Versions Compared

Old Version 31

changes.mady.by.user Marita Gustavsen

Saved on

compared with

New Version Current

changes.mady.by.user Marita Gustavsen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

StepDescriptionResponsibleTaskDeadlineStatusDocuments and notes
1) Set up internal routinesThe respective TSP or Bank will require to have in place internal routines for move or merger of RA's.TSP or Bank

Decide the following:

  • How to deal with the OTP tokens
  • End user impact
  • Information to end users
  • How to deal with logs and how/who to archive (admin logs for certificates)

Note that the TSP/Bank is responsible for handling the end user certificates through the whole process, including revoke of old certificates.


Status
titlePlanning


2) BITS ApprovalThe respective TSP or Bank will require BITS approval for the following move or merger before ordering an RA ceremony.

TSP or Bank


Status
titlePlanning

Information from BITS about the process:

View file
nameBankID - Migrering - Prosess for migrering av bank til ny CA.pdf
height150

3) Formal order to BankID

The respective TSP or Bank have to create and send a formal order to BankID as an electronically signed document, signed by TSP or Bank.

TSP or Bank

This order should contain:

New RA:

  • Detailed information about the CA
  • Approval from BITS (from step 2)

Move or merger of RA:

  • The purpose of the move or merger of the mentioned RA
  • Detailed move or merger from and to what CA
  • Approval from BITS (from step 2)

Sign it electronically and create a ticket here with the signed document attached.


Status
titlePlanning


4) Send order forms to BankID

The respective TSP or Bank have to fill out required order forms and send it to BankID signed before or during the RA ceremony.

A copy must be sent before the RA ceremony.

TSP or Bank
  • TSP/Bank fills out the required order form.
  • Send a copy before the RA ceremony by creating a ticket here.

Status
titlePlanning

Order form templates can be found here: Misc forms for BankID Support

5) Make sure that the prerequisites are in order

Primary CAO token "Dongle" is normally stored in a safe at the respective TSP (CA responsible).

The respective Key Custodian for the TSP is responsible to carry and bring the RA XML request and the Primary CAO token "dongle" to the RA ceremony.

Key custodian for TSP
  • Create an RA XML request on the TSP system, for example through HAT tool.
  • Make sure that the USB stick is new and unused
  • Make sure that the Key Custodian have approved identification such as a passport or driver license (if the Key Custodian is a non-Norwegian citizen, they must bring their passport)

Status
titlePlanning


6) RA ceremony coordination

BankID will ensure that everything is in place and coordinate the ceremony and switchover with all stakeholders.

BankID

Check that the following is in place:

  •  BITS approval - If not provided by the TSP or Bank, contact BITS and verify
  •  Formal order received
  •  Signed order forms
    •  Signed - Naming of RA (Required)
    •  Signed - Revoke RA XML Request (Optional)
  •  TSPs Primary CAO token
  •  TSPs/Bank RA XML Request

If all is in place, all stakeholders align and agree on date and time for the following:

  •  1. RA ceremony
  •  2. Activation of New RA XML Sign Certificate
  •  3. Switchover 
  •  4. Revoke RA XML (Optional)

Normally step 2, 3 and 4 happens within the same 24h.


Status
titlePlanning


7) Invitations

BankID will send out a meeting invite for the ceremony and the switchover.

BankID

Create and send out the invitation to all stakeholders.

The invitation should contain, but not limited to:

  • Purpose and description
  • Date
  • Time
  • Duration
  • Virtual Meeting Link or Address
  • Attendees and contact points
  • Information on what to bring

Status
titlePlanning


...