You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

Introduction

European Digital Identity Wallet

EUDIW is part of the eIDAS 2.0 regulation of the European Commission. The regulation lays out several rules and regulation on how wallets should be used and how member states should deploy them. Also several rules lay out the mandatory requirement for member states to make certain data (specfifcally the PID) available for their citizens, and to accept wallets from other countries. Even though all these regulations are high level and typically non technical, the impact of the regulations is very much impactful on the technical layer, as it mandates pan European interoperability and scalable, multi party trust, as wall as significant scalability.

The eIDAS regulation delegates the technical and architectuaral layer to the eIDAS technical working group, a committee made up of experts delegated from EU member states, who have created the Architecture Refrence Framework (ARF) as the technical guidance on how to implement the ecosystem from a techncial and trust perspective.

The ARF lays out a number of open and less open standards, all with their own governance bodies:

    • World Wide Web Consortium (W3C)
      • Verifiable Credentials
    • Internet Engineering Task Force (IETF)
      • SD-JWT-VC
      •  OAuth 2.0 Attestation-Based Client Authentication

      • IETF PAR (RFC9126)

      • IETF DPoP (RFC9449)

    • International Organization for Standardization (ISO)
      • mDL and mDOC, ISO 18013-5
    • OpenID Foundation
      • OpenID for Identity Assurance 1.0
      • OpenID Federation 1.0
      • OpenID for Verifiable Credential Issuance
      • OpenID for Verifiable Presentations
      • OpenID for Verifiable Credential HAIP
    • Decentralized Identity Foundation (DIF)

It should be noted that the above set contains several standards that are not 'mature', and sometimes still in heavy development. Often also not tested at scale or across multiple sectors. In many of the governance bodies, the precense and hence influence of the R&E community is low.

National implementation profiles

The above standards are generally viewed a sufficient, however, in many cases the details of the specification implementation, like e.g. which specific encryption protocols to support, need to be defined as well to achive interoperability. Also many real world scenarios, also in education, actually do not need the high level of assurance that is mandatory for the EUDI usecase. As a result, and also because ARF is still lacking in several areas, National Initiatives, are emerging to define typically more lightweight profiles with a specific subset of the ARF specifications, and in ather areas fill some of the gaps that still exist in the ARF.
Examples of such initiatives include:

Sectoral

Reserach and education is one of the sectors with a fairly high level of organisation when it comes to standarisation and its governance on the standards

  • Identity
    • REFEDs is the voice that articulates the mutual needs of research and education identity federations worldwide. REFEDs has over the years defined many specifications that harmonize interoperability between R&E identity federations globally. It is likely this role will continue also into the field of decentralized identity and wallets. REFEDs governance is
    • eduGAIN is the interfederation service which connects identity federations around the world, simplifying access to content, services and resources for the global research and education community. eduGAIN comprises over 80 participant federations connecting more than 8,000 Identity and Service Providers.
      eduGAIN


    • Identity: National federation , eduGAIN & REFEDs
    • Educational Credentials: OpenBadges, EMREX, ELMO, others?

Other

  • Other: EBSI


  • No labels