Digital

Page tree

Skip to main content


eID Documentation

Use case: Middleware to Middleware


A user from Member State C (Middleware scheme based Sending country) accesses an online Service in Member State D (Middleware scheme based Receiving country).

Components

The diagram below illustrates the main actors and components of their eID solution. It shows:

  • Two Member States, Member State C and D, both of which are Middleware scheme based countries.
  • A user from Member State C requests access to an online service in Member State D.
  • In Member State D:
    • A Service Provider (public administration or private online Service Provider).
    • A National Identity Provider.
    • An eIDAS-Node, consisting of:
      • A Connector
      • Member State C Middleware-Service.
  •  In Member State C:
    • The National Identity Provider.
    • An eIDAS-Node, consisting of:
      • Member State C Specific Middleware.



Use case description

  1. The user of Member State C (a Middleware scheme based country) requests access to the Service Provider in Member State D (a Middleware scheme based country).
  2. The Service Provider in Member State D sends a request to authenticate the user, usually via the National Identity Provider that forwards it to the Connector. The Member State specific implementation translates the country ID protocol to the eID protocol.
  3. On receipt of the request, and if the home Member State of user was not already pre-selected by the requesting relying party, the eIDAS-Connector asks the user for their country of origin.
  4. When the country of origin is selected, an eIDAS Request is created by the eIDAS-Connector and then sent to the Member State C Middleware-Service which conveys it to the Member State C Specific Middleware.
  5. The user is authenticated using their national electronic identity in their country. Depending on the implementation there may be two additional steps within step 5 for the user:
    1. To select the attributes to be provided (therefore giving consent);
    2. To agree the values of the attributes to be provided.
    Note: Depending on the Middleware solution, there may be a variation to step #4 and #5. User authentication may be performed directly by the MS C Middleware Service hosted by Member State D.
  6. Once the user is authenticated, the Member State C Specific Middleware responds back to the Member State C Middleware-Service (hosted by Member State D) with the identity information of the user. This is used to create the eIDAS Response which is then sent to the eIDAS-Connector in Member State D.
  7. The Member State specific part in the eIDAS-Connector uses the eIDAS Response to reply to the Service Provider, again usually via a local Identity Provider.
  8. The Service Provider grants access to the user if the authentication is successful. 

Interaction with the user only happens in stages 1, 3, 5 and 8. The remainder of the process is automated and invisible to the citizen.

« Middleware to proxy   How to notify an eID scheme? »