epicenter.works Proposes Amendments to the EUDI Wallet
A new paper from digital rights group epicenter.works takes an engineering-centred look at the European Commission’s draft eIDAS implementing acts for the European Digital Identity (EUDI) Wallet 1.
Rather than debating the policy goals, it focuses on whether the technical rules will actually let wallets enforce privacy and security in real time – when a user is about to share data. The proposed amendments cover three areas: relying-party registration, electronic attestations of attributes (EAAs), and the technical specifications intended to make the ecosystem interoperable.
One of the paper’s headline concerns is relying-party registration. It argues that registration certificates should be mandatory because without them a wallet has no clean cryptographic handle for checking whether a request is legitimate and within scope. In other words: if a service asks for an attribute, the wallet should be able to automatically verify what that service is authorised to request, and flag ‘over-asking’ before anything is disclosed.
Subscriber content
Read the full article
Full access to ID & Secure Document News articles, newsletters and archives.