The European Digital Identity Wallet is nearing the finalization of its technical specifications. Among its core goals, the wallet must be able to:
- Create Qualified Electronic Signatures (QES)
- Contain and allow sharing of “Electronic Attestations of Attributes” about a person
Despite the remaining specification work, most of the necessary building blocks are already available and in active use. It's time to list existing best practices, publish them, and push forward with adoption.
eID Easy’s Proposal for the EU Digital Wallet
Two Certificates Per Wallet
Each wallet should include:
- Identification certificate – for verifying user identity
- QES certificate – for signing documents
Attestation Format
All attribute attestations must be packaged as ASiC-E containers:
- Must include machine-readable (JSON) and optionally human-readable (e.g., PDF) formats
- If only machine-readable is needed, JAdES can be used
- JSON must be compatible with W3C Verifiable Credential structure
Attestation Verification
Must involve:
- Signature check of the issuer
- Validation via relevant trust list
- Confirmation of user identity via identification certificate
Trust List Framework
- Flexible and modular: each attestation category should have its own list
- Creation of new categories must be fast and straightforward
- Open access: wallet system must not be restricted
- Inclusion in trust lists must remain affordable
Real-World Examples of Existing Building Blocks
1. EU Digital COVID Certificate
Digitally signed proof of vaccination status, with:
- Human-readable display (QR code)
- Machine-verifiable signature
- Public trust lists for issuer validation
2. Estonian Banks
Allow users to download account statements and payment confirmations digitally signed with the bank’s eSeal – valid proof for financial or legal purposes.
3. Estonian Tax Office
Provides tax debt statements in ASiC-E format, combining:
- Machine-readable XML
- Human-readable PDF
4. Europass Digital Credentials Infrastructure (EDCI)
Used by universities for issuing diplomas across Europe, backed by Qualified eSeals.
These examples show a clear pattern: combining machine-readable and human-readable attestations, digitally signed by a trusted entity.
W3C Verifiable Credentials: A Practical Foundation
The W3C Verifiable Credentials group provides an excellent framework for attestation design. Despite misconceptions, blockchain is not required.
As defined:
“A verifiable credential is a tamper-evident credential that has authorship that can be cryptographically verified.”
This principle can be applied with:
- Standard JSON format
- Signatures using Qualified Electronic Seals
How It Works
- Issuer verifies user + data
- Composes attestation
- Signs with their eSeal
- User stores & shares it as needed
Verification Example
At a bar entrance:
- NFC reader requests an “Over 18” attestation
- Wallet presents it (after user confirms)
- Verifier requests a signed nonce
- User signs it using fingerprint/PIN and identification certificate
- Verification confirms the attestation belongs to the user
Alternative Flow
When attestation is tied to a passport number or national ID code, the verifier may only need the attestation itself – no active signature required.
Conclusion: We’re Ready to Start
All core technologies for the European Digital Identity Wallet already exist. We could start using it today.
The only real challenge lies in finalizing:
- The trust list framework
- The attribute definitions
Industry players like us can already build systems designed for upgradability once final EU specs are released.
Let’s make the EU Digital Identity Wallet a reality. Talk to our team at → www.eideasy.com
