MitID (DK)

​MitID is the next generation NemID, and it will replace NemID during 2021/2022.

Enable MitID in your services

MitID is the new eID in Denmark, and it will replace NemID from the Autumn 2021.

More information about MitID:

MitID signing will be available in E-Signing through NemLog-in3.

Migrating from NemID to MitID

In the migration phase from NemID to MitID it is recommended to support both NemID and MitID for document signing as users will be migrated from October 2021 until around first half of 2022.

Timeline for MitID in E-Signing:

  • Customer test:
    • First version with support for SDO: planned the 9th July 2021
    • Second version supporting MitID PAdES and Private MitID for companies: Planned in Q3 2021.
  • Production: No release date set. December 2021 at the latest.

Note: In the first version of signing, you will need to use the "Test login" signing offered at NemLog-in. MitID signing will be available in a coming release from NemLog-in 3.

Not supported:

  • The identification before signing functionality supported for NemID and other eIDs is currently not supported for MitID
  • SSN (CPR) is currently not supported as a SignerID element for MitID.
  • There is no connection between the MitID CPR UUID and NemID PID.

Two signing formats

MitID offers two different signing formats:

  • XAdES
  • PAdES

In the E-Signing service, the XAdES signature will be packaged in a SDO. By using this signing format, E-Signing continues to support that several users can sign one document and that the user can sign with either MitID or NemID (or any other eID supported by E-Signing). The XAdES signature can be extracted from the SDO using the GetSignature call.

MitID will also support PAdES as an output format directly. This can't be used in combination with NemID and it only supports one signature on each document. Read more about MitID PAdES.

Note: E-Signing still supports a PAdES generated based on a SDO where the last page will include all signers of the document. Read more about PAdES generated from SDO.

SignerID

E-Signing offers a functionality to define the signer that will sign a specific document using a SignerID. For NemID, the SignerID is either CPR or the PID from the user's NemID certificate. For MitID, the unique SignerID is currently only the user's CPR UUID. The CPR UUID can be found in the user's signature when using the GetSignature call.

Note: CPR is currently not supported as the SignerID as we are not getting the CPR number during the signing. We are working and investigating options so that we can support CPR number as a SignerID. We are also investigating if the MitID UUID can be set as a SignerID.

User experience

Step 1 - eID selection

The eID selection page is displayed if there are more than one possible eID to display to the user. The usage of the AcceptedPKIs element in the sign order or adding the forcepkivendor parameter to the sign URL can control the number of eIDs to display to the user.  

Step 1 - eID selection.PNG

Step 2 - read document

The document is opened in an iframe. The minimum recommended iframe height is 600px. The document title displayed is the value from the Document -> Title element in the sign order. The reference code is set by NemLog-in3 and this is also displayed when the user authenticates.

Step 2 - read document.PNG 

Step 3 - authentication

The user is redirected to NemLog-in for authentication. The NemLog-in page opens in a new browser window. In the first test version of MitID signing, the customers must use the Test login tab to authenticate. See the test users page for test users.

Step 3 - MitID simulator signing.PNG

Step 4 - sign as private user

Select the user and sign as private user. The document title and reference code is following the transaction.

Step 4 - user.PNG

 

Step 5 - accept terms

The user must accept the terms to complete the signing.

Step 5 - terms.PNG

Step 6 - finalizing document signing

The NemLog-in browser window is closed and the user is directed back to the document signing page. The document is now being signed and the user is directed to the wanted exit url.

Note: The reference code in this step is the same as the reference code for the entire section, but this image is taken from another signing than the above images.

Step 6 - signing.PNG 

Document types and sizes

​​The following document formats are supported using NemID:

  • PDF
  • Text

Note: XML/XSL and HTML may be available later. If you need signing with these formats, please contact support.esecurity@nets.eu to inform us about your need.

The size limit of a document in E-Signing is set to 5 MB base64 encoded document. An encoded document adds approximately 30 % extra to a non-encoded document.

PDF validation

The supported PDF format is based on the PDF format supported by the NemID Signing Client with some exceptions.

See appendix D in https://migrering.nemlog-in.dk/media/fcej4wyk/signeringsdokumentation-v1-0-1.zip

MitID PAdES

MitID offers PAdES as an output format when signing PDF documents and this is supported in the E-Signing service. Each PAdES may only include one signature, and if the sign order includes more than one signer of a document, E-Signing will return one PAdES for each signature.

The MitID PAdES functionality will be supported in E-Signing in the end of Q3. This documentation will be updated closer to that release.

Note: MitID PAdES can't be used in combination with NemID signing.

Authentication-based signing

The E-Signing service offers the possibility to sign a document based on an authentication. To create a sign order with authentication-based signing, please have a look at the authentication-based signing page.

The MitID specific values are listed in the table below:

​Element/parameter​Description​Value
​AuthenticationID​This element can be used to indicate that MitID is one of the eID's the signer can sign with. ​mitid
​SignerID

The SignerID element can specify which user that will sign the document. For authentication-based signing with MitID, this is the user's CPR number.

​IDType: SSN

IDValue: User CPR number

​forcepkivendorThe forcepkivendor parameter can be used to point the user directly to this eID. Read more about forcepkivendor. ​abs:mitid