iDIN

About iDIN

iDIN is a Dutch eID scheme directed by the Dutch Payment Association (BVN, Betaalvereniging) and which consists of a collaboration between all major Dutch banks to leverage the familiar authentication process of online banking in order to provide major eID coverage to the Dutch marked.

Product description

Glossary

Acquirer The bank of the merchant (or the bank with which the DISP has an agreement)
Consumer The End-User
DISP Digital Identity Service Provider
Issuer The bank of the consumer
Merchant The service provider

Use case

The consumer visits the merchant web site and proceeds to log in with iDIN. The merchant redirects to Signicat and Signicat displays a list of banks that the End-User can choose from. The End-User chooses one of the listed banks and authenticates. Signicat then retrieves a confirmation of a successful authentication in addition to the requested End-User attributes and maps the response to a SAML or OIDC response and redirects back to the merchant.

Flow diagram

Conceptually, iDIN is based on the four-corner model analogous to the IDEAL payment scheme:

In the figure:

  • CONSUMER is the End-User
  • MERCHANT is the service provider
  • DISP (Digital Identity Service Provider) is an optional intermediary part between the MERCHANT and the ACQUIRER
  • ACQUIRER is the bank of the MERCHANT, or the bank with which the DISP has an agreement
  • ISSUER is the bank of the CONSUMER

Signicat enters the iDIN scheme as a DISP, using one or more of the dutch Banks as the acquirer.

Attrubutes

Different attributes is available to the merchant when authenticating their users with iDIN. To specify which attributes that is relevant, please contact Signicat Service Desk, at support@signicat.com. The following classes are available:

address gender
ageRelated name
consumerId telephone
email

 

The BSN attribute is no longer available through iDIN. To retrieve a Dutch BSN, the Signicat DigiD method must be used. See more about DigiD here: DigiD.

Certificates

No iDIN specific certificates are needed.

Graphical customization

iDIN generates a form with a dropdown of banks to choose from. This from can be added to an iFrame and used as it is and has no styling by default.

Signicat support will help out with the requirements regarding merchant usage and presentation.

Optionally, Signicat’s standard graphical profile can be used for styling. See this page for more info: Graphical adjustments and customization.

Screenshots


Test information

Signicat offers 24/7/365 free access to the preproduction environment, preprod.signicat.com.

Starting a transaction in preproduction will result in the following “banks” being available in the issuer list:

The WL Issuer SIM iDIN RABO INT and the Success “banks” will produce successful authentication results with the requested attributes in the response. The other options will produce errors according to the status codes in the dropdown list.

You will not be able to use production bank credentials for testing purposes, however Signicat has built functionality to provide custom test users. If you want to add custom test users to your service, please contact us at support@signicat.com.

References

http://www.betaalvereniging.nl/

https://www.idin.nl/