Integration request with MSign/MPass services
According to the provisions of the Order of the State Chancellery nr.130 of March 26, 2015 regarding certain measures for the enforcement of the Government Decision no. 1090 of December 31, 2013 "Towards Governmental Electronic Service for Authentication and Access Control (MPass)", to integrate an information system/product with one of the MPass or MSign government services, the recipient must send an application/integration request to the Electronic Governance Agency, which is the effective trigger of the integration process with the following content:
- Name of institution or company requesting integration
- IDNO of the institution or company
- Name of the information system/product
- Short description of the information system/product
- Other relevant information/data
Integration Request and Agreement/Contract on the use of governmental service MSign/MPass must be signed * by the head of the institution or another person expressly authorized to do so and must be sent to the eGovernment agency.
The Electronic Governance Agency examines the application and responds to the recipient (who may be a public service provider or, as the case may be, a private sector service provider) within 10 business days.
Agreement/Contract on the use of the government electronic service MSign/MPass
To integrate an information system/product with one of the governmental services of MPass or MSign, it is necessary to conclude an agreement/contract on the use of the governmental e-government service MSign/MPass between the beneficiary and the eGovernment agency. This agreement or contract establishes the conditions and rules for the provision and use of the government electronic service. The Legal Service of the Electronic Governance Agency will facilitate this process and will forward to the Beneficiary the Agreement/Contract model for each government service.
* We encourage the electronic signing of the designated acts using the MSign integrated government electronic signing service and sending them to the Agency , also electronically, to the email address: firstname.lastname@example.org
Examining the request
Upon receipt of the request and the conclusion of the agreement, the Electronic Governance Agency will examine the applicant's dossier within a maximum of 30 days for the completeness and correctness of the information provided. Additionally, the Electronic Governance Agency will ask the beneficiary for a set of technical parameters necessary for integration with the government services concerned.
Get the authentication certificate
In parallel with the process of examining the integration request, the Electronic Governance Agency recommends initiating getting of Accredited Certificate procedure, following the steps described on the STISC official website .
In order to meet the information security requirement for the data exchange used in the integration, the beneficiary need to obtain an Authentication Certificate for each information system that will be integrated with one of the MPass or MSign government services.
Integration on test environment
At this stage, the AGE and the Beneficiary have designated contact persons for the implementation of the provisions of the Agreement (contact details are indicated in the Annex to the Agreement).
To register a new service on the test environment, the following are required:
- Name of the service (in Romanian, Russian and English);
- A brief description of the service
- Service authentication certificate in *. cer format (public key).
Additionally, for MSign:
- one or more IP addresses of the service;
- the type of signatory: natural, legal person or both;
Additionally, for MPass:
- the address to which the LogoutRequest is sent for the logout of the MPass initiation process;
- the address where the LogoutResponse is sent (which may be the same as the one above);
- attributes returned after authentication (according to the integration guide).
*NOTE: Do not forward the file * .pfx, * .key or * .pem to anyone, which are private keys and must be accessible only for the beneficiary.
Integration on the production environment
After testing the integration on the test environment on both sides, the service registration process is repeated on the production environment so that the integration with the production environment matches the expected quality of the users.