Use case: Middleware to Proxy

A user from Member State D (Middleware scheme based country) accesses an online Service in Member State A (Proxy scheme based country).

Components

The diagram below illustrates the main actors and components of the eIDAS solution. It shows:

• Two Member States, Member State A (a Proxy scheme based country) and Member State D (a Middleware scheme based country).
• A user from Member State D requesting access to an online Service in Member State A.
• In Member State A (Proxy / Receiving Member State):
  • A Service Provider (public administration or private online Service Provider).
  • A National Identity Provider
  • An eIDAS-Node, consisting of:
  • • An eIDAS-Connector,
    • Member State D Middleware-Service.
• In Member State D (Middleware / Sending Member State):
  • A National Identity Provider.
  • An eIDAS-Node, consisting of:
    • Member State D Specific Middleware.
      
      

Use case description

1. The user of Member State D (a Middleware scheme based country) requests access to the Service Provider in Member State A (a Proxy scheme based country).
2. The Service Provider sends a request to authenticate the user, usually via the National Identity Provider that forwards it to the eIDAS-Connector. The Member State specific implementation translates the country ID protocol to the eIDAS protocol. (In some cases, the Service Provider can send this request directly to the Connector in the same country.)
3. On receipt of the request, and if the home Member State of user was not already pre-selected by the requesting relying party, the eIDAS-Connector asks the user for their country of origin.
4. When the country of origin is selected, an eIDAS Request is created by the eIDAS-Connector and then sent to the Member State D Middleware-Service which conveys it to the Member State D Specific Middleware.
5. The user authenticates using their national electronic identity in their country D. Depending on the implementation there may be two additional steps within step 5 for the user:
   1. To select the attributes to be provided (therefore giving consent);
   2. To agree the values of the attributes to be provided.
   Note: Depending on the Middleware solution, there may be a variation to step #4 and #5. User authentication may be performed directly by the MS D Middleware Service hosted by Member State A.
6. Once the user is authenticated, the Member State D Specific Middleware responds back to the Member State D Middleware-Service hosted in Member State A with the identity information of the user. This is used to create the eIDAS Response which is sent to the eIDAS-Connector in Member State A.
7. The Member State specific part in the eIDAS-Connector uses the eIDAS Response to reply to the Service Provider; again usually via a local Identity Provider.
8. The Service Provider grants access to the user if the authentication is successful. 

Interaction with the user only happens in stages 1, 3, 5 and 8. The remainder of the process is automated and invisible to the citizen.