alt Hacker NewsIt is a bit more complex tham that.
Logius is the company that actually owns and manages the DigiD stack, it's just that they hired Solvinity for their expertise. AFAIK Solvinity can't access the data.
I can't find it right now, but on Tweakers there was a long comment by someone on the inside that explained Logius basically had almost no know-how of how the current stack works, and there's lots of bespoke stuff. Basically classic vendor lock-in. The government (rather, Logius) now really wants to transition away from Solvinity, but that will likely be a 5+ year process.
I also feel like this is another thing that the "fast ring" of the EU should do together. Take Estonia's stack as a base, and then countries like Sweden, Denmark, Finland, The Netherlands adopt it and co- develop it. Make it extensible for the bespoke things the countries need, and every few years check which bespoke extensions can actually be generalized and modularized. Would lead to a much better product. A man can dream :)
Replies
> AFAIK Solvinity can't access the data.
Solvinity is the hoster. It can fully access the stack.
How can you be sure that Solvinity can't access the data if Logius doesn't know how the current stack works? 5+ years to migrate sounds really bad.
Estonia's tech was cool maybe 20 years ago. From what I understand it's a bit too hard on fetishization of PKI and Ukraine goes too hard on apps. Netherlands actually gets it really well with DigId that is doing bare minimum needed to actually perform eidas stuff without getting into the woods with legally blessed asn1 schemas and oid [0].
I'm not sure what bespoke stuff they invented to get their sweet vendor lock in eurobucks, but the whole thing is nothing more than an OAuth provider for 19 million people. I guess NFC integration in the app that reads physical ids is on a fancier side, but I suspect on that side it's vendor locked by card vendor and their SDK.
Logius is actually not a company but a part of the dutch (national) goverment.
The German eID stack does also work well, just as the Austrian one does.
Tbh I like the German one even better because you need your physical Identity Card and can use your phone as the reader
> I also feel like this is another thing that the "fast ring" of the EU should do together. Take Estonia's stack as a base, and then countries like Sweden, Denmark, Finland, The Netherlands adopt it and co- develop it. Make it extensible for the bespoke things the countries need, and every few years check which bespoke extensions can actually be generalized and modularized.
Argentina's ministry of education did something like this with university software. The one used by students to sign up and by teachers to track grades, etc. There's a single open source modularised, customisable system made country-wide, and public universities customise it to their needs.
Before this initiative, every university was implementing their own software from scratch. In many cases, different faculties (e.g.: Engineering, Natural Sciences, Humanities, etc) each had their own software development teams developing their own independent software stack.