Versions Compared

Old Version 9

changes.mady.by.user Esther Ruiz Ben

Saved on

compared with

New Version Current

changes.mady.by.user Esther Ruiz Ben

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

 

High Assurance Interoperability Profile (HAIP) 1.0 draft 05

Digital Identity Interoperability Profile (DIIP)Release v5

How do Educational digital wallets (i. e. eduwallet) aim to address HAIP and DIIP requirements and challenges?

Protocols and Security (Layer 1)

  • Restrictive Profiles Lockout: HAIP restricts the flexibility of standard protocols to a "secure subset"
  • Verifiable Credential (VCs) Formats Support: Education and research organisations should support EUDIW ecosystem’s requirements for specific VCs formats like SD-JWT VC or ISO mdoc, moving away from legacy PDF-based educational credentials.
  • Wallet Attestation is Mandatory: HAIP mandates that the wallet itself must attest to its own security properties. Issuers (i. e. universities) must verify before trusting a VC request.
  • Issuance Assurance: Educational institutions must be able to issue credentials with high assurance, requiring Holder binding, where the diploma is cryptographically tied to the user's specific wallet. 


  • Secure Credential Issuance: Educational wallets allow institutions to issue credentials directly into the user's wallet as cryptographically signed, tamper-proof electronic attestations.
  • Strong Holder Binding: Educational wallets ensure credential binding to the student's unique EUDI identity, fulfilling HAIP’s high-assurance requirements for preventing fraud and unauthorized use.
  • Qualified Signatures: Educational Wallets support Qualified Electronic Signatures (QES) for documents, facilitating the legal recognition of digital diplomas across Europe.

Wallet implementation, Semantic Interoperability and Data Standards (Layer 2)


  • Multiple Data Formats: Different wallets might request or deliver the same attribute (i.e., "Degree Title") in different formats (i.e., structured JSON vs. flat strings), requiring normalization layers.
  • Multi-Credential Queries: Complex scenarios—i.e. a research partner requesting a PhD degree together with a professional certification—require advanced query logic, such as the Digital Credential Query Language (DCQL)
  • Semantic Normalization: Educational wallets facilitate the mapping of varied educational credentials—such as degree titles—into a standardized format (i.e. ELMO, s. EU Qualifications, Courses & Credentials).
  • Verifiable Attributes: Educational wallets enable users to present combinations of attributes, (i. e. "Completed Bachelor's degree" and “Erasmus student status”) which are verified by the receiving institution's system.

User Experience, self-sovereignty and Adoption. (Layer 3)


  • UX Complexity: DIIP’s user-friendliness might be challenged by the underlying cryptography (signing, proving). Users may find it difficult to understand the difference between storing a digital document and granting access to VCs.
  • Offline/Online Balance: Ensuring that VCs (like a researcher ID) can be verified offline via BLE (Bluetooth Low Energy) might be a significant challenge compared to online transmission.
  • Selective Disclosure: DIIP emphasises that users are enabled to share only necessary data.
  • Surveillance Risk: According to the EDPS over-asking by relying parties might be possible during EUDI wallets usage, increasing the risk of users’ imperceptible/unwilling data disclosure if the verification flow is not properly designed. 
  • Streamlined Admissions & Mobility: Students, Researchers, Docents can share verified digital copies of their credentials reducing administrative burdens and eliminating manual verification of paper documents.
  • Micro-credentials & Lifelong Learning: Educational wallets enable the storage of digital badges and certificates for smaller learning units.
  • User-Centric Data Sovereignty: Users in academia retain full control over their educational records, choosing which data to share and with whom, improving privacy through selective disclosure. The challenge for education and research Institutions is that they must implement "selective disclosure" allowing a user to prove for example that they have a Master’s degree without revealing their university name.


Trust Frameworks and Legal Compliance (Layer 4)

  • Real-time Trust List Validation: Issuers (i.e. universities) and verifiers (i.e. employers) must validate credentials against national and European Trust Lists (LOTL), which change dynamically when issuers are accredited or revoked.
  • Evolving Standards: The Architecture Reference Framework (ARF) is still evolving, meaning implemented solutions requiring a "continuous evolution" approach. 
  • Cross-border Trust: EUDI wallets work within the European Digital Identity Architecture and Reference Framework (ARF) enabling cross-border trust compliance.
  • Qualified Attestations: By utilizing qualified electronic attestations of attributes, the wallets adhere to strict legal requirements for trust, allowing for seamless integration of national institutional systems into the EUDI ecosystem.
  • Educational Trust Framework: Educational wallets base on (ARF), ensuring that a diploma issued in one EU country is recognized as valid in another.
  • eIDAS 2.0 Compliance: Educational wallets are designed to meet the strict legal requirements of the revised eIDAS regulation, which requires EU member states to provide citizens with wallets that provide high security.
  • Qualified Attestations and Verification: Educational wallets use qualified attestations of attributes as well as verifiable logs and cryptographically verifiable credentials (e.g., W3C Verifiable Credentials) to prove compliance.

...