iDIN is a Dutch eID scheme directed by the Dutch Payment Association (BVN, Betaalvereniging) and which consists of a collaboration between all major Dutch banks to leverage the familiar authentication process of online banking in order to provide major eID coverage to the Dutch marked.
|Acquirer||The bank of the merchant (or the bank with which the DISP has an agreement)|
|DISP||Digital Identity Service Provider|
|Issuer||The bank of the consumer|
|Merchant||The service provider|
The consumer visits the merchant web site and proceeds to log in with iDIN. The merchant redirects to Signicat and Signicat displays a list of banks that the End-User can choose from. The End-User chooses one of the listed banks and authenticates. Signicat then retrieves a confirmation of a successful authentication in addition to the requested End-User attributes and maps the response to a SAML or OIDC response and redirects back to the merchant.
Conceptually, iDIN is based on the four-corner model analogous to the IDEAL payment scheme:
In the figure:
- CONSUMER is the End-User
- MERCHANT is the service provider
- DISP (Digital Identity Service Provider) is an optional intermediary part between the MERCHANT and the ACQUIRER
- ACQUIRER is the bank of the MERCHANT, or the bank with which the DISP has an agreement
- ISSUER is the bank of the CONSUMER
Signicat enters the iDIN scheme as a DISP, using one or more of the dutch Banks as the acquirer.
Different attributes is available to the merchant when authenticating their users with iDIN. To specify which attributes that is relevant, please contact Signicat Service Desk, at firstname.lastname@example.org. The following classes are available:
The BSN attribute is no longer available through iDIN. To retrieve a Dutch BSN, the Signicat DigiD method must be used. See more about DigiD here: DigiD.
No iDIN specific certificates are needed.
iDIN generates a form with a dropdown of banks to choose from. This from can be added to an iFrame and used as it is and has no styling by default.
Signicat support will help out with the requirements regarding merchant usage and presentation.
Optionally, Signicat’s standard graphical profile can be used for styling. See this page for more info: Graphical adjustments and customization.
Signicat offers 24/7/365 free access to the preproduction environment,.
Starting a transaction in preproduction will result in the following “banks” being available in the issuer list:
The WL Issuer SIM iDIN RABO INT and the Success “banks” will produce successful authentication results with the requested attributes in the response. The other options will produce errors according to the status codes in the dropdown list.
You will not be able to use production bank credentials for testing purposes, however Signicat has built functionality to provide custom test users. If you want to add custom test users to your service, please contact us at email@example.com.