You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

European Digital Identity Wallet

EUDIW is part of the eIDAS 2.0 regulation of the European Commission. The regulation lays out several rules and regulation on how wallets should be used and how member states should deploy them. Also several rules lay out the mandatory requirement for member states to make certain data (specfifcally the PID) available for their citizens, and to accept wallets from other countries. Even though all these regulations are high level and typically non technical, the impact of the regulations is very much impactful on the technical layer, as it mandates pan European interoperability and scalable, multi party trust, as wall as significant scalability.

The eIDAS regulation delegates the technical and architectuaral layer to the eIDAS technical working group, a committee made up of experts delegated from EU member states, who have created the Architecture Refrence Framework (ARF) as the technical guidance on how to implement the ecosystem from a techncial and trust perspective.

The ARF lays out a number of open and less open standards, all with their own governance bodies:

    • World Wide Web Consortium (W3C)
      • Verifiable Credentials
    • Internet Engineering Task Force (IETF)
      • SD-JWT-VC
      •  OAuth 2.0 Attestation-Based Client Authentication
      • IETF PAR (RFC9126)

      • IETF DPoP (RFC9449)

    • International Organization for Standardization (ISO)
      • mDL and mDOC, ISO 18013-5
    • OpenID Foundation
      • OpenID for Identity Assurance 1.0
      • OpenID Federation 1.0
      • OpenID for Verifiable Credential Issuance
      • OpenID for Verifiable Presentations
      • OpenID for Verifiable Credential HAIP
    • Decentralized Identity Foundation (DIF)

It should be noted that the above set contains several standards that are not 'mature', and sometimes still in heavy development. Often also not tested at scale or across multiple sectors.

National implementation initiatives

The above standards are generally viewed a sufficient, however, in many cases the details of the specification implementation, like e.g. which specific encryption protocols to support need to be defined as well to achive interoperability. Also many real world scenarios, also in education, actually do not need the high level of assurance that is mandatory for the EUDI usecase. As a result, and also because ARF is still lacking in several areas, National Initiatives, are emerging to define typically more lightweight profiles with a specific subset of the ARF specifications, and in ather areas fill some of the gaps that still exist in the ARF.
Examples of such initiatives include:


Sectoral

    • Identity: National federation , eduGAIN & REFEDs
    • Educational Credentials: OpenBadges, EMREX, ELMO, others?

Other

  • Other: EBSI


  • No labels