AW: Utah State-Endorsed Digital Identity (SEDI) legislation

If you want to be 100% sure it might be helpful not to trust an unproven location or the assumption that anyone can hold liability but a qualified validation service which is:


  1.
 Clearly identified and proven for validation
  2.
Liable by definition (law)

Why taking unnecessary risk if law makes life easierr?

Means you won`t achieve same trust level Jori if you don`t follow the law. Pretty much similar to driver license: You can print your own but won`t be legal valid one if not coming from right organization.

Best
Steffen
________________________________
Von: Jori Lehtinen <lehtinenjori03@gmail.com>
Gesendet: Montag, 16. Februar 2026 01:06
An: NIKOLAOS FOTIOY <fotiou@aueb.gr>
Cc: Manu Sporny <msporny@digitalbazaar.com>; Kyle Den Hartog <kyle@pryvit.tech>; Adrian Gropper <agropper@healthurl.com>; Steffen Schwalm <Steffen.Schwalm@msg.group>; Filip Kolarik <filip26@gmail.com>; public-credentials <public-credentials@w3.org>
Betreff: Re: Utah State-Endorsed Digital Identity (SEDI) legislation


Caution: This email originated from outside of the organization. Despite an upstream security check of attachments and links by Microsoft Defender for Office, a residual risk always remains. Only open attachments and links from known and trusted senders.

>  I want to be 100% sure that they are doing the verification correctly

Then you agree with our approach. You hold the proof, there is an acknowledged location that serves verification material. And anyone holding a liability can demonstrate the claims to be true at anytime with any device with math. Claim being the government recognizes you as the parent.

I will try to formalize the end-to-end lifecycle in a way that fits EUDI's technical requirements. Or rather just demonstrate the same trust level that is already guaranteed by our suggestions and just indicate how small changes of definitions / words in the law make the suggestion fit the requirements. Will take sometime tho, but I think it is worth it.

ma 16.2.2026 klo 1.45 NIKOLAOS FOTIOY (fotiou@aueb.gr<mailto:fotiou@aueb.gr>) kirjoitti:

>
>>> “For example, do verifiers—such as all the underfunded public schools in my district—now have to pay to be put on some list somewhere for every type of credential they could ask for, just so that I can prove that I’m the parent of my kids or that I live in the school district?”
>>
>> For the average EU citizen, I believe the answer to this is yes: they would strongly expect formal proof that such a system has taken all necessary measures to prevent anyone from falsely proving that they are someone else’s child’s parent.
>
> That wasn't my question. My question wasn't about the issuer of the
> credential. My question was about the verifier of the credential, and
> who allows them to even ask the question. My question was who approves
> the school? Who approve the credential? Who works in the IT department
> at the school to make this happen? How much cost does this add to
> running the school? How centralized do they have to make the system to
> be able to ask the question in the first place?

I am not talking about the issuer. I am talking about the verifiers (the public school).  If the school uses a digital system for verifying parenthood I want to be 100% sure that they are doing the verification correctly. Otherwise let’s stick to the manual process. Even if I opt-out from using it, malicious users may take advantage of it to prove  that that they are the parents of my child.  It is of my best interest, schools that do not do verification properly, to not be able to access parenthood related credentials: if they are allowed, my family’s security may be in danger even if I have opted-out from this system.


Best,
Nikos