Skip to main content

Authenticating vendor organisations

Version 2025-07-04
Status draft

Introduction

This technical agreement descibes how vendor organizations should be authenticated in the context of data exchanges.

Agreements

Decision

Vendor organizations are authenticated on the network level using server- and client-authentication (mutual TLS) based on PKIoverheid-certificates.

Rationale

  1. PKIoverheid-certificate is a national standard
  2. All vendor organizations can obtain a PKIoverheid certificate, as long as they are subscribed in the Dutch Chamber of Commerce (KvK).
  3. Vendor organizations can choose from several service suppliers to obtain a PKIoverheid-certificate
  4. The PKIoverheid-certificate makes the KvK-number (see Identifying vendor organisations) cryptographically verifiable because it is contained in the PKIoverheid-certificates as attribute RelativeDistinguishedName.organizationIdentifier (see section 3.1.4 of CPS: https://cps.pkioverheid.nl).