Many eID providers do not specify the nationality of the end-user in the authentication or signature results. For providers that do not return this information, Signicat might indicate a nationality based on the country of the eID scheme or the country issuing the national identification number (NIN) in question. This means that in some cases Signicat does not return the actual nationality of the end-user. This page explains how to interpret nationality in the context of authentication and signature results.
Signicat does not currently return nationality in ID Token/ user info structures. There are a few exceptions, where the actual nationality of the end-user is returned. This means that OIDC is not affected by the issue described above.
national-identity-country contains the country code of the national identification number specified in the
Some eID methods return the attribute
signicat.nationality, which can contain either the actual nationality of the end-user, if supported by the eID provider, or the country of the eID scheme/ NIN.
Native signature formats
There is a large variety in native signature formats (e.g. PKCS#7, CMS, XMLDSig, SEID-SDO, XAdES, PAdES). Information about the nationality of end-users in signed documents will depend on whether the eID provider and/ or the signature format supports it.
LTV-SDOs have an optional field called
SignerNationality, which is present if
SignerNationalId is present. The content of this field is described in the Signature Packaging Policy document that accompanies each specific signature type.
If authentication-based signature or signed statement is used, the
SignerNationality field will contain either the actual nationality of the end-user, if supported by the eID provider, or the country of the eID scheme/ NIN.