Authenticating vendor organisations
| Version | 2025-07-04 |
| Status | draft |
Introduction
This technical agreement descibes how vendor organizations should be authenticated in the context of data exchanges.
Agreements
Decision
Vendor organizations are authenticated on the network level using server- and client-authentication (mutual TLS) based on PKIoverheid-certificates.
Rationale
- PKIoverheid-certificate is a national standard
- All vendor organizations can obtain a PKIoverheid certificate, as long as they are subscribed in the Dutch Chamber of Commerce (KvK).
- Vendor organizations can choose from several service suppliers to obtain a PKIoverheid-certificate
- The PKIoverheid-certificate makes the KvK-number (see Identifying vendor organisations) cryptographically verifiable because it is contained in the PKIoverheid-certificates as attribute
RelativeDistinguishedName.organizationIdentifier(see section 3.1.4 of CPS: https://cps.pkioverheid.nl).