Re: Utah State-Endorsed Digital Identity (SEDI) legislation from Jori Lehtinen on 2026-02-12 (public-credentials@w3.org from February 2026)

From: Jori Lehtinen <lehtinenjori03@gmail.com>
Date: Thu, 12 Feb 2026 13:49:56 +0200
To: Anders Rundgren <anders.rundgren.net@gmail.com>
Cc: Christopher Allen <ChristopherA@lifewithalacrity.com>, Detlef Hühnlein (ecsec GmbH) <detlef.huehnlein@ecsec.de>, public-credentials@w3.org
Message-ID: <CAA6zkAvOWpR6ECzuOt_ZZ4yxd=KndFr6B9uZp424_f7RMgbE7w@mail.gmail.com>

I think we largely agree on the structural realities you’re describing.

Wallets under eIDAS2 look like regulated infrastructure with high and
sustained costs. Relying parties will only integrate a limited number of
implementations. Payments are already mature and competitive. All of that
makes sense.

Where I want to slightly reframe the discussion is on what that actually
implies for identity architecture.

It is not a problem if an individual has to enter a system in order to
interact with a bank, a government, or to sign agreements. That is normal.
Interaction dependency is fine.

The problem only appears if the individual’s digital existence depends on
that system.

If leaving the system equals destruction of identity, or if system failure
equals destruction of identity, then we have created structural dependency.
That is the issue.

So even if:

   -

   Wallets are few.
   -

   Member states operate certified implementations.
   -

   Relying parties only accept certain flows.

This is completely fine, as long as the individual’s identifier and
credentials are portable and survivable outside any single wallet or
platform.

In that framing:

   -

   The trust anchor remains the issuer’s signature and legal accountability.
   -

   The wallet is a storage/backup/presentation tool.
   -

   The individual controls a portable identifier.
   -

   Credentials can move between compliant wallets without “re-identitying.”
   -

   System participation does not equal identity ownership.

In other words, dependency for interaction is acceptable. Dependency for
existence is not.

That distinction is what matters, and how these systems can become globally
interoperable.

Regards,
Jori

to 12.2.2026 klo 12.15 Anders Rundgren (anders.rundgren.net@gmail.com)
kirjoitti:

> On 2026-02-12 08:08, Jori Lehtinen wrote:
> [...]
>
> >
> > If both frameworks keep the idea of “choose the wallet you want” and
> portability across wallets, that’s a strong base.
>
> Unfortunately (for the EU) it doesn't work like this for several reasons:
>
> - There is no money in building wallets, only [high and sustained] costs
>
> - Banks and VLOPs (Very Large Online Providers) are unlikely to accept
> more than a handful of wallets.  In fact, GSDV in Germany has already begun
> integrating EUDIW functionality in their mobile banking app.  Fragmentation
> is a European specialty.
>
> - Last but not least: the payment part of the EUDIW is way below the
> competition and will [rightfully] be rejected.  The competition is both
> fierce and more focused.  The EUDIW folks talks about SCA (Strong Customer
> Authentication).  However, EU banks have SCA in production since years back.
>
> Regards,
> Anders
>
>

Received on Thursday, 12 February 2026 11:50:12 UTC