As announced on March 3th on X (formerly Twitter), the Reference Implementation of the EU Digital Identity Wallet has been released.
The GitHub address is:CLICK HEREIt says:
The EUDI Wallet Reference Implementation isArchitecture Reference Framework (ARF)It aims to introduce a robust, interoperable platform for digital identification, authentication and electronic signatures based on common standards across the European Union.
The EUDI Wallet Reference Implementation is based on a modular architecture consisting of business-agnostic reusable components, which can be evolved incrementally and reused across multiple projects. Specifically, the following components are provided as part of the EUDI Wallet Reference Implementation:(Source) Kanellopoulos, V., (2024), EUDI Wallet Reference Implementation, https://github.com/eu-digital-identity-wallet/.github/blob/main/profile/reference-implementation.md (Obtained on 2024-03-11)
- Libraries and other software components required by the framework
- EUDI Wallet mobile native demo app for issuance, proximity and remote flows
- Verifier mobile native apps and web services (for proximity and remote flows)
- Issuer App and Web Services
I thought it would be quite a hassle to follow each of the above pages one by one, but Fujiei from the IdM Laboratory had put together a list of modules.
The following modules are available:
(Source) Fujiei, (2024), "Reference implementation of EU Digital Identity Wallet has been released", https://idmlab.eidentity.jp/2024/03/eudigital-identity-wallet.html
- Wallet Core(Android) and Wallet Kit(iOS) Coordinator Libraries
- Wallet Core (Android)
- Wallet Kit (iOS)
- Proximity Sharing iOS Libraries
- mDoc Security (iOS)
- mDoc Data Transfer (iOS)
- mDoc Data Model (iOS)
- Proximity Sharing Android Libraries
- mDoc Data Transfer (Android)
- Remote Presentation iOS Libraries
- Presentation Exchange (iOS)
- SIOPv2 and OpenID4VP protocols(iOS)
- SD-JWT (iOS)
- Remote Presentation Android Libraries
- Presentation Exchange (Android)
- SIOPv2 and OpenID4VP protocols(Android)
- SD-JWT (Android)
- Issuing iOS Libraries
- OpenId4VCI (iOS)
- Issuing Android Libraries
- OpenId4VCI (Android)
- Wallet Data Storage and Cryptographic Management iOS Libraries
- mDoc Document Storage (iOS)
- Wallet Data Storage and Cryptographic Management Android Libraries
- mDoc Document Storage (Android)
- Wallet UI App and demo App for Android and iOS
- UI / Demo App (Android)
- UI / Demo App (iOS)
- Verifier Apps and Services
- Web Verifier
- Restful API (web-services)
- Issuing Apps and Services
- OpenId4VCI issuer (Python)
- OpenId4VCI issuer (Kotlin)
Demo Video
Basically, it is assumed that each implementer will use these to build the user interface (UI), but a reference implementation of the UI is also provided.PagesYou can also download and install it from here and try it out. However, it's a bit of a challenge since it requires weakening the security of the OS. For those of you who are interested, a video of the operation is also available (Android version only). Below, we will explain the contents of that video. (All screenshots below are taken from "https://github.com/eu-digital-identity-wallet/eudi-app-android-wallet-ui?tab=readme-ov-file"is)
Issue
The issuance demo will show how to issue a National Identity Document (National ID) and a driver's license.
The demo screen first shows an EU flag screen, which appears to be the app's startup splash screen, and after waiting for a while, it takes you to a screen for entering a six-digit PIN, which appears to be the login screen for the wallet.
Once the user authentication is complete, you will be taken to the Identity Document (ID) acquisition screen. Here, you can obtain a national ID card. It seems that you cannot obtain a driver's license at this stage.
If you select National ID here, the screen will change to the country selection screen. In the demo, EU is selected, but this is for demo purposes only. In real life, I think you would select an individual country.
When you press the "Submit" button, the screen will change again to the screen where you can enter your personal information for the provider. This is probably where they identify the individual. You will be asked to enter your name and date of birth. I think some kind of identity verification and authentication will be carried out here before the card is actually issued.
Once you have filled it in and submitted, your National ID will be displayed.
If you press "CONTINUE" here, this identification (ID) will be stored in your wallet.
If you click on "ADD DOC" here, you will now be able to add your driving license.
Let's try adding it right away. This time, you will be redirected to the driver's license issuer screen. After entering your personal information in the same way as before, a mobile driver's license will be issued and stored in your wallet.
The demo will then go on to show how to delete a certificate.
prompt
In terms of presentation, it appears that three types of presentation flows are supported: selective presentation with OpenID for Verifiable Presentation (OID4VP)+CBOR, OID4VP+CBOR, and OID4VP Custom.
When you select a flow, you will first be taken to the Verifier screen, where you can decide which attributes to request from the user.
And when you click NEXT, it will switch to the user screen and then to the screen for requesting authorization. I think it is assumed that the user will operate from this screen onwards, but this part is very difficult to understand just by looking at the screen.
If you press the AUTHORIZE button here, the screen will change to the login screen where you will need to enter a 6-digit PIN. This means you will be logging in to the Wallet on your smartphone.
When you log in, it will say Welcomeback Jan for a moment.
It says that the Verifier is requesting the following data. Here, there is a bold part that is probably a link that says "Why do we need your data?" If you click on this, you can see the reason.
If you wait a moment, you will see more details about who is requesting what data.
When you open the Verification Data section, you can see what additional information is sent to prove these attribute data. These are metadata for the data, but they could potentially reveal your nationality or where you live. Considering that, I think it would be better to make the information a little easier to understand for users.
Regarding who is making the request, it appears that it is now possible to verify whether the request is coming from a trusted recipient (Relying Party, RP).
Press OK to close the Trusted relying party screen and return to the previous screen, where you can press "SHARE" and you will be asked for your PIN again, providing that information.
In case of close presentation
Proximity presentation is a use case in which data is transferred locally without going through a network by tapping with NFC or reading a QR code.
In the demo, the left side is the Verifier screen and the right side is the presented User/Holder/Presenter screen.
First, the user logs in to the wallet by entering a PIN.
If the login is successful, the document selection screen will appear.
Here, press the "SHOW QR or TAP" button to display the QR code.
Next, you will need to perform the Verifier's work. Press the "Scan QR code" button to launch the camera and read the QR code.
The process from this point on is almost the same as in the case of remote presentation up until now.
If all goes well, the provided attributes will be displayed in the Verifier screen on the left.
Points to note - ARF situation
We have introduced the EU Digital Identity Wallet reference implementation, but there is one thing to note. The reference implementation page states, "The EUDI Wallet reference implementation is,Architecture Reference Framework (ARF)"The ARF will introduce a robust and interoperable platform for digital identification, authentication and electronic signatures based on common standards across the European Union, built on the principles of the EU-wide digital standardization framework," but the ARF has not yet been decided. The link has a version uploaded as of March 3th as ver.7, but it was released to solicit comments from a wide range of people and was not approved by the eIDAS expert group. Ver.1.3 was released on March 1.2st, and we can see that changes are being made at a fairly rapid pace. Therefore, it seems better to expect that there may be further changes in the future.