Re: Utah State-Endorsed Digital Identity (SEDI) legislation from ecsec GmbH on 2026-02-12 (public-credentials@w3.org from February 2026)

From: ecsec GmbH <detlef.huehnlein@ecsec.de>
Date: Thu, 12 Feb 2026 06:58:38 +0100
To: public-credentials@w3.org
Message-ID: <9585e780-d7ac-4cdd-bfbb-f8d8b9c2f416@ecsec.de>
Dear Jori, Anders, Brent, Drummond, Venu, Manu, all,
the summary below could also serve as very high level summary of the 
eIDAS-Regulation
including its extension related to the EUDI-Wallet and the envisioned 
European Business Wallet.

Could this legislation bring us closer to global trust and 
interoperability?

Best Regards,
    Detlef

Am 12.02.2026 um 06:19 schrieb Jori Lehtinen:
>
> > Phew, this was a massive list of paragraphs!
>
> I felt the same, so I asked AI for a summary, hope this helps.
>
> ————————-
>
> How it differs from other solutions, in plain terms:
>
>  *
>
>     It’s state-backed but wallet-based. The state issues/endorses a
>     digital identity, but you hold it in a digital wallet and can
>     choose a conforming wallet provider.
>
>  *
>
>     Cryptographic verification over database lookups. The bill
>     repeatedly frames authenticity as something a verifier can check
>     mathematically (signatures/credentials style), rather than “call a
>     central service and ask.”
>
>  *
>
>     Selective disclosure is a design goal. You should be able to prove
>     specific attributes (including “over X” age proofs) without
>     handing over everything.
>
>  *
>
>     Anti-tracking is a legal constraint. It explicitly tries to
>     prevent the state (and limits others) from using the system as a
>     “who showed ID where/when” telemetry pipe.
>
>  *
>
>     It regulates the ecosystem, not just the credential. It imposes
>     obligations on wallet providers, verifiers, relying parties, and
>     even introduces a “duty of loyalty” style concept.
>
>
> On unlinkability / skepticism:
>
> The bill’s intent is basically: “Don’t turn ID checks into ubiquitous 
> behavioral tracking.” That doesn’t require magical perfect 
> unlinkability in the academic sense — it mostly requires (1) 
> minimizing what gets disclosed, and (2) not building a central logging 
> chokepoint. The practical failure mode isn’t cryptography; it’s 
> incentives + convenience (“just log everything, it’s useful”). The 
> bill is trying to legislate against that gravitational pull.
>
>
> On taxation / registries:
>
> Totally compatible. This bill isn’t trying to abolish registries 
> (taxation and civil administration need them). It’s trying to prevent 
> the identity presentation layer from becoming a universal cross-site 
> tracking layer. The state can still know who you are in contexts where 
> the state must know (tax, benefits, licensing), while aiming to reduce 
> unnecessary disclosure in everyday verification contexts.
>
>
> “Research project” framing:
>
> It’s more like a legislative spec for a privacy-conscious digital ID 
> ecosystem than a mature, battle-tested product description. The 
> required reports (starting 2027) and the audit (2028) are basically 
> the law admitting: we will need to measure, iterate, and verify 
> whether this is doing what it claims.
>
> —————————-
>
> Jori
>
> Lazy young person
>
>
>
>
> to 12.2.2026 klo 7.04 ap. Anders Rundgren 
> <anders.rundgren.net@gmail.com> kirjoitti:
>
>     Phew, this was a massive list of paragraphs!
>
>     Is there any documentation targeted at "mere mortals", explaining
>     what it does and in particular how it differs from other solutions?
>
>     Personally, I remain skeptical about ideas like "unlinkability"
>     since they (AFAICT...) put high demands on people that currently
>     have no major issues with the absolute opposite, like "Login with
>     Google".
>
>     Since the major source of revenue for governments are taxes, this
>     (IMO) set the bar for what is achievable.  Taxation obviously
>     requires a pretty extensive registry to function.
>
>     At this stage. SEDI should be considered a research project.
>
>     Anders
>     Grumpy old fart
>
>     On 2026-02-11 16:49, Manu Sporny wrote:
>     > Hi CCG'ers (and bcc: VCWG),
>     >
>     > Just wanted to point out that the Utah State-Endorsed Digital
>     Identity
>     > (SEDI) legislation has been posted for review and it is /really,
>     > really good/.
>     >
>     > https://le.utah.gov/~2026/bills/static/SB0275.html

>     >
>     > Kudos to a number of digital credentials ecosystem long-timers for
>     > working with Utah legislators on this bill (Timothy Ruff, Sam Smith,
>     > Steve McCown, some in the "No Phone Home community", and others that
>     > I'm forgetting or not aware of).
>     >
>     > The most important thing about the legislation is that it upholds a
>     > number of principles that have been at the core of the W3C
>     > Decentralized Identifiers and Verifiable Credentials work. It's an
>     > excellent read, and I hope other U.S. states take notice.
>     >
>     > -- manu
>     >
>
>
-- 
Dipl. Inform. (FH)
Dr. rer. nat. Detlef Hühnlein
ecsec GmbH
Sudetenstrasse 16
96247 Michelau
Germany
Phone  +49 9571 948 1020
Mobile +49 171  9754980
Maildetlef.huehnlein@ecsec.de

ecsec GmbH
Sudetenstrasse 16
96247 Michelau
Germany

Registered at Court of Coburg HRB 4622
EUID: DED4401V.HRB4622

Directors:
Tina Hühnlein
Dr. Detlef Hühnlein

This e-mail may contain strictly confidential information and is intended for the person to which it is addressed only. Any dissemination, even partly, is prohibited. If you receive this e-mail by mistake, please contact the sender and delete this e-mail from your computer, including your mailserver. Except in case of gross negligence or wilful misconduct we accept no liability for any loss or damage caused by software or e-mail viruses.
Received on Thursday, 12 February 2026 05:58:43 UTC