Skip to content

Trust Management in the German EUDI Wallet Ecosystem

Overview

This section provides comprehensive guidance on trust in the German EUDI Wallet ecosystem. Whether you are an issuer deciding which attestation type to use, a relying party integrating with Wallets, or a developer implementing trust validation, you will find the relevant information here.

Trust between participating parties is a fundamental prerequisite for a functioning EUDI Wallet ecosystem. This trust is based on eIDAS regulations, centralized trust lists, and certifications of technical implementations.

Trust

Figure: High-level overview of trust in the ecosystem

Credentials Overview

Scope and Design Dimensions

eIDAS 2.0 defines a framework for interoperable digital credentials within the European Digital Identity ecosystem. Credential types differ primarily along the following design dimensions:

  • Credential Provider: the legal and organizational entity responsible for issuance and lifecycle management.

  • Level of Assurance (LoA) : the confidence level associated with identity proofing, issuance, and authentication, aligned with eIDAS assurance concepts (Low, Substantial, Qualified, High).

  • Legal Effect : the regulatory recognition and evidentiary value of the credential across member states.

These dimensions are combined into two main credential families: Personal Identification Data (PID) and Electronic Attestations of Attributes (EAA).

Credentials Families

Personal Identification Data (PID)

PID credentials represent core identity data of a person and are based on a notified eID system. They form the foundational identity layer within the European Digital Identity Wallet. PID is distinct from EAAs in that it focuses on core identity establishment.

Electronic Attestations of Attributes (EAA)

EAAs represent verifiable statements about one or more attributes of a subject (natural or legal person). Attributes may relate to status, qualifications, rights, or characteristics derived from authentic sources.

EAAs may be further extended depending on issuer qualification, assurance level, trust model, and legal recognition into two additional types:

  • Qualified Electronic Attestations of Attributes (QEAA), representing a specialized form of EAA.
  • Public Electronic Attestations of Attributes (Pub-EAA), representing another specialized form of EAA.

Across the EAA family, the following baseline principles apply:

  • Attribute data must be traceable to an issuer and connected to a user.
  • Integrity and authenticity must be cryptographically verifiable.
If you want to... Start here
Understand trust models and choose an attestation type Trust Overview and Decision Guide
Learn about PID-specific trust requirements Trust in PID Issuance and Presentation
Learn about EAA trust requirements Trust in EAA Issuance and Presentation
Learn about QEAA/PubEAA trust requirements Trust in QEAA and PubEAA Issuance and Presentation
Design EAAs: formats, signatures, revocation EAA Design Section
Implement trust validation (roles, trust lists, certs) Trust Validation Overview
Understand RP registration and authentication Wallet-Relying Party Authentication
Understand how users are protected from excessive requests Overasking Protection

Reading Paths

For Issuers

  1. Start with the Decision Guide to understand which attestation type fits your use case
  2. Read the specific trust requirements for your attestation type:
  3. PID for identity providers
  4. EAA for standard attestations
  5. QEAA/PubEAA for qualified/public attestations
  6. Review Trust Validation for technical implementation details

For Relying Parties

  1. Start with Wallet-Relying Party Authentication for registration requirements
  2. Review Trust Validation to understand how to validate credentials
  3. Consult the Decision Guide to understand which attestation types to accept

For Developers

  1. Start with Trust Validation for the technical architecture
  2. See the Wallet Attestation flow for implementation details
  3. Review OID4VC Protocol Integration for certificate usage in protocols
  4. Review Status Management for revocation handling