Content

Online Mandates


Mandates and representation (proxy relationships) make it possible to carry out legal transactions on behalf of and on the account of a mandator (principal). The online mandate service provides this resource, which is very common in conventional business and official transactions, in eGovernment as well.

Online mandates service

With the concept of online mandates, representative interventions in Austrian eGovernment are designed to be as easy and user-friendly as possible. The underlying concept in the process is based on the central approach of access to current information from constitutive registers.

Figure 1 shows the architecture and process model of the online mandate service, whereby this service is operated centrally by the Austrian SourcePIN Register Authority. The following list describes the essential steps of an authentication by means of an online mandate and gives information on the registers used in the process.


Architectur des Online-Vollmachten Service

Figure 1: Architecture of the online mandates service.

  1. The authentication on an online application on behalf begins like a normal authentication. In addition, however, the authentication on behalf option has to be selected.
  2. 2.In the case of a proxy, MOA-ID accesses the online mandate service of the SourcePIN Register Authority. The communication between MOA-ID and the online mandate service is handled by a SOAP-based WEB service, whereby the login data (identity link and certificate) of the representative is transferred to the online mandate service.
  3. The online mandate service uses the information transferred by MOA-ID to obtain proxy information from different registers.
    1. Business register for legal powers of sole representation of
      • companies registered in the Austrian Register of Company Names
      • associations registered in the central Register of Associations
      • legal entities registered in the Supplementary Register for Others.
    2. Business service portal for arbitrary mandates of legal entities
    3. Bilateral mandate register of the SourcePIN Register Authority. The SourcePIN Register Authority operates a service for the registration of bilateral mandates between private individuals. Persons (proxies) can login to the bilateral register by means of a Citizen Card and grant other persons special mandates.
  4. Afterwards, the representative is forwarded to the online mandate service where the choice of online mandate is made by the representative.
  5. After choosing the online mandate, it is transferred to MOA-ID where MOA-ID checks the electronic signature of the online mandate and concludes the authentication process.
  6. In the last step, the authentication data and the selected online mandate is transferred to the online application.

An important application case involves authorised professional representatives or alternatively legal professionals authorized for representation such as lawyers, notaries or civil engineers. Due to their professional qualifications, they can intervene on behalf of clients, whether they are private individuals or legal entities. In this case, the capacity of the authorised professional representative or legal professional authorized for representation is checked by the online mandate service, whereby the certificate conveyed by MOA-ID contains the capacity and must be valid at the time of the check. Afterwards, the authorised professional representative or legal professional authorized for representation can intervene for any private individual or legal entity.

A complete list of the current types of mandate and professional qualifications supported  by the online mandate service can be retrieved from the SourcePIN Register Authority.

User

This description is directed at persons who would like to intervene on behalf (proxy, agent of the mandate) or persons who would like to grant someone a power of representation (represented person, principal).

Intervention on behalf

For online applications that support a login by means of a Citizen Card or mobile phone signature, a authentication on behalf can also be possible if need be. If the login to the online application is to be carried out on behalf, then the option authentication on behalf must be selected during the login process.
In Vertretung anmelden bei Bürgerkartenauswahl

Figure 1: Citizen Card selection

Figure 1 shows the Citizen Card selection and option field for a authentication on behalf. Afterwards, the login process can be continued as usual by means of a Citizen Card or mobile phone signature. In contrast to a regular authentication without a proxy, for a authentication on behalf there is the selection of the power of representation after entering the PIN for a login by means of a Citizen Card or after the SMS-TAN input for a login by means of a mobile phone signature. The selection of the power of representation is carried out on the online mandate service of the Austrian SourcePIN Register Authority, which is operated by the Austrian Data Protection Commission.

Figure 2 shows an example of such a selection of mandates.

Auswahl von Vertretungsbefugnissen am Online-Vollmachten Service

Figure 2: Mandate selection on the online mandate service of the SourcePIN Register Authority.


The number of mandates can differ from the choice shown in Figure 2 depending on which, and how many mandates are entered for you. After selection of the desired power of representation, the login process can be continued by the Continue button or broken off by means of Cancel. If you continue the login process with the selected power of representation, you will then be passed back to the online application and automatically logged in with the data that you selected.

Granting power of representation

If you are authorised for sole representation of a company registered in the Austrian Register of Company Names or for another (ERsB) company registered in the Supplementary Register (e.g. if you are a sole proprietor), then this power of representation will be provided automatically through the online mandate service.

In all other cases, you can leave a power of representation at the bilateral mandate registry of the Austrian SourcePIN Register Authority. To do this, you have to login to the bilateral mandate registry by means of a Citizen Card. Afterwards, you can put in an online mandate for a private individual or apply for a legal entity. Figure 3 shows the main page of the bilateral mandate registry after logging in successfully.

Hauptseite des bilateralen Vollmachtsregister

Figure 3: Bilateral mandate registry

The following guide describes the granting of a power of representation to a private individual. Since the entry of power of representation for a legal entity is handled in a similar way, the process will only be described in detail once.

  1. In the first step, the type of mandate must be selected. As shown in figure 3, two types (for organisations and for private individuals) are available.
  2. In the second step, the representative (person who has been granted mandate) is entered. In addition, the mandate can be for a limited time. This step is shown graphically in Figure 4.vollmachte eintragen 2

    Figure 4: Choice of representative.

  3. In the third step, the mandate type must be specified in more detail. A complete list of all available types of mandate (mandate profile) can be retrieved on the online mandate service. The desired mandate can be granted with the "Grant mandate" button. Figure 5 shows the choice of types of mandate. Auswahl einer speziellen Vollmacht am Online-Vollmachten Service

    Figure 5: Choice of the specific mandate.

  4. In the last step, all the data given to grant someone the power of representation is shown once again in an overview. With the help of the Confirm button, the power of representation is entered in the bilateral mandate registry and can be used by the representative (principal) within the validity period from that time on. Figure 6 shows an example of such a summary of the mandate data.Zusammenfassung der angegebenen Daten

    Figure 6: Summary of all the given data.

Service providers

This description is directed at service providers or operators of online applications that would like to use online mandates for their applications.

1. Requirements

Since online mandates can currently be used exclusively by administration (or alternatively their service providers) due to legal restrictions, a certificate with an administration or alternatively service provider attribute (Administration OID) is necessary for the connection to the online mandate service.

In Austria, certificates with an Administration OID are currently offered by the two certification service providers (ZDA) A-Trust GmbH as well as A-CERT of e-commerce monitoring GmbH. These certificates are also referred to as official signature certificates.

2. Integration

  • MOA-ID

    MOA-ID with at least version 1.5.1 is required for the integration and use of online mandates in your own applications by means of MOA-ID. MOA-ID versions with a lower version number are not suitable for this due to a lack of technical prerequisites.

    1. Activation of mandate mode

      MOA-ID is started via the StartAuthentication servlet. To activate mandate mode, this servlet must be called with the additional parameter useMandate and parameter value true

      Example: https://test.gv.at/moa-id-auth/StartAuthentication?Target=ZP&OA=https://.../mms/&useMandate=true

    2. Connection to the online mandate service

      In the global part of the MOA-ID configuration, the connection to the online mandate service must be configured first of all. The following Web service URLs are available for this on the online mandate service.

      The communication between MOA-ID and the online mandate service requires a connection that is secured by means of SSL client authentication. The certificate must be entered here that meets the requirements given above

    3. Application-specific mandate configuration:

      Per online application, the support or alternatively use of mandates can be configured individually in MOA-ID. The following application-specific configuration possibilities are available:

      • Specification of the application name (friendlyName): In the MOA-ID login process, the proxy is forwarded to the page of the SourcePIN Register Authority to select a mandate after creation of the signature. In order to communicate a trusted reference to the actual application to the proxy in this step, MOA-ID can pass the application name to the online mandate service for display.
      • Level of detail of the representation data record (provideFullMandatorData): After a proxy logs in successfully, MOA-ID supplies a respective data record as an SAML attribute back to the application for analysis. If this data is present in the MOA-ID reply, then the application knows that a proxy has logged into the application on behalf of another person. Independent of what data is needed by the application for analysis, the level of detail of the proxy data record that is returned to the application can be configured in MOA-ID.
      • Mandate profiles (profiles element): Similar to conventional procedures, there is usually a defined quantity of types of mandate per online application that are permissible for acting as a proxy. This permittedquantity of types of mandate is defined in the MOA-ID configuration of the online application via so-called mandate profiles. Multiple mandate profiles can be given per online application separated by commas. A complete list of the supported mandate profiles is available on the page of the SourcePIN Register Authority. (https://vollmachten.stammzahlenregister.gv.at/mis/ or alternatively https://vollmachten.stammzahlenregister.gv.at/mis-test/ for the test system)
  • Own application:

    Integration of the online mandate service in your own application is also possible. In this variant, however, complete implementation of the MIS specification of the online mandate service by the application operator is required.

Detailed information

Electronic mandates are an important instrument in Austrian eGovernment for acting through a proxy, interventions under another name or on the account of another. An electronic mandate corresponds to the reproduction of a conventional mandate and creates the relationship between the proxy, who is the person who intervenes representatively by means of a Citizen Card, and the principal. Furthermore, details on the representative intervention are defined, such as the content of the mandate.

The following application cases for powers of representation are currently offered through the online mandate service.

Application cases

  • Proxy relationships based on the Register of Company Names
  • Proxy relationships based on the Register of Associations
  • Proxy relationships based on the Supplementary Register
  • Proxy relationships for private individuals who have a Citizen Card
  • Intervention through a legal professional authorized for representation (lawyers, notaries, civil engineer, and so on)

 

That way, with the concept of online mandates, representative interventions in Austrian eGovernment are designed to be as easy and user-friendly as possible.

I am looking for... 

...more detailed information on the online mandate service

... information on the use of online mandates

... information on the integration of online mandates in online applications