[bondarchuk]

How this is used in practice is when you log in to a government site, you provide your DigiD account name and password, and then (often but not always) verify that it's really you with either SMS or (apparently) by scanning a document with NFC. Since it's just a single-use authentication I don't see a particular problem with doing it on another device. The actual government interaction after you're logged in happens on the website anyway, not your friend's phone.

btw I see that attaching an nfc reader to your computer is also supported.

[Freak_NL]

> btw I see that attaching an nfc reader to your computer is also supported.

Theoretically supported, or actually possible?

As it stands, DigiD must be used with either the Android or the IOS app in the 'Substantieel' mode of authenticity verification when accessing health care records. This is likely to be pushed to other uses of DigiD as well eventually.

[bondarchuk]

I didn't get that from the app, I just went to mijn.belastingdienst.nl > "Inloggen op Mijn Belastingdienst" > "Inloggen met DigiD" > "Met mijn identiteitskaart", there you have to choose a device and you can pick either a smartphone or a computer with NFC reader. Didn't verify that it works but since the option is there...

[noirscape]

To my memory, the way that works is that there is a second app that you can use to scan document IDs (it's the same one used to transfer ID verification to a non-NFC supported phone actually) and you can scan the document with that and it'll act as a password during the regular login flow.

It does require a separate one-time activation of that specific ID card with the government (a physical letter gets mailed to your address with a code to activate that card on next login), but after that it's mostly painless.

If I'm gonna guess, it's intended for people that for whatever reason can't have a consistent DigiD app to login with (ie. Developer devices that are frequently reset over and over and would lose their regular login).

[Tijdreiziger]

The 'Hoog' level seems to allow computer-connected readers, though. This should theoretically be a superset of 'Substantieel'. Windows and Mac only, though.

https://www.logius.nl/domeinen/toegang/digid/hoe-werkt-het

[radicalbyte]

That might change when the new EIDAS regulation is released (the levels come from that legislation).

[Tijdreiziger]

The page I linked states that DigiD ‘Hoog’ conforms to the highest eIDAS level.

[radicalbyte]

Yup, eIDAS is currently being amended / extended, it's driving the entire data wallet ecosystem.

[Tijdreiziger]

Oh interesting, I didn’t know about that. Is there a place I could read more?