The new Danish eID, MitID, will be launched summer 2021. "Long time to go", you may think, but perhaps now is the time to start preparation? Because as a service provider using NemID today, you will have to act.
This blog post sums up the changes from NemID, the questions you should ask before you plan the use of MitID for your services, and why Signicat is your best choice as partner (broker) for both MitID and other eID-related matters.
A lot, notably the following:
No service provider can integrate directly to MitID. You must use a broker, which is a licensed service acting as an gateway between you and the MitID infrastructure.
Migration from NemID to MitID: According to the plan there will be a 6 months transition period from NemID to MitID, summer 2021 to end of 2021, you will be obliged to support both MitID and NemID in the migration period. This can be handled by your broker.
MitID is a personal eID. There is nothing like MOCES, the employee version of NemID. Do not worry. Your broker has access to an interface that can be used to supply company/employee roles with MitID. This means employees at your business customers can use their private MitID in combination with a verification of the company being represented.
MitID does not support signing. MitID is a pure authentication solution. If you need signing, you must get that as an additional service, from your broker or from someone else.
Behind the scene, an infrastructure for single sign-on (SSO) between services is established. With MitID, you are able to do "single sign on" between your applications or partners, for instance between an insurance company and a bank.
The MitID infrastructure will enable brokers to utilise context information to evaluate the risk of the situation at hand. You may be alerted, or the broker may itself ensure that the authentication level is stepped-up, in case the context of the authentication is suspicious.
The points above largely explain why you need a broker. There is a complexity in the system that your broker should hide from your services, while still making the desired functionality available.
So, your action for MitID is to select the broker that best suits your needs. Then enter an agreement with that broker and change your services to integrate towards the broker’s interface. These are the 6 steps in the form of questions you should ask to find the right broker:
1) What are my eID needs now and in the future?
If all you need is MitID authentication for access to your services, then even the simplest broker service should do. But perhaps, if you think it over, there may be more. Perhaps you need a broker that can help you in additional markets to Denmark or with unique extra features increase user experience and security.
2) How do I handle the NemID to MitID transition?
You may keep your existing NemID integration and use the broker only for MitID. But it is easier if you use a broker that covers both. That way, the transition will essentially just happen without affecting your services.
3) How important is the solidity, trustworthiness and competence of the broker?
Although broker is a licensed role that requires third-party audit against requirements, different types of actors are likely to take the role. You may want to consider a broker that has proven experience in the field. The “login with MitID” part of your online services is the first step that meets your customers and essential for reaching the services you offer. Availability is therefore extremely important.
4) Do I need signing?
You use NemID signatures today or you consider signing to be useful in the future? Then you must either select a broker that also provides a signing service or ensure that you can buy signing from someone else. The two functions may be separated but take care.
5) Is SSO with partners’ services a good idea?
If yes, then select a broker that supports SSO. Perhaps your partner uses another broker than you? Ensure you select a broker that supports the MitID infrastructure’s possibilities for SSO between brokers. Then it is up to your partner’s broker to also comply.
6) Can identity-related services be something that distinguishes me from competitors?
Yes, if you select a broker that do not merely provide MitID, but that can be your partner in a broad sense for your services’ use of identity-related services. Someone with a broad range of advanced services and a forward-looking attitude to new opportunities. And someone that cares for customers.
The short answer is that the broker role is part of Signicat’s DNA, plus we offer the most comprehensive set of auxiliary services in the market. Signicat is in the process of being certified MitID broker and we are following the MitID project plan step by step. Let us look at the questions one by one.
To answer question 1, Signicat will of course support all functionality related to MitID. Then, we add the about 25 different eIDs and eID schemes that we additionally cover through a common broker interface. That is every eID that exists in Denmark, Norway, Sweden and Finland plus Benelux, Germany, the Baltics and more. And both number of eIDs and number of countries covered are steadily increasing. Today, NemID is one of those eIDs. Tomorrow, MitID will be another one.
And for question 2, of course MitID and NemID will be seamlessly supported during the transition period. With Signicat, you will hardly notice the transition.
Regarding question 3, Signicat is the most reliable partner you can find. We are Europe’s leading provider of identity-related services. Our 165 employees at 11 office locations across Europe serve more than 800 service providers, mainly in highly regulated industries such as finance. Signicat’s cloud services have no problem matching the demanding requirements that are set for MitID. Broker certification is something we know; we have recently been through that process in Finland.
Then, on question 4, Signicat has the most comprehensive signing solution in the market, yet remarkably easy to integrate. If you want this, the easiest option is of course to select Signicat as broker. But our signing service is available also to service providers that use another broker for MitID authentication. Since MitID does not itself support signing, two of the signing options that Signicat offers are singled out: Advanced electronic signature in the form of authentication-based signing, and qualified electronic signature based on MitID authentication. The qualified alternative uses the same technological approach as the signing solution for NemLog-in3, but further enhanced by the full versatility that Signicat Sign can offer.
Regarding question 5, although we state above that MitID will be “just another eID” for our eID hub, this is not the entire truth. The MitID infrastructure has functionality and hence also complexity beyond what is normally found for an eID scheme. SSO is just one of those functionalities. The clear statement from Signicat is that we will support all functionality available – professional roles (the Ervervs-API), SSO internally and with other brokers, use of risk data for authentication context. The MitID specifications show three broker models: Package (simple broker setup), Standard (use of standard MitID user dialogue), Flexible (user dialogue and user experience tailored by the broker). Signicat will offer the Standard and Flexible models according to what best serves the needs of the different customers.
The service providers that ask question 6 are Signicat’s favourite customers. Those that demand the extra from their supplier and use us as a partner in developing best in class identity solutions for their services. Perhaps you want your own eID built into your app or as a separate app? Get that white-labelled from Signicat promoting your own brand and with onboarding by MitID or other means. And if you are into onboarding, have a look at Signicat’s services for doing this in compliance with applicable regulations for KYC, AML and more, covering “the world”. Anything else we can do for you? We by the way care for all customers, not only the demanding ones.
You can find more information about the Signicat broker service, with NemID as excample, on our developer pages. We will continuously add more information about MitID, as we receive it from Digitaliseringsstyrelsen. Write to us at: firstname.lastname@example.org and you will be notified on the latest updates. Try it out at https://developer.signicat.com
We will ensure that you can start testing MitID and the functionality of its infrastructure as soon as something is released from the MitID supplier. Interested? Sign up to our MitID newsletter. Or contact our Danish team.
Product Manager at Signicat
January 17 2020