Scope¶
The Government Provided EUDI Wallet is being developed iteratively. The first iteration focused on PID functionality. For the PID functionality the Government Provided EUDI Wallet is based on the architecture “Signed Credential with Cloud Support” (C') from the German EUDI Wallet Ecosystem Blueprint.
The scope of the current architecture concept is described below in the form of functional and non-functional requirements for the architecture.
Functional Requirements¶
This chapter documents the functions of the Wallet Lifecycle and the PID lifecycle for which the architecture is intended. The functional requirements define the scope of the functions, which are then documented in detail in this concept.
Wallet Lifecycle Functions¶
| Function | Description |
|---|---|
| Activate Wallet | ‘Activate Wallet’ is the function that sets up the Wallet Instance and the Remote WSCD. Therefore, the Wallet Provider sets up an account for the Wallet Instance, requests data regarding the user's device and sets up the Remote WSCD for securely storing cryptographic keys and secure user authentication. The Wallet Provider issues a Wallet Instance Attestation (WIA) and a Wallet Trust Evidence (WTE) to the Wallet Instance. As a result, the Wallet Instance is activated and ready to receive a PID. |
| Validate RP Request | ‘Validate RP request’ is the function that implements the verification of the RP's identity and the authenticity and integrity of its request. |
| Dashboard | ‘Dashboard’ is the function that implements a log of all transactions carried out by the Wallet Instance, to view an up-to-date list of RPs with which the user has established a connection and, where applicable, all data exchanged. The dashboard also allows the user to easily report a RP to the responsible national data protection authority, where an allegedly unlawful or suspicious request for data was received. |
| Change RWSCD PIN | ‘Change RWSCD PIN’ is the function that allows the user to set a new RWSCD PIN, provided that the user knows the current RWSCD PIN. |
| Reset RWSCD PIN | ‘Reset RWSCD PIN’ is the function that allows the user to set a new RWSCD PIN, provided that the user has forgotten the current RWSCD PIN. |
| Revoke Wallet | 'Revoke Wallet' is the function that allows the user to remotely block the usage of the Wallet Instance and its contained credentials. |
| Delete Wallet | ‘Delete Wallet’ is the function that implements the deletion of the Wallet App from the user's device. |
PID Lifecycle Functions¶
| Function | Description |
|---|---|
| Issue PID | ‘Issue PID’ is the function that implements the process in which the PP issues the PID to the Wallet Instance of a user. This includes verification of the wallet status with the WIA of the Wallet Instance as well as verification of the RWSCD status with the WTE attesting the security of the used cryptographic keys, identifying the holder whose identity is represented by the PID (e.g. with an ID card), and linking the PID to the authentication means of the Wallet Instance. |
| Present PID (remote-same-device-flow) | ‘Present PID’ is the function that implements the process by which a holder presents the PID or part of the PID's identity attributes to an RP via the remote same-device flow. This includes the secure authentication of the holder in the context of the presentation of the PID, the verification of the wallet status and the PID status, and the verification of the authenticity, integrity and validity of a presented PID by the RP. |
| Revoke PID | ‘Revoke PID’ is the function that implements the process by which the validity of a PID is temporarily (suspend) or permanently revoked. This includes the option for the user to initiate the revocation process. |
| Delete PID | ‘Delete PID’ is the function that implements the process of deleting a PID from the Wallet Instance of the user. |
Non-functional Requirements¶
The architecture is following the security and privacy requirements referenced in the German EUDI Wallet Ecosystem Blueprint.