Towards a Mobile-First Cross-Border eID Framework

The eIDAS technical framework has been successfully enabling cross-border e-government processes for many years. When initially conceived, today’s user habits and the prevalence and ubiquity of smartphones was nothing but a glimmer on the horizon. As a consequence, the concepts, technologies chosen, and technical standards used to carry out cross-border authentication were designed and chosen with browser-based user flows in mind. In this context, the network of eIDAS nodes and the interfaces defined to integrate them with all kinds of different national eID systems has stood the test of time. At the same time, however, transitioning these workflows to a mobile setting presents various significant challenges: Instead of using a single application (a web browser) to orchestrate the interaction of eID systems, eIDAS nodes and e-government service frontends (mostly using SAML), users are accustomed to using distinct native apps for every service and for interacting with eID systems. This work discusses different concepts essential for transitioning from such browser-based user flows to native app-to-app communication and combines them into a coherent concept. It presents a framework, which maintains browser compatibility, while at the same time providing all the benefits of native mobile apps, taking currently deployed eIDAS-based cross-border authentication to the next level by making it mobile-first, all without requiring invasive changes to existing infrastructure. As will be shown, a slew of technical constraints to overcome makes this a lofty goal, especially considering the heterogeneity of national eID systems which must obviously integrate well with the proposed concept.