- From: ecsec GmbH <detlef.huehnlein@ecsec.de>
- Date: Sat, 28 Feb 2026 10:39:20 +0100
- To: public-credentials@w3.org
- Message-ID: <ebf04ef7-f7ff-420a-9457-27c4e4d6188d@ecsec.de>
Good Morning Steffen,
>WRAC is the legal abbreviation see Implementing Act
Which "Implementing Act" are you referring to here?
My guess would be CIR (EU) 2025/848 [1], but this implementing act,
as most others, does NOT introduce something like a "legal abbreviation".
On the other hand, there are by now quite a few ETSI standards,
which use "WRPAC" as abbreviation for "Wallet-Relying Party Access
Certificate"
(see [2,3]) and in a similar vain "WRPRC" as abbreviation for
"Wallet-Relying Party Registration Certificate" (see [2]).
[1] http://data.europa.eu/eli/reg_impl/2025/848/oj
[2]
https://www.etsi.org/deliver/etsi_ts/119400_119499/119475/01.01.01_60/ts_119475v010101p.pdf
[3]
https://www.etsi.org/deliver/etsi_ts/119400_119499/119478/01.01.01_60/ts_119478v010101p.pdf
Am 28.02.2026 um 09:05 schrieb Steffen Schwalm:
> WRAC is the legal abbreviation see Implementing Act
>
> WRAC are necessary for any Relying Party to interact with EUDI Wallet
>
> For signing you need qualif. Certificates acc. ETASI EN 319 411-1. For
> Payment WRAC needed for RP but not for SCA
>
> ------------------------------------------------------------------------
> *Von:* Jori Lehtinen <lehtinenjori03@gmail.com>
> *Gesendet:* Freitag, 27. Februar 2026 19:11
> *Bis:* Steffen Schwalm <Steffen.Schwalm@msg.group>
> *Cc:* Anders Rundgren <anders.rundgren.net@gmail.com>; Lluís Alfons
> Ariño Martín <lluisalfons.arino@urv.cat>;
> carsten.stoecker@spherity.com <carsten.stoecker@spherity.com>; Melvin
> Carvalho <melvincarvalho@gmail.com>; W3C Credentials CG
> <public-credentials@w3.org>
> *Betreff:* Re: AW: The German Government slams JSON-LD
>
> *Caution:* This email originated from outside of the organization.
> Despite an upstream security check of attachments and links by
> Microsoft Defender for Office, a residual risk always remains. Only
> open attachments and links from known and trusted senders.
>
> I'm not critizing anything, I'm just having a hard time understanding
> what you are saying,
>
> Maybe IA means implementing act
>
> And looking closer maybe WRAC means
>
> (14)
>
>
>
> ‘wallet-relying party access certificate’ means a certificate for
> electronic seals or signatures authenticating and validating the
> wallet-relying party issued by a provider of wallet-relying party
> access certificates;
>
> where WRPAC would be more accurate abbrevation, I'm just trying to
> understand you Steffen... Because I want to understand the EUDI /
> eIDAS framework...
>
>
> But basically are you saying that Relying party access certificates
> are not required for Signatures and Payments in light of the
> Implementing Acts?
>
> If yes what does that mean in practice?
>
>
>
> pe 27.2.2026 klo 19.50 Steffen Schwalm (Steffen.Schwalm@msg.group)
> kirjoitti:
>
> 1.
> I gave you relevant IA on PID
> 2.
> on WRAC see
> https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L_202500848
> <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L_202500848>
>
>
> Recommend to have look in IA first before we criticize
>
> Gesendet von Outlook für Android <https://aka.ms/AAb9ysg>
> ------------------------------------------------------------------------
> *From:* Anders Rundgren <anders.rundgren.net@gmail.com
> <mailto:anders.rundgren.net@gmail.com>>
> *Sent:* Friday, February 27, 2026 6:41:27 PM
> *To:* Steffen Schwalm <Steffen.Schwalm@msg.group>; Lluís Alfons
> Ariño Martín <lluisalfons.arino@urv.cat
> <mailto:lluisalfons.arino@urv.cat>>; carsten.stoecker@spherity.com
> <mailto:carsten.stoecker@spherity.com> <carsten.stoecker@spherity.com
> <mailto:carsten.stoecker@spherity.com>>; 'Melvin Carvalho'
> <melvincarvalho@gmail.com <mailto:melvincarvalho@gmail.com>>
> *Cc:* 'W3C Credentials CG' <public-credentials@w3.org
> <mailto:public-credentials@w3.org>>
> *Subject:* Re: AW: The German Government slams JSON-LD
> Caution: This email originated from outside of the organization.
> Despite an upstream security check of attachments and links by
> Microsoft Defender for Office, a residual risk always remains.
> Only open attachments and links from known and trusted senders.
>
> On 2026-02-27 16:50, Steffen Schwalm wrote:
> > Hi Anders,
> >
> > What`s a PID is technically and legally clearly defined in Art.
> 5a and:
> https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ%3AL_202402979&qid=1733300667869
> <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ%3AL_202402979&qid=1733300667869> <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ%3AL_202402979&qid=1733300667869
> <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ%3AL_202402979&qid=1733300667869>>
> He Steffen,
>
> I did not find anything. I believe this is OK since there is no
> consensus on just about anything with respect to identity. In
> Sweden you cannot do anything without a "personnummer" while in
> France, this is considered against the constitution.
> https://en.wikipedia.org/wiki/National_identification_number
> <https://en.wikipedia.org/wiki/National_identification_number>
> Usage in Sweden:
> https://cyberphone.github.io/doc/research/citizen-register.pdf
> <https://cyberphone.github.io/doc/research/citizen-register.pdf>
> >
> > - Services typically only speak local languages.
> >
> > *
> > W3CVCDM allows multi language
>
> In
> https://github.com/eu-digital-identity-wallet/eudi-doc-standards-and-technical-specifications/blob/main/docs/technical-specifications/ts12-electronic-payments-SCA-implementation-with-wallet.md#23-sca-attestation-metadata
> <https://github.com/eu-digital-identity-wallet/eudi-doc-standards-and-technical-specifications/blob/main/docs/technical-specifications/ts12-electronic-payments-SCA-implementation-with-wallet.md#23-sca-attestation-metadata> I
> found this little gem:
>
> "schema": "urn:eudi:sca:payment:1",
> "claims": [
> {
> "path": [ "payload", "transaction_id"],
> "visualisation": 4,
> "display": [
> {
> "lang": "de-DE",
> "label": "Transaktionsnummer",
> "description": "Eindeutige Nummer der
> Transaktion"
> },
> {
> "lang": "en-GB",
> "label": "Transaction ID",
> "description": "Unique identifier of
> the transaction"
> }
> ]
> }
>
> This is not how the industry at large deals with multiple
> languages and localization. For the "SCA Rulebook" they are
> [still] waiting for the "industry" to fill in the blanks...
>
> As a Technologist, European (SE/FR), Consumer, and Tax-payer, I
> feel a bit concerned.
>
> I also wonder where NFC is. QR is beginning to get on my nerves
> with tons of different apps op the phone. There simply MUST be a
> better way!
>
> Regards,
> Anders
>
> > *
> > WRAC covers this
> >
> >
> > *
> > Payment --> Where exactly should be issue (if RP requests
> data before payment it`s not issue and for SCA the WRAC is IMHO
> not used)
> >
> >
> > Best
> > Steffen
> >
> >
>
--
Dipl. Inform. (FH)
Dr. rer. nat. Detlef Hühnlein
ecsec GmbH
Sudetenstrasse 16
96247 Michelau
Germany
Phone +49 9571 948 1020
Mobile +49 171 9754980
Maildetlef.huehnlein@ecsec.de
ecsec GmbH
Sudetenstrasse 16
96247 Michelau
Germany
Registered at Court of Coburg HRB 4622
EUID: DED4401V.HRB4622
Directors:
Tina Hühnlein
Dr. Detlef Hühnlein
This e-mail may contain strictly confidential information and is intended for the person to which it is addressed only. Any dissemination, even partly, is prohibited. If you receive this e-mail by mistake, please contact the sender and delete this e-mail from your computer, including your mailserver. Except in case of gross negligence or wilful misconduct we accept no liability for any loss or damage caused by software or e-mail viruses.
Received on Saturday, 28 February 2026 09:39:27 UTC