European Union Identity Wallet (EUID Wallet).

by Xavier Martínez – Gradiant

The EUID Wallet is an initiative supported by the European Comission that consists in the definition and creation of a digital wallet that will allow European citizens and businesses to securely access online services across the European Union. Last February, the latest specification of the EUID Wallet was published. This document provides a reference framework for the digital wallet, including the protocols, standards, and data models used in the system. It describes the technical standards and specifications that will be used to ensure interoperability and security between different components and systems.

According to the document, the European Digital Identity Wallet Ecosystem is comprised of four key groups:

  • End Users: Individuals or organisations that will use the EUID Wallet for managing the lifecycle of their digital identity credentials to access online services.
  • Service Providers: Entities that offer services to end users, and that will control access to them by verifying users using the EUID wallet.
  • Identity Providers: Entities that issue digital identities to the end users after correctly identifying them.
  • Attribute Providers: Entities that provide specific attributes related to an end-user’s identity.

The document also outlines the requirements for issuing Personal Identity Documents (PIDs) and Qualified Electronic Authentication Certificates (QEAAs) within the context of the European Digital Identity Wallet initiative. The importance of compliance with the eIDAS regulation, the need for secure identification and authentication mechanisms, data quality, security, interoperability, and auditability are specially reflected in the document.

This specification provides a reference architecture for the digital wallet, with the next functional blocks:

  • Cryptographic Device: Cryptographic primitives, material and operations, including secure hardware (TEEs, HSMs, etc.).
  • Data Storage Components: User identifiers, attributes, personal data.
  • Wallet Creation Application: PID/EAA Presentation.
  • Wallet Driving Application: User interface.
  • Relying Party Interface: Wallet interface to (Q)TSP, (Q)EAA providers, Member States Infrastructures, National e-ID, Relying Parties, and other sources.

It is also very important to note the alignment between this european inititative and another very important one, EBSI. In the wallet configuration section, it is stated that the main protocols for issuance and attestation exchange are OpenID4VCI and OpenID4VP respectively. These are also the protocols that the identity model defined in EBSI adopted in their latest version. Related to this, IMPULSE digital wallet is conformant with the latest specification of the EBSI, after successfully passed the EBSI Conformant Testing, and it aims to also be aligned with the EUID wallet reference framework.