Show threadsuzuneApr 6

@Lilith Wusste nicht, dass der CCC sich nicht gegen #eIDAS2 eingesetzt hat. Das war schon Bullshit als sie mit ihren staatlichen Zertifikaten gekommen sind und den geplanten Klagen, dass die Web-Browser-Hersteller verpflichtet sind, diese zu integrieren.

Gegen die gesamte Idee von Apps abzuhängen muss protestiert werden. Und jetzt, wenn Google mit der Scheiße wie Attestation und Store-Zwang ankommt, erst recht!

Sami LehtinenMar 19
Finland is falling far behind Estonia in digital identity services. All I want is a reliable way to encrypt content to person X or verify that the content is genuinely signed by X. Yet there’s still no working, open and unified platform for this in Finland - even though this should be a basic service by 2026. #EU #Finland #DigitalIdentity #EUeID #eIDAS2
Show threadlarinyoFeb 23

The JWT ecosystem already uses this principle: IANA maintains a centralised registry of claim definitions — a semantics-linking mechanism.
@context achieves the same binding, but decentralised and domain-controlled. Which is what the rulebook model requires.

"Semantics are essential but linking credentials to their semantics is unnecessary" is a contradiction.

#VerifiableCredentials #LinkedData #OpenStandards #eIDAS2

larinyoFeb 23

A recurring objection to my EUDI Wallet analysis: "Semantics come from rulebooks, not JSON-LD. @context is unnecessary."

I agree with the premise. Not the conclusion.

If vocabularies are in rulebooks, how does a credential tell a verifier which rulebook governs it? @context is a machine-readable link from the credential to its vocabulary. Not embedding semantics — linking to them.

#EUDIWallet #eIDAS2 #LinkedData #VerifiableCredentials #W3C

larinyoFeb 19

If your company builds credential issuance or verification on W3C Verifiable Credentials — the draft EUDI Wallet Implementing Regulations affect your product roadmap.

Three formats referenced: mdoc, SD-JWT VC, W3C-VC. Only the first two receive scaffolding — encoding tables, presentation profiles, issuance protocols, revocation rules.

W3C-VC: formally included, practically excluded.

Have Your Say open until early March.

#EdTech #EUDIWallet #eIDAS2 #VerifiableCredentials #OpenStandards

Show threadlarinyoFeb 19

The fix: a standardisation request to ETSI ESI for a European HAIP covering all three formats, incl. JSON-LD W3C-VC with embedded proofs.

Schemas exist. Pilots validated them. What remains is integration, not invention.

Have Your Say open until early March. Full analysis:

https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/16112-European-Digital-Identity-Wallet-standards-and-technical-specifications-update-/F33373595_en

#EUDIWallet #eIDAS2 #HaveYourSay

Show threadlarinyoFeb 19

A critical gap: Token Status List (mandated for mdoc/SD-JWT VC) supports only permanent revocation.

Several Member States legally require suspension — temporary withdrawal with possibility of reactivation.

Bitstring Status List (W3C Recommendation, validated in EBSI/DC4EU) natively supports both revocation AND suspension.

Regulation 2024/1183 contemplates suspension. The Implementing Acts eliminate it.

#eIDAS2 #VerifiableCredentials #TrustServices #EUDIWallet #DigitalIdentity

Show threadlarinyoFeb 19

The sovereignty paradox:

mdoc → governed by ISO/IEC, driven by Apple/Google
SD-JWT VC → governed by IETF/OpenID Foundation (US Big Tech)
W3C-VC → semantic layer is decentralised, jurisdiction-controlled

Full regulatory support for the first two. The most sovereignty-aligned format — requiring no proprietary APIs for verification — gets nothing.

EU Parliament, 22 Jan 2026: "open standards, prevent vendor lock-ins."

#EUDIWallet #DigitalSovereignty #OpenStandards #eIDAS2

Show threadlarinyoFeb 19

The draft regulations reference three credential formats: mdoc, SD-JWT VC, and W3C-VC (via ETSI TS 119 472-1 clause 7).

For mdoc and SD-JWT VC: complete encoding tables, presentation profiles, issuance protocols, revocation rules.

For W3C-VC: none of the above.

A format formally included but practically excluded from the EUDI Wallet ecosystem.

#EUDIWallet #W3C #OpenStandards #eIDAS2 #DigitalIdentity

larinyoFeb 19

I've submitted a detailed analysis to the European Commission's Have Your Say consultation on the EUDI Wallet Implementing Regulations.

Core finding: W3C Verifiable Credentials are formally referenced in the regulatory framework — but without the operational scaffolding to function.

Four asymmetries. Eight types of regulatory action needed.

Thread 🧵
#EUDIWallet #eIDAS2 #VerifiableCredentials #DigitalSovereignty #HaveYourSay #OpenStandards