Octostack Logo

Digital identity and healthcare infrastructure, built by the people who ship it.

Octostack helps German insurtechs, banks, and gematik-approved providers deliver EUDI Wallet integrations, sectoral IDPs, and compliant Telematikinfrastruktur — founder-led, regulatory-deep, faster than a corporate consultancy.

10+ years in digital identity · 5+ years in gematik / TI · shipped for Tier-1 Krankenkassen, banks, and mobility.

Talk to us See how we work

How we work with you

Five ways to bring Octostack into your team — pick the unit that fits the work.

Hands-on implementation

I pair with your engineers and write production code alongside them. Code, review, ship.

When your team needs senior hands on the keyboard, not slides.

Fixed-scope project

A scoped, time-boxed delivery — for example, gematik VZD onboarding in eight weeks, or an EUDI Wallet holder prototype in a quarter.

When you know the outcome and need it delivered by a deadline.

Fractional CTO

Strategic and technical leadership on retainer — architecture calls, vendor reviews, hiring support, standards and compliance posture.

When you need senior technical judgement without a full-time hire.

Staff augmentation

Embed senior engineers into your team for a sprint, a quarter, or a release. Vetted specialists on demand, released when the work ends.

When your team is short a senior for a specific window.

On-call SRE

Production identity and healthcare systems need expert on-call. Incident response, SLOs, runbooks, post-mortems — for regulated workloads.

When the system is live and the stakes are real.

What we are specialists in

Six areas where we have deep, shipped experience — not slideware.

EUDI Wallet & eIDAS 2.0

Issuer, verifier, and holder components for the European Digital Identity Wallet — ISO/IEC 18013-5 mDL, SD-JWT VC, OpenID for Verifiable Credentials.

  • Issuer and verifier services
  • Holder / wallet integration
  • PID and (Q)EAA flows
  • eIDAS 2.0 conformance support

gematik & Telematikinfrastruktur

Sectoral IDPs, VZD integration, ePA and eRezept adapters, Fachdienst and Zugangsdienst work. We know the specs and the test suites.

  • Sectoral IDP delivery (IDP-Dienst)
  • VZD directory integration
  • ePA and eRezept integrations
  • gematik approval support

Digital identity platforms

OIDC, SAML, FAPI, and verifiable-credential systems for regulated enterprises — federation, strong authentication, and migration off legacy IAM.

  • OIDC / FAPI / SAML federations
  • Strong-auth and MFA rollouts
  • IAM migration and consolidation
  • VC issuance and verification

SRE for regulated systems

Production identity and healthcare systems need engineered reliability — SLOs, runbooks, incident response, and on-call that understands the regulatory context.

  • SLOs and error budgets
  • On-call and incident response
  • Observability for regulated data
  • Disaster-recovery design

Cloud infrastructure

AWS, Azure, and on-prem landing zones for workloads that have to meet BSI C5, ISO 27001, or gematik operational requirements.

  • Landing zones and account structure
  • IaC (Terraform / Pulumi)
  • C5 / ISO-27001 scoped controls
  • Kubernetes for regulated workloads

Software development

Go, Rust, TypeScript for identity and healthcare backends — built test-first, reviewed hard, shipped with their operational story.

  • Backend services in Go and Rust
  • Frontend and wallet apps in TypeScript
  • Test-first, reviewed, observable
  • Written to be operated, not demo'd

Why Octostack

I'm Liang Shi. I've spent more than ten years building digital identity systems — ID providers, OIDC and SAML federations, EUDI Wallet components — and five years deep inside the German Telematikinfrastruktur and gematik.

Octostack is the boutique I run to bring that specialism to CTOs and platform leads who need identity or healthcare infrastructure done right the first time. Tier-1 German Krankenkassen, universal banks, automotive-finance groups, and mobility operators have trusted this work.

We stay small on purpose. You get senior hands, not a delivery pyramid — and when a project needs more, I bring in vetted specialists on demand and release them when the work ends.

— Liang Shi · Founder & Principal Engineer

Shipped for

Three recent engagements. Named clients stay private at their request.

Tier-1 GKV

Sectoral IDP shipped to gematik approval

Production sectoral identity provider for a Tier-1 German statutory health insurer, integrated with the Telematikinfrastruktur.

  • gematik TI
  • IDP-Dienst
  • VZD
  • OIDC

Captive auto-finance

EUDI Wallet holder integration in production

Onboarding flows built on the European Digital Identity Wallet for the captive finance arm of a Tier-1 automotive group.

  • EUDI Wallet
  • eIDAS 2.0
  • SD-JWT VC
  • PID

German universal bank

Enterprise identity platform rebuild

OIDC federation, strong authentication, and migration off legacy IAM for a major German universal bank.

  • OIDC
  • FAPI
  • IAM migration
  • Federation

What you can expect

Regulatory depth

We know eIDAS, BDSG, the gematik specs, and BSI C5 — because we have shipped against them, not because we read the slides.

Senior hands

Every engagement is led by a senior who has been in the trenches. No bait-and-switch from principal to junior after the statement of work is signed.

Ship over slides

Our output is running code, operating runbooks, and a team that can take it from here — not a deck.

Let's talk about your project.

Tell us what you are building and what you are stuck on — we reply within one working day.

Contact Details

Name

Liang Shi

Location

Berlin, Germany

Follow Us