STORK: a real, heterogeneous, large-scale eID management system

Verifying who someone is on the Internet is a prerequisite for online services that process sensitive or valuable information. While this has been solved with national or sectorial electronic identification (eID) schemes, general, cross-border solutions are rare. Cross-border eID difficulties have several origins: (i) incompatible national eID models; (ii) different legislations with incompatible objectives; (iii) lack of common language and semantics; (iv) different common procedures, specially in what concerns mandates and delegation; (v) different implementations of the same eID models. These have been addressed by STORK, a project that developed a federated cross-border eID system that was piloted in about twenty European Union Member States in service sectors as sensitive as eBanking and eHealth. STORK designed and implemented a large-scale interoperability framework, allowing different systems of different models to coexist, using a common language with a common semantics and satisfying national privacy legislations. The experience gained from this large-scale pilot fed into EU policy-making, in particular, the recently enacted eIDAS Regulation requiring mutual recognition of eID by 2018 has been directly influenced by STORK and its lessons learned.