Skip to content

User attributes

When a user logs in via the OIDC flow, the RMI portal will receive a number of UID attributes in the user_info response which can be used to identify the user without processing their personal information. Below is a summary of each UID attribute and its purpose within the SERMI scheme:

CABUID

EXA/NL/1234/1EXA2MP34LE5
The CABUID is provided to the Trust Centre by the CAB when gaining access to the CAB API and represents the accredited CAB which granted the user's authorisation. It is constructed of the following details:

  • First three characters of the CAB's name
  • Country code where the CAB is approved (ISO-3166-1 alpha-2)
  • Four-digit identifier (numeric)
  • Twelve-character identifier (alphanumeric)

IOUID

EXAMPLEIO/WALDORPSTRAAT13FTHEHAGUE2521CA/NL123456789B01
The IOUID is generated by the CAB and represents the IO the IOE is logging in on behalf of. It is constructed of the following details:

  • Independent operator's full name (alphanumeric)
  • Independent operator's full address (alphanumeric)
  • Independent operator's VAT number or other regional identifier (alphanumeric)

Please note

In situations where an IO VAT number contains personal information (such as a social security number), a VAT number may not be included. For this reason, VMs should expect to see values outside of VAT format.

IOEUID

NL/EXAMPLECAB/1234567890B
The IOEUID is generated by the CAB and represents the IOE logging in. It is constructed of the following details:

  • Authorising CAB's country code (ISO-3166-1 alpha-2)
  • Authorising CAB's full name (alphanumeric)
  • User's authorisation UID (alphanumeric)

Once an authorisation UID has been generated by the CAB for the user, it will always remain the same. If the user requests a new authorisation in the future, the CAB details in the IOEUID may change, but the authorisation UID will remain the same. This will be the case even if the user's previous authorisation was revoked.

RSSUID

EXAMPLERSS/WALDORPSTRAAT13FTHEHAGUE2521CA/NL123456789B02
The RSSUID is generated by the CAB and represents the RSS the RSSE is logging in on behalf of. It is constructed of the following details:

  • Remote service supplier's full name (alphanumeric)
  • Remote service supplier's full address (alphanumeric)
  • Remote service supplier's VAT number or other regional identifier (alphanumeric)

RSSEUID

NL/EXAMPLECAB/1234567890D
The RSSEUID is generated by the CAB and represents the RSSE logging in on behalf of the IOE. It is constructed of the following details:

  • Authorising CAB's country code (ISO-3166-1 alpha-2)
  • Authorising CAB's full name (alphanumeric)
  • User's authorisation UID (alphanumeric)

The RSSE may only log in when granted a one-time chain authorisation from an IOE. For this reason, the RSSEUID will always be paired with the IOEUID for the IOE granting their chain authorisation.