RE: Utah State-Endorsed Digital Identity (SEDI) legislation

Hi Jori,



To add to Steffen’s reply: the reverse is also possible.



Within an EUDI Wallet, a DID can be generated and a credential can be
issued to that DID and stored in the wallet, provided the issuer considers
it conformant.



This credential can operate independently from the PID or any QEAA residing
in the wallet. The trust level, however, would depend on the issuance
framework and assurance level applied by the issuer.



Best,


Boris







*From:* Jori Lehtinen <lehtinenjori03@gmail.com>
*Sent:* Thursday, 12 February 2026 16:17
*To:* Steffen Schwalm <Steffen.Schwalm@msg.group>
*Cc:* Anders Rundgren <anders.rundgren.net@gmail.com>; Christopher Allen <
ChristopherA@lifewithalacrity.com>; Detlef Hühnlein (ecsec GmbH) <
detlef.huehnlein@ecsec.de>; public-credentials@w3.org
*Subject:* Re: Utah State-Endorsed Digital Identity (SEDI) legislation



Hi Steffen,



You’re right on the details (At least I’m not claiming to know
better) EUDIW is voluntary, services may support other wallets, and
non-citizens might not get a country wallet. But that’s not what my example
was trying to display.



If global interoperability is a goal, the key point isn’t “which wallets
are supported” or “which jurisdiction’s claims matter”. Those can vary. The
key point is whether identity and attestations are portable across wallets,
platforms, and governance regimes.



On the (Q)TSP/QEAA question: yes, I can see (Q)TSPs doing cross-context
issuance if there’s demand. They get paid. If relying parties want a
(Q)TSP-backed trust anchor for a claim, paying “gas” for issuance to a
user-controlled DID can be a sensible business decision, especially if the
resulting VC remains meaningful across some services.



If a DID is the primitive for an individual’s digital identity and the DID
can’t present a required attestation, the service can redirect the subject
to obtain one (e.g., “over 18”, residency) issued to that DID and signed by
a trust anchor the service accepts. The attestation can be stored in
whichever wallet is used for that interaction and moved if the wallet
changes.



In that sense, attestations made about an identity the subject controls
move with the subject, and the subject decides when to disclose them to
services that accept them. Verifiers get to choose which issuers and claims
they consider relevant, but they shouldn’t be able to force a particular
wallet or make identity itself contingent on a single system. If an “over
18” credential is signed by a (Q)TSP that is accepted in a given context,
it works there; if not, the same DID can obtain an equivalent attestation
from whatever trust anchor is accepted in that context.



I’m suggesting this as a possible reality in which digital identity is
owned by the subject and interoperable globally. This is not a description
of how things work today, but something that could be worked toward. It
would begin with aligning legislation around the same core invariants, and
then aligning on shared algorithms and data models for identity and
attestations. Everything else can remain jurisdiction-specific, as long as
none of it becomes a dependency for the existence of the identity itself.



Regards,

Jori Lehtinen





to 12.2.2026 klo 3.19 ip. Steffen Schwalm <Steffen.Schwalm@msg.group>
kirjoitti:

Hi Jori,



„Later, the person moves to the EU. To interact with local services, they
register with an EU country’s wallet implementation“ à if the person does
not become EU Citizen it would not get any EUDI wallet. To interact with
services there`s not necessarily need to register with an EU country’s
wallet implementation as EUDIW is voluntary any service need to comply with
other wallets as well.



Means a (Q)TSP may issue QEAA to certain DID or the US wallet with the EU
wallet implementation. Only question: Will you find a (Q)TSP doing this.







*Von:* Jori Lehtinen <lehtinenjori03@gmail.com>
*Gesendet:* Donnerstag, 12. Februar 2026 13:06
*An:* Anders Rundgren <anders.rundgren.net@gmail.com>
*Cc:* Christopher Allen <ChristopherA@lifewithalacrity.com>; Detlef
Hühnlein (ecsec GmbH) <detlef.huehnlein@ecsec.de>; public-credentials@w3.org
*Betreff:* Re: Utah State-Endorsed Digital Identity (SEDI) legislation



*Caution:* This email originated from outside of the organization. Despite
an upstream security check of attachments and links by Microsoft Defender
for Office, a residual risk always remains. Only open attachments and links
from known and trusted senders.

For example:

Someone starts in the United States with a DID they control on their own
device. U.S. institutions issue Verifiable Credentials to that identifier
(e.g., identity, residency, banking-related attestations). Those
credentials are stored in some wallet relevant in the US, but the wallet is
just storage and presentation infrastructure, not the trust anchor.

Later, the person moves to the EU. To interact with local services, they
register with an EU country’s wallet implementation. They present their DID
and relevant U.S.-issued credentials. The EU system can verify those
credentials against U.S. issuers and apply its own policy to determine what
is acceptable and what additional attestations are required.

The EU may then issue its own Verifiable Credential to the same DID. From
that point forward, the individual may need to use that EU wallet
implementation to interact with local banks or authorities. That is fine,
interaction with a system can require system-specific tooling.

Crucially, their identity does not depend on that wallet. Their DID and
previously issued credentials remain under their control. If they later
move to Asia, they can register with an Asian country’s wallet system using
the same DID, present both U.S. and EU credentials, and receive new
attestations there.

Throughout this lifecycle:

   - The individual’s identifier remains portable and under their control.
   - Issuers (U.S., EU, Asia) act as trust anchors through their signatures
   and legal accountability.
   - Wallets act as storage, backup, and presentation tools tied to
   jurisdictions when needed.
   - Leaving one system does not destroy the individual’s digital existence
   or prior attestations.



to 12.2.2026 klo 13.49 Jori Lehtinen (lehtinenjori03@gmail.com) kirjoitti:

I think we largely agree on the structural realities you’re describing.

Wallets under eIDAS2 look like regulated infrastructure with high and
sustained costs. Relying parties will only integrate a limited number of
implementations. Payments are already mature and competitive. All of that
makes sense.

Where I want to slightly reframe the discussion is on what that actually
implies for identity architecture.

It is not a problem if an individual has to enter a system in order to
interact with a bank, a government, or to sign agreements. That is normal.
Interaction dependency is fine.

The problem only appears if the individual’s digital existence depends on
that system.

If leaving the system equals destruction of identity, or if system failure
equals destruction of identity, then we have created structural dependency.
That is the issue.

So even if:

   - Wallets are few.
   - Member states operate certified implementations.
   - Relying parties only accept certain flows.

This is completely fine, as long as the individual’s identifier and
credentials are portable and survivable outside any single wallet or
platform.

In that framing:

   - The trust anchor remains the issuer’s signature and legal
   accountability.
   - The wallet is a storage/backup/presentation tool.
   - The individual controls a portable identifier.
   - Credentials can move between compliant wallets without
   “re-identitying.”
   - System participation does not equal identity ownership.

In other words, dependency for interaction is acceptable. Dependency for
existence is not.

That distinction is what matters, and how these systems can become globally
interoperable.

Regards,
Jori



to 12.2.2026 klo 12.15 Anders Rundgren (anders.rundgren.net@gmail.com)
kirjoitti:

On 2026-02-12 08:08, Jori Lehtinen wrote:
[...]

>
> If both frameworks keep the idea of “choose the wallet you want” and
portability across wallets, that’s a strong base.

Unfortunately (for the EU) it doesn't work like this for several reasons:

- There is no money in building wallets, only [high and sustained] costs

- Banks and VLOPs (Very Large Online Providers) are unlikely to accept more
than a handful of wallets.  In fact, GSDV in Germany has already begun
integrating EUDIW functionality in their mobile banking app.  Fragmentation
is a European specialty.

- Last but not least: the payment part of the EUDIW is way below the
competition and will [rightfully] be rejected.  The competition is both
fierce and more focused.  The EUDIW folks talks about SCA (Strong Customer
Authentication).  However, EU banks have SCA in production since years back