Other

Attributes indicating nationality of end-users

160 views April 23, 2020 April 29, 2020 0

Many eID providers do not specify the nationality of the end-user in the authentication or signature results. For providers that do not return this information, Signicat might indicate a nationality based on the country of the eID scheme or the country issuing the national identification number (NIN) in question. This means that in some cases Signicat does not return the actual nationality of the end-user. This page explains how to interpret nationality in the context of authentication and signature results.

Authentication

OIDC

Signicat does not currently return nationality in ID Token/ user info structures. There are a few exceptions, where the actual nationality of the end-user is returned. This means that OIDC is not affected by the issue described above.

SAML2

The attribute national-identity-country contains the country code of the national identification number specified in the national-identity attribute.

SAML1

Some eID methods return the attribute signicat.nationality, which can contain either the actual nationality of the end-user, if supported by the eID provider, or the country of the eID scheme/ NIN.

Signatures

Native signature formats

There is a large variety in native signature formats (e.g. PKCS#7, CMS, XMLDSig, SEID-SDO, XAdES, PAdES). Information about the nationality of end-users in signed documents will depend on whether the eID provider and/ or the signature format supports it.

LTV-SDO

LTV-SDOs have an optional field called SignerNationality, which is present if SignerNationalId is present. The content of this field is described in the Signature Packaging Policy document that accompanies each specific signature type.

If authentication-based signature or signed statement is used, the SignerNationality field will contain either the actual nationality of the end-user, if supported by the eID provider, or the country of the eID scheme/ NIN.

Was this helpful?