An eID application is the web application (full client) or web service (integrated client) operated by a service provider for the online ID function.

Service provider

A distinction should be made between the three following categories of service providers for the online ID function. In principle, however, the text concept applies to all service providers.

The classic service provider is a natural person or legal entity that requires the electronic proof of identity fulfil its own business purposes.

A certification service provider offers electronic proof of identity via the online ID function as a service for third parties in its own right. This service may only be provided for a one-time identification of the ID card holder (on a case-by-case basis). Technically, a certification service provider does not differ from a classic service provider. It is a special case with additional legal requirements.

An on-site service provider on the other hand, does not offer an electronic proof of identity but a seamless transfer of ID data into an electronic form (on-site reading). The identification of the ID card holder must be carried out in advance by the on-site service provider via a classic photo comparison of persons physically present. The personal identification number (PIN) entry that is not required for on-site reading is replaced by recording the card access number (CAN). The on-site service provider requires a corresponding authorisation certificate.

Framework conditions

The Technical Guideline BSI TR-03128 provides an overview of the legal and technical requirements that service providers must fulfil for the online ID function. An obligation to certify an eID application according to Part 2 of this guideline only exists for certification service providers. However, it is recommended that all service providers create a security concept.

Within the eID infrastructure, an eID application communicates with an eID client according to BSI TR-03124 and with the associated eID server according to BSI TR-03130. Therefore, the successful system integration of an eID application already establishes full interoperability.

Tests of the eID application of a service provider are carried out at the respective eID service provider or at the selected eID server. The eID service provider must provide its service providers with testing facilities as part of the system integration. As an integration test, the integration of the eID application should be carried out in a test environment. The focus here must be on the error-free communication of all components. In addition, the required reactions should be shown in line with Part 1 of the Technical Guideline BSI TR-03130. For example, meaningful error messages are required.

Development system

Since service providers essentially integrate ready-made components (eID servers) and do not develop them themselves, the development system is not relevant here. However, if necessary or useful in individual cases, processes similar to those listed under "Test system" are used.

Test system

For testing purposes, the eID server manufacturer or the eID service provider usually provides its customers with a test application.

Certification service providers are recommended to provide their customers with a test interface for integrating the service into the customer's eID application. This would eliminate the need for the Certification service providers to provide an additional physical test sample card to its customers in most cases.

Active system

In the active system, a user can theoretically use any available eID application with their real ID card. A list of productive eID applications is available on the ID card portal.