Introduction
European Digital Identity Wallet
...
The eIDAS regulation delegates the technical and architectuaral layer to the eIDAS technical working group, a committee made up of experts delegated from EU member states, who have created the Architecture Refrence Framework (ARF) as the technical guidance on how to implement the ecosystem from a techncial and trust perspective.
The ARF lays out a number of open and less open standards, all with their own governance bodies:
- World Wide Web Consortium (W3C)
- Verifiable Credentials
- Internet Engineering Task Force (IETF)
- SD-JWT-VC
- OAuth 2.0 Attestation-Based Client Authentication
IETF PAR (RFC9126)
IETF DPoP (RFC9449)
- International Organization for Standardization (ISO)
- mDL and mDOC, ISO 18013-5
- OpenID Foundation
- OpenID for Identity Assurance 1.0
- OpenID Federation 1.0
- OpenID for Verifiable Credential Issuance
- OpenID for Verifiable Presentations
- OpenID for Verifiable Credential HAIP
- Decentralized Identity Foundation (DIF)
- World Wide Web Consortium (W3C)
The It should be noted that the above set contains several standards that are not 'mature', and often sometimes still in heavy development. Often also not tested at scale or across multiple sectors. In many of the governance bodies, the precense and hence influence of the R&E community is low.
National implementation profiles
The above standards are generally viewed a sufficient, however, in many cases the details of the specification implementation, like e.g. which specific encryption protocols to support, need to be defined as well to achive interoperability. Also many real world scenarios, also in education, actually do not need the high level of assurance that is mandatory for the EUDI usecase. As a result, and also because ARF is still lacking in several areas, National Initiatives, are emerging to define typically more lightweight profiles with a specific subset of the ARF specifications, and in ather areas fill some of the gaps that still exist in the ARF.
Examples of such initiatives include:
- DIIP (Decentralised Identity Interop Profile) (The Netherlands)
- eudi-wif (Sweden / Italy)
Sectoral
Reserach and education is one of the sectors with a fairly high level of organisation when it comes to standarisation and its governance on the standards
- Identity
- REFEDs is the voice that articulates the mutual needs of research and education identity federations worldwide. REFEDs has over the years defined many specifications that harmonize interoperability between R&E identity federations globally. It is likely this role will continue also into the field of decentralized identity and wallets. REFEDs governance is
- eduGAIN is the interfederation service which connects identity federations around the world, simplifying access to content, services and resources for the global research and education community. eduGAIN comprises over 80 participant federations connecting more than 8,000 Identity and Service Providers.
eduGAIN
- Identity: National federation , eduGAIN & REFEDs
- Educational Credentials: OpenBadges, EMREX, ELMO, others?
Other
- Other: EBSI
Transformative aspects
- We currently have full control over the governance of our AAI ecosystem, it is likely we will need to share at least some of controle in a new wallet ecosystem.
- We currently need to have full controle over our governance, as we are doing a lot of the heavy lifting ourselfs. Goverment identity is less usefull for our day to day processes, and other sectors are not as well organised. In a new wallet ecosystem we may have the opportunity to reuse or recycle technical components, standarts, trust infrastuctures and hence their governance to our benefit. This might be relevant for:
- Software development (issuer/verifier and wallet). High level of inreroperability required for a functioning EU wallet ecosystem may reduce the need to run our own implementations
- Managing definitions and level of assurance of (incoming) identities and credentials. While a lot of our requirements are defined by workflows common in our sector, we may be able to piggyback on processes esteblished elsewhere in the ecosystem
- Trust framework(s)
Opportunities
- Many of the specs are written by small group of people, oppertunity for influence
- Education is seen as a key use case
- IF the trustframe allows for delegation of responsibilities to sectors, we may have an opportunity to align the existing ecosystem with the wallet ecosystem, whih would help us manage/align the governance as well
Risks
- Most EU standarisation is behind closed doors and politisized
- Unclear how EUDI will be goverened in the future
- Unclear how much impact EUDI will have. If it does not go beyond Government based data, our sector will maybe create a parallel ecosystem
Children Display |
---|