Ü - Trust as a Service
The objective for this documentation is to provide new or potential clients of Ü insight in how to implement Ü as a single sign on and privacy provider for their services.
This documentation intends to contain the broad picture from the initiation phase to post implementation. It provides general information, detailed technical information and links to valuable reference documentation. Additionally, it intends to provide new clients a best practice approach in how to structure their privacy configuration and choose the correct level of assurance when identifying and authenticating users of their services through Ü.
Ü is a service undergoing continuous improvements. Features of Ü are not limited to what is described in this documentation at any given moment, although we will continuously update it as features are released in the wild.
Ü is a GDPR compliant identity and privacy service that helps companies who want to be consumers of personal data in a compliant, contextual and trustworthy way by empowering their users with control and transparency.
The solution is broken down into 3 main domains:
A global GDPR compliant identity solution with support for modular authentication mechanisms that fit your service’s requirements on levels of assurance, while supporting contextual dialogues & interactions for:
- Gathering consent
- Permission based data sharing
- ID verification
A dedicated, cross service, neutral and user focused portal for:
- Lifecycle management of privacy requests
- Exercise of GDPR individual rights
- Manage security, profile and privacy preferences
Privacy services providing clients with APIs for:
- Managing data processing activities (resources, processing purposes, consent dialogues)
- Managing consent and state of a user’s data processing approvals
- Managing GDPR related privacy requests (access, portability, erasure and objections)
Adopting the capabilities provided by Ü into your own product allows you to create simple, seamless and secure personalised experiences, on your customer’s terms, while building trust and loyalty. It also frees up your time to focus on your core business and product development.
Our mission is to help you reach compliance and increase trust towards your products and services. By functioning as a mediator between your service and your users, our main priorities for those dialogues and interactions will always be:
- how we communicate the process effectively and consistently to end-users
- how we make the user experience understandable and engaging, especially in terms of data sharing and privacy
- how we ensure that we provide a high conversion rate for your service
Logical components of Ü/Trust as a Service
Why use Ü?
Take a look at just a few of the use cases for which you can use Ü:
- You built an awesome app and you want to add user authentication and authorization. Your users should be able to log in seamlessly and securely. You want to retrieve the user's profile after the login so you can customize the UI and apply your authorization policies.
- You have more than one app and you want to implement Single Sign On.
- You believe passwords are broken and you want your users to log in with one-time codes delivered by email or SMS.
- You don't want (or you don't know how) to implement your own user management solution. Password resets, creating, provisioning, blocking, and deleting users, and the UI to manage all these. You just want to focus on your app.
- You want to enforce a high level of assurance authentication when your users want to access sensitive data.
- You are looking for an identity solution that will help you stay on top of the constantly growing compliance requirements like GDPR, ePrivacy and others.
- You want to gather consent and be compliant with GDPR and other privacy regulations by allowing your users to exercise their GDPR individual rights, but don’t have the time or resources to create and improve all the dialogues and interactions necessary to do that across all your services and customer channels
- You need to comply with GDPR by establishing and managing a registry of your processing activities (art.30)