FAQ

What capabilities does UAEPASS offer?

UAE PASS is the first national digital identity for all citizens, residents, and visitors (upcoming). It provides the following services to the service provider organizations;

• Mobile based authentication

• Digital Signature

• User digital signing via mobile app, self care portal

• User digital signing via API integration to service provider application

• Digital eSeal signing for the service provider

• Digital signature verification via mobile app, self care portal

• Digital signature verification via API integration to service provider application

• Secure document sharing across entities (upcoming)

What SLA’s does UAEPASS provide?

Please refer to your MoU in case of Government entity or Service Provider Agreement in case you are a private organization with Smart Dubai for UAE PASS.

How can we verify UAEPASS digitally signed document?

Verifying the UAE PASS signature can be done using the mobile application or through the Self Care portal and select the Sign & Verify tab. Select the document you would like to verify and the list of current signatures as well as the validity of the document will be displayed. Service Providers can implement verification in their integration using document signature verification API which is present in toolkit. This service entails single synchronous SOAP based web service call.

How can I apply for e-Seal?

On boarding presentation contains the details related to eSeal. Follow the UAE PASS onboarding welcome email, which contains the onboarding steps and link to the online toolkit folder. Fill the questionnaire where you can specify your eSeal use case and requirements. The link also contains the form & agreement for eSeal, which you need to fill and send back to your assigned UAE PASS onboarding engineer.

Will UAEPASS provide account for organization?

Authorized personnel of an organization are select individuals permitted to represent that organization as deemed appropriate by the Service Provider for their application(s). UAE PASS provides user accounts and associated authentication for verified individuals. Authorization of individuals to represent an organization is to be managed by the Service Provider post authentication. Below is an example of New Zealand Companies Office web application, which is a Service Provider to the RealMe identity platform of New Zealand where a user can choose to continue as an individual or a company;

Below is an example of MoHAP service, that identifies if the Emirates ID is listed as company representative in their authorization database and provides the logged in user to choose to continue their journey as an individual or a company representative;

Example of an for Economic Department sample service handling access to individual and company services for the same authorized UAE PASS user:-

An example experience for Municipality services for individuals and companies;

How will elderly and minors be treated?

Service Provider has to provide different mechanisms (e.g. Over the counter at Service Center or as reach out home assist, etc) to offer their service for elderly and minors; ensuring that no one is left behind.

Authorized representative is another approach that a service provider organization can adopt. Below is reference for Service Canada procedure;

Following is an example of delegation where an authorized representative can execute online services on behalf of a dependent:

A Service Provider could allow authorized individual(s) as representative for dependent(s) such as elderly and minors using a process similar to the above reference of Service Canada.

The Service Provider has to maintain the authorization mapping of the authorized representative(s) against the dependent(s). The basis of such a linking could be the Emirates ID number in case of Citizens/Residents.

Post successful authentication from UAE PASS, the Service Provider application could prompt user to continue as “Self” or as “Representing a dependent”. Representative access can be determined by the Service Provider application business logic that can verify the authorization mapping on the fly against its authorization database containing the list of authorized representative(s) corresponding to the dependent(s).

Are there any charges for integrating and using UAEPASS

There are currently no charges for integrating with UAE PASS. A review shall be done in 2021.

Does UAEPASS support visitors registration?

Visitor can register and upgrade their account using Passport or GCC ID on UAE PASS.

We are facing technical difficulties, how can we report it?

You can report directly on the service desk https://mysupport.smartdubai.ae/smartit/app/#/ OR http://servicedesk.dubai.gov.ae. In case you do not have your credentials, please contact your assigned UAE PASS onboarding engineer or contact [email protected]

We are interested in integrating with UAEPASS, how can we show interest & obtain access to toolkit & relevant documentation?

You can register your interest by accessing https://selfcare.uaepass.ae/developers and

submitting the details under “Request Credentials” form.

Are UAE PASS integration APIs accessible from overseas?

UAE PASS APIs are public; production and Staging APIs are accessible from overseas.

Digital Signature verification - how the verification process is executed in UAE PASS?

The hash value of the document will be compared with hash value which is already embedded in the signature of document. It also checks the validity of signing certificate at the time of verification if needed.

Can two separate eSeal be done for the same document?

Yes, a document can have two eSeal. But one entity can have only one eSeal in a document. (1 certificate per entity)

Is access token expiration customizable at UAE PASS end?

No, token expiration duration is not SP specific and its unified. Access token expiration is currently 3600 seconds (1 hour) in production.

What are the digital content formats that are supported for signing.

PAdES for PDF documents.

CAdES for non PDF documents.

XAdES for XML documents

How to use PADE's, and CADE's signing option, and when to use it?

PAdES format only applies to PDF documents, which is somewhat restrictive, whereas CAdES and XAdES allow to sign any kind of data, including PDF and binary. However, PAdES has the advantage of not requiring customized applications for signing and verifying documents. If Sp needs to sign the binary documents which are encrypted then they can go gor CAdES signing.