Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Interoperability in the context of identity wallets and credentials refers to the ability of different systems, platforms, and entities to work together seamlessly to manage, verify, and share digital identities. This ensures that identity wallets and distributed identity systems, which rely on decentralised technologies, can operate across various domains and jurisdictions. Interoperability is critical for widespread adoption and trust in digital identity ecosystems. It can be categorised into several key aspects: Organizational, Legal, Semantic, and Technical.

Organisational Interoperability

Organisational interoperability focuses on involves aligning the goals, workflows, and responsibilities of different entities involved in identity wallets and distributed identity systems. This includes. Our approach begins by focusing on the Research and Education (R&E) sector in the EU and EEA, with an emphasis on alignment with the European Digital Identity (EUDI) Wallet initiative. This initial phase targets four key organisational categories:

  1. National Research and Education Networks (NRENs)
  2. Collaborative R&E initiatives, such as Erasmus Without Paper, that operate across institutional and national boundaries.
  3. Higher education institutions, including universities and colleges, acting as credential issuers, verifiers, and relying parties.
  4. Administrative bodies linked to institutions, such as those providing student services or managing third-party integrations.

Organisational interoperability in this context also requires:

  • Collaboration between Stakeholders: Ensuring that organisations such as governments, R&E institutions, and private companies can coordinate their efforts. For example, a government-issued digital ID EUDI credential should be usable by an R&E service (acting as a verifier).
  • Shared Processes: Establishing common protocols processes for user binding, identity issuance, verification, and revocation across organisations. For instance, standardising how a university issues a -issued digital diploma that can should be verified verifiable by an employer’s identity system across borders.

In later phases, this work will expand to address global interoperability needs, enabling cross-border interactions with non-EU ecosystems

Legal Interoperability

Legal interoperability ensures that identity wallets and distributed identities comply with diverse legal frameworks across jurisdictions. Key considerations include:

  • Regulatory Compliance: Adhering to laws like GDPR, or other data protection regulations (outside of EU). For example, ensuring that a distributed identity system allows users to control their data as per GDPR’s “right to be forgotten.”forgotten”. In R&E processes, this involves ensuring that credentials issued by universities or research institutions, such as digital diplomas or researcher IDs, comply with data protection laws. For instance, R&E institutions must implement mechanisms to allow students or researchers to revoke or update their credentials, ensuring compliance with GDPR’s data subject rights, such as the right to erasure or rectification. 
  • Cross-Border Recognition: Enabling legal recognition of digital identities across countries, such as mutual recognition agreements for eID credentials between nations. In R&E, this includes ensuring that digital credentials, like academic degrees or certifications issued by a university in one country, are legally recognised by institutions or employers in another country. This will require agreements between NRENs or other bodies to establish trust frameworks that validate the authenticity and legal standing of credentials across borders.
  • Liability Frameworks: Defining who is responsible in case of identity misuse or data breaches, especially in decentralised systems where accountability can be unclear. In R&E processes, liability considerations arise when determining who applies an e-seal to a credential, such as a digital diploma. For example, an NREN or a Qualified Trust Service Provider (QTSP) under eIDAS may be responsible for applying the e-seal to ensure its authenticity. Legal implications include defining liability for misuse of the e-seal, ensuring compliance with eIDAS requirements for electronic signatures and seals, and establishing accountability in case of fraudulent credential issuance or verification failures in R&E systems.

Semantic Interoperability

Semantic interoperability ensures that different systems interpret and understand identity data consistently. This involves:

  • Common Data Models: Using standardised schemas for identity A data model defines the structure and relationships of data elements, providing a framework for how identity information is represented and exchanged. Using standardised attributes, such as those defined by the W3C Verifiable Credentials Data Model, OpenID4VC etc, to ensure ensures a “date of birth” or a "person identifier" field is interpreted the same way are consistently structured and interpreted across systems.
  • Ontology Alignment: Agreeing on the meaning of terms, such as what constitutes a “verified identity” or a “trusted issuer,” to avoid miscommunication.
  • Interoperable Formats: Supporting formats like JSON-LD for credentials to ensure data can be read and processed by different identity wallets.

...

  • Schemas for understanding credentials: Schemas define the specific structure and required attributes for credentials, such as those used in ELM, OpenBadge, EMREX, ELMO, but also different isolated schemas at the national level. These schemas must be interoperable to allow credentials issued in one system to be understood and verified in another. For example, a schema for a digital diploma must specify fields like issuer, recipient, and issuance date in a standardised way.
  • Profiles: Profiles are sets of specifications or configurations that define how standards and protocols are implemented to achieve interoperability.

End-to-end Interoperability

Technical interoperability ensures that the underlying technologies of identity wallets and distributed identity systems can work together. This can be broken down into several subcategories (see also Educational interoperability by SURF):

Users & Services

  • Ensuring that identity wallets provide a consistent user experience across different platforms (e.g., mobile apps, web interfaces).
  • Supporting seamless interaction between users and services, such as using a single identity wallet to log into both a government portal and an R&E service

Organisation & Processes

  • Aligning technical workflows, such as how identity providers issue credentials and how relying parties verify them.
  • Automating processes like credential revocation or updates across decentralised systems to ensure consistency.

Application & Information

  • Enabling applications to share and process identity data securely, such as through APIs that support standards like OpenID Connect or DIDComm.
  • Ensuring information integrity and security during data exchange, such as using cryptographic signatures to prevent tampering.

Standards & Technology

  • Adopting common standards like OpenID4VC, W3C Decentralized Identifiers (DIDs), Verifiable Credentials, and protocols like DIDComm.

Governance & Legislation

  • Implementing governance frameworks that define technical rules
  • Ensuring technical systems align with legal requirements, such as incorporating privacy-by-design principles to comply with data protection laws.