This document describes the overall architecture related to ETSI MSS.
ETSI MSS comprises the architectural components and dependency systems listed in the following table:

Component	DESCRIPTION
SSO Server	The SSO server product against which the User authenticates
Authentication Server (UAS)	A component of SSO server. Some configuration changes are applied specifically to this component or its files.
Mobile PKI method (MPKI)	An SSO Server method that handles sending and receiving of ETSI MSS requests to MSSP. Conforms to ETSI TS 102 204 standard
Security Assertion Markup Language Service Provider (SAML SP)	A SAML-based service provider configured to intercept authentication requests on behalf of a web application server
Mobile Signature Service Provider (MSSP)	Mobile Phone Operator's service that supports sending SMS authentication requests and returning responses to SSO for verification. Conforms to ETSI TS 102 204 standard
Web application	A web application integrated to SSO by using SAML SP.
Mobile phone	User's mobile phone.
Browser	User's compatible web browser.

Basic Login Sequence

This section describes ETSI MSS login sequence in simple terms.
Figure 1 Presents a simplified ETSI MSS login sequence:


Figure 1 Simplified ETSI MSS login sequence

The following steps describe the sequence presented in Figure 1.

User initiates authentication process using a web browser
SSO Server prompts for user's mobile phone number and an optional misuse prevention code, and sends the authentication request to a MSSP (mobile operator).
MSSP sends the request to User's mobile phone.
User signs the request and sends the signature back to the MSSP.
MSSP sends the signature with user's certificate back to SSO Server where the signature is verified.

Detailed Login Sequence Diagram

Figure 2 presents the login sequence in more detail:


Figure 2 Detailed login sequence

Limitations

Here are listed the known limitations related to ETSI MSS.

Only asynchronous messaging mode is supported
The only supported signature profile is authentication
Refer to MSS FiCom Implementation guideline 2.2 for an explanation of the terms.

Browser not supported