.net |
C-5 | Register test-data in KAR or KFR (IT) | Only synthetic or anonymized data is accepted. It is desirable that the test data is synthetic and consists of 5-10 test users who have different identifiers (personal identification number, d-number or organization number). When using anonymized test data, the following criteria must be followed, and Bits must be informed about the use of anonymized test-data. Registration of test data is done by the data providers themselves. Only data providers that have accounts registered in KAR can register test data in KAR. Other data providers must register test data in KFR. Personal identification number, D number and organization number for the test users are sent to DSOP@bits.no |
C-6 | Perform internal testing. (IT) 1. Integration test (13 test cases) 2. Review points in checklist 3. Answer questions about compliance and register any deviations Checklist and the integration test are aids that can be used to check that the implementation is correct and of good quality. |
Integration test, checklist and questions for compliance can be found here:Test . Performed internal testing is confirmed to Bits. Performed integration test, checklist and answers to questions about compliance must be attached and sent to DSOP@bits.no. Bits will verify that testing is ok. |
C-7 | Register endpoints for test- and production environment in API-catalogue. (IT) Only one endpoint per environment must be registered. |
Data providers send the endpoints to be registered in the API catalog to DSOP@bits.no. |
C-8 | Test with data consumers. Test must start no later than two weeks before the agreed production date. |
Data consumers want to test the entire value chain - from identifying customer relationships at the data provider to retrieving data and decrypting the content. Data consumers run various tests to verify that the data provider has implemented correctly in accordance with documentation |
C-9 | Arrange for notification to Bits (Business) | The data provider must arrange for future notifications to be sent regarding the Control information solution. See Notification for information about when and how the data provider shall send a notification. |
D – Production
In this chapter you will find an overview of tasks that should be done to move to production.
Tasks that must be done prior to integration |
---|
A-1, A-2 |
B-1, B-2 |
C-1, C-2, C-3, C-4, C-5 C-6, C-7, C-8, C-9 |
Tasks | Links + relevant info to do the task | |
---|---|---|
D-1 | Self declaration (Business) The data provider downloads the self declaration, fills in the form and returns the completed form to Bits. It is important for the data provider to previously have reported all the fields that can not be delivered in accordance with the API-specification in step C-6 under questions about compliance and deviations. This is to reduce error messages from data consumers in production. |
Download self declaration (in norwegian). By returning the completed self declaration, the data provider confirms that they are ready for production. The self declaration should be sent to DSOP@bits.no |
D-2 | After the return of the completed self declaration, Bits will make the endpoint available for the data provider in the API-catalogue. | The data provider is in production. |
Change log
Date | Version | Change |
---|---|---|
20.03.2024 | 2.0 | New version of the DSOP Control API generating extensive changes throughout all documentation. |
03.12.2020 | 1.5 | Spesifisert at før man sender inn selvdeklarasjon i D-1, er det viktig at alle avvik har blitt rapportert. |
17.11.2020 | 1.4 | Endret innhold i Selvdeklarasjon slik at det i Selvdeklarasjon kun skal bekreftes at alt er gjort. Spørsmål som er fjernet er flyttet inn i fil om etterlevelse. |
17.11.2020 | 1.3 | Utvidet prosedyre for test i pkt C-6 til at spørsmål om etterlevelse og evt. avvik også skal besvares. |
16.11.2020 | 1.2 | Korrigert well-known endepuntk for validering mot Maskinporten, pkt. C-3. |
21.01.2020 | 1.1 | Lagt til følgende presisering under pkt. C-5: Skarpe data er ikke akseptert. |
13.10.2020 | 1.0 | Lagt til nytt punkt A-2 - Tildeling av rettigheter i Altinn |