Re: Utah State-Endorsed Digital Identity (SEDI) legislation from Jori Lehtinen on 2026-02-12 (public-credentials@w3.org from February 2026)

From: Jori Lehtinen <lehtinenjori03@gmail.com>
Date: Thu, 12 Feb 2026 14:06:09 +0200
To: Anders Rundgren <anders.rundgren.net@gmail.com>
Cc: Christopher Allen <ChristopherA@lifewithalacrity.com>, Detlef Hühnlein (ecsec GmbH) <detlef.huehnlein@ecsec.de>, public-credentials@w3.org
Message-ID: <CAA6zkAvFGsrt6zMBHuGE3moGt3HuTL3cOKtMeMcUDou73Voypw@mail.gmail.com>

For example:

Someone starts in the United States with a DID they control on their own
device. U.S. institutions issue Verifiable Credentials to that identifier
(e.g., identity, residency, banking-related attestations). Those
credentials are stored in some wallet relevant in the US, but the wallet is
just storage and presentation infrastructure, not the trust anchor.

Later, the person moves to the EU. To interact with local services, they
register with an EU country’s wallet implementation. They present their DID
and relevant U.S.-issued credentials. The EU system can verify those
credentials against U.S. issuers and apply its own policy to determine what
is acceptable and what additional attestations are required.

The EU may then issue its own Verifiable Credential to the same DID. From
that point forward, the individual may need to use that EU wallet
implementation to interact with local banks or authorities. That is fine,
interaction with a system can require system-specific tooling.

Crucially, their identity does not depend on that wallet. Their DID and
previously issued credentials remain under their control. If they later
move to Asia, they can register with an Asian country’s wallet system using
the same DID, present both U.S. and EU credentials, and receive new
attestations there.

Throughout this lifecycle:

   -

   The individual’s identifier remains portable and under their control.
   -

   Issuers (U.S., EU, Asia) act as trust anchors through their signatures
   and legal accountability.
   -

   Wallets act as storage, backup, and presentation tools tied to
   jurisdictions when needed.
   -

   Leaving one system does not destroy the individual’s digital existence
   or prior attestations.

to 12.2.2026 klo 13.49 Jori Lehtinen (lehtinenjori03@gmail.com) kirjoitti:

> I think we largely agree on the structural realities you’re describing.
>
> Wallets under eIDAS2 look like regulated infrastructure with high and
> sustained costs. Relying parties will only integrate a limited number of
> implementations. Payments are already mature and competitive. All of that
> makes sense.
>
> Where I want to slightly reframe the discussion is on what that actually
> implies for identity architecture.
>
> It is not a problem if an individual has to enter a system in order to
> interact with a bank, a government, or to sign agreements. That is normal.
> Interaction dependency is fine.
>
> The problem only appears if the individual’s digital existence depends on
> that system.
>
> If leaving the system equals destruction of identity, or if system failure
> equals destruction of identity, then we have created structural dependency.
> That is the issue.
>
> So even if:
>
>    -
>
>    Wallets are few.
>    -
>
>    Member states operate certified implementations.
>    -
>
>    Relying parties only accept certain flows.
>
> This is completely fine, as long as the individual’s identifier and
> credentials are portable and survivable outside any single wallet or
> platform.
>
> In that framing:
>
>    -
>
>    The trust anchor remains the issuer’s signature and legal
>    accountability.
>    -
>
>    The wallet is a storage/backup/presentation tool.
>    -
>
>    The individual controls a portable identifier.
>    -
>
>    Credentials can move between compliant wallets without
>    “re-identitying.”
>    -
>
>    System participation does not equal identity ownership.
>
> In other words, dependency for interaction is acceptable. Dependency for
> existence is not.
>
> That distinction is what matters, and how these systems can become
> globally interoperable.
>
> Regards,
> Jori
>
> to 12.2.2026 klo 12.15 Anders Rundgren (anders.rundgren.net@gmail.com)
> kirjoitti:
>
>> On 2026-02-12 08:08, Jori Lehtinen wrote:
>> [...]
>>
>> >
>> > If both frameworks keep the idea of “choose the wallet you want” and
>> portability across wallets, that’s a strong base.
>>
>> Unfortunately (for the EU) it doesn't work like this for several reasons:
>>
>> - There is no money in building wallets, only [high and sustained] costs
>>
>> - Banks and VLOPs (Very Large Online Providers) are unlikely to accept
>> more than a handful of wallets.  In fact, GSDV in Germany has already begun
>> integrating EUDIW functionality in their mobile banking app.  Fragmentation
>> is a European specialty.
>>
>> - Last but not least: the payment part of the EUDIW is way below the
>> competition and will [rightfully] be rejected.  The competition is both
>> fierce and more focused.  The EUDIW folks talks about SCA (Strong Customer
>> Authentication).  However, EU banks have SCA in production since years back.
>>
>> Regards,
>> Anders
>>
>>

Received on Thursday, 12 February 2026 12:06:25 UTC