Re: Clarifications between EUDI wallet and EBSI from Andrea D'Intino on 2024-04-25 (public-credentials@w3.org from April 2024)

From: Andrea D'Intino <andrea@dyne.org>
Date: Thu, 25 Apr 2024 16:45:51 +0200
To: public-credentials@w3.org
Message-ID: <82b5ea7b-905f-40e4-860b-9ebd70fd487b@dyne.org>

My 2ct about DIDs in EUDI-ARF and EBSI,

EUDI-ARF issuers/verifiers: afaik among EUDI-ARF wallets developers 
working for UE member states, the main debate is if the chain of trust 
for Credential Issuers, Authorization Servers and Relying Parties, to be 
visible in their respective .well-known files, is to be described via a 
chain of X.509 or using OpenID Federation (the are somewhat evenly split 
about it). Basically anything that is compatible with OpenID4VCI is 
allowed (so nothing wrong with DIDs), but no one even thought of DIDs 
there, apart from these guys: 
https://github.com/EWC-consortium/eudi-wallet-rfcs

We are using DIDs in our issuer/verifiers microservices identities, see 
here: 
https://issuer1.zenswarm.forkbomb.eu/credential_issuer/.well-known/openid-credential-issuer

EUDI-ARF holders: when it comes to a "holder", so a user receiving 
credentials, their root identity certificate is the "PID" which is 
contains their pk signed by the member's state PID issuer and stored in 
the phone's TSM.  There is no room at all for DIDs in the EUDI-ARF 
holder's space.

EBSI is a completely different ball-game: it's currently W3C-VC 
compatible (although last time I looked at it was in 2022...) even 
thought I heard myself from one of EBSI's tech directors that they're 
working to implement EUDI-ARF compatibility into EBSI... with EBSI DIDs 
are widely used in different situations.

Unfortunately my crystal ball is undergoing maintenance these days, so I 
can't really tell what EBSI will look now in a couple years from now - 
and I guess no one really knows :-)

Cheers,

| Andrea D'Intino | +45  21 62 79 18 | Project Manager
| https://Dyne.org think &do tank  | software to empower communities
| ⚷ crypto κρυπτο крипто गुप्त् 加密הצפנה المشفره

On 25/04/2024 16.25, Manu Sporny wrote:
> On Thu, Apr 25, 2024 at 3:07 AM Nikos Fotiou <fotiou@aueb.gr> wrote:
>> To me it is highly unlikely that this implies that DIDs are covered. Of course, this is a personal feeling and I might me wrong.
> You can include x509 certificate chains in a DID Document by using
> publicKeyJwk, the x509 DID Method, or publicKeyPem.
>
> That does not, however, mean that DIDs are in scope for EUDI/ARF.
> Ideally, one of the authors of the ARF would chime in and let us know
> if DIDs are in scope or out of scope for EUDI/ARF.
>
> -- manu
>

Received on Thursday, 25 April 2024 14:46:01 UTC