Pragmatic Standardisation for Coop Credentials: EU eIDAS 2.0

What is the EU doing on Digital ID and ID Wallets?

This relates back to the earlier post about likely de-facto ‘wallet’ standardisation set by market dominance in mobile device, operating system or browsers. Apple and Google have a head start, through building on top of their respective payment ‘wrappers’, apple pay and google pay… But the EU is resisting this potential dominance. They have a comprehensive vision and eIDAS 2 is a much more capable and legally founded extension of the existing eIDAS digital identity standards.

It both standardises state issued and administered identity systems within the EU and allows for inter-operation across borders. EIDAS 2 promises more ‘borderless’ trust and transactional services within the EU.

Wallets are a key part of this. They are the most visible thing that a consumer will see… so naturally a big part of the consultation is…

Now this is easier said than done… so much depends on how these services are intended to be USED and BY WHOM. A lot of draft legislation has been hurried through in order to get something out - a ‘toolbox’ with an architecture and reference services, some trail ecosystem use cases …and a procurement exercise.

The excellent Andy Tobin (from Evernym, now Avast) hosted a webinar recently to provide some news on progress and issues.

Good news:

  • EU are consulting widely and in the open;
  • all the frameworks will be open source. Anyone can fork it :slight_smile: Likely to be a choice of tools and providers;
  • lots of recognition that alignment in governance and law are fundamental to reducing frictions across member states. The Commission has stepped up.
  • Citizen consultation shows strong support.

Bad news:

  • it’s very big and techno-centric and few of the politicians understand it;
  • those that do are worried about privacy and data minimisation in practice… needs better controls / legislation on the way it will be used?
  • yes, the Commission has stepped up, but the European Parliament isn’t so sure;
  • it is slipping and it won’t be anywhere near ready until 2024 for ‘live’ deployment at EU level;
  • how will the big mobile platforms and browsers be ‘forced’ to support it?

There’s a webinar video here:

Intriguingly, very little was said on the role or nature of the “cooperation with Microsoft on a common toolbox”
…what is behind this? Is it some EU level implementation of Active Directory ? ! :-o
…or just architectural guidance / support?

Another article here:

What does all this mean for Co-operatives Everywhere?

This is a personal view… comments welcome:

  1. CoOps and coop credential use cases have a better chance of early success because we can be more focused, cooperative and aligned on our principles and goals than are these huge trans national and commercial ecosystems.

  2. The tech will change - we need to remain flexible, accept compromises and support multiple variants, and somehow make it useable and simple.

  3. Despite the differences in tech, all of it pretty much aligns with the W3C verifiable credentials standard… we’re on the right track.

  4. Interoperability will be important for us, but let’s be focused on why and where we need inter-op rather than attempt a generic, global alignment. Wait and see.

  5. With care, we can might make simplified use of proprietary wallets, then swap later to support more open, standards-based trust provision.

Nick, thanks for the update on what looks to be our trip down a ‘long and winding road’…