Middleware architecture for cross-border eID

Many European states have issued electronic identities (eID) to its citizens since the early 2000s. Several have reached full coverage and usually high assurance credentials, such as smartcards, USB crypto tokens, or mobile phone eIDs are used. This lead to an impressive security infrastructure to authenticate at online services that, however, evolved as national silos - interoperability was no priority for a while. To overcome this, 18 European states have joined forces in the large scale pilot STORK. A SAML-based technical solution for cross-border eID federation between states has been designed, implemented, and finally piloted in a number of production services. In this paper we present the STORK middleware architecture that has been developed by Austria and Germany. Its main characteristic is a decentralized deployment that gives some end-to-end security and privacy advantages, but also needs particular attention to meet scalability challenges. This is compared to the STORK proxy model, an alternative centralized deployment approach that was chosen by other states. Federation between the two architectures is described, with particular attention to security and privacy aspects.