Many eID providers do not specify the nationality of the end-user in the authentication or signature results. For providers that do not return this information, Signicat might indicate a nationality based on the country of the eID scheme or the country issuing the national identification number (NIN) in question. This means that in some cases Signicat does not return the actual nationality of the end-user. This page explains how to interpret nationality in the context of authentication and signature results.
Authentication
OIDC
Signicat does not currently return nationality in ID Token/ user info structures. There are a few exceptions, where the actual nationality of the end-user is returned. This means that OIDC is not affected by the issue described above.
SAML2
The attribute national-identity-country
contains the country code of the national identification number specified in the national-identity
attribute.
SAML1
Some eID methods return the attribute signicat.nationality
, which can contain either the actual nationality of the end-user, if supported by the eID provider, or the country of the eID scheme/ NIN.
Signatures
Native signature formats
There is a large variety in native signature formats (e.g. PKCS#7, CMS, XMLDSig, SEID-SDO, XAdES, PAdES). Information about the nationality of end-users in signed documents will depend on whether the eID provider and/ or the signature format supports it.
LTV-SDO
LTV-SDOs have an optional field called SignerNationality
, which is present if SignerNationalId
is present. The content of this field is described in the Signature Packaging Policy document that accompanies each specific signature type.
If authentication-based signature or signed statement is used, the SignerNationality
field will contain either the actual nationality of the end-user, if supported by the eID provider, or the country of the eID scheme/ NIN.