Standards Development

Scope

This document describes Access Control to EUDI Wallet Held Attribute(s) (PID and (Q)EAA). A generic design approach is addressed in this document.

This document specifies the requirements and guidelines for:

1. a generic Access Control Model supporting access control to EUDI Wallet Held Attribute(s) (PID and (Q)EAA);
2. the definition and classification of various types of data and metadata, supporting access control to EUDI Wallet Held Attribute(s), as well as their contents and structures;
3. a generic wallet access control decision engine processing the relying party request to output the decision regarding the disclosure of EUDI Wallet Held Attribute(s) (PID, (Q)EAA) to a relying party;
4. the notification of the decision to the relying party requesting access to EUDI Wallet Held Attribute(s) (PID and (Q)EAA);
5. ensuring the wallet holder makes informed decision regarding disclosure of Wallet Held Attribute(s) when such decision is deferred to them;

This document also:

• identifies technical specifications and standards that may be used to support the concepts described herein;
• specifies additional requirements for the use of the identified specifications to meet the above objectives;
• provides the missing technical specifications needed to meet the above objectives where needed;
• provides examples and use cases;

The following areas are out of the scope of this document:

• Policies assigned for the disclosure of EUDI Wallet Held Attribute(s) (PID, (Q)EAA), as well as the nature of the entities assigning these policies and their governance;
• Access Control Metadata implementation choice and encoding;
• (Q)EAA encoding that are in the remit of ETSI/TC ESI;

Purpose

During the standardization work in TC224/WG20 European Digital Identity Wallets on the specification of “Guidelines for the onboarding of user personal identification data within European Digital Identity Wallets” it was apparent there is a lack of agreement what enforces the disclosure of user data from the wallet. eIDAS2 has several articles setting restrictions when the wallet shall share user data.

1. The concept of embedded disclosure policy has been introduced in eIDAS2 and motivated initial work in the area. In addition, the article introducing disclosure policy concept which implies that the wallet shall manage the access to EAA containing an embedded disclosure policy (see below)
   
   Article 6a(4)ca
   “in the case of electronic attestation of attributes with embedded disclosure policies, implement the appropriate mechanism to inform that the requesting relying party or the requesting user of European Digital Identity Wallets have the permission to access it;”
    
2. There are several hints in eIDAS2 that there is an authorization mechanism implemented by the wallet to ensure the RP does not request data beyond what it is authorized:
   1. RP shall register in the MS where they are established (see article 6c(1) ).
   2. In the course of this registration process, they shall declare (1) the intended use and (2) the data  they intent to use (article 6c(1a)c ).
   3. RP shall not request data beyond what they registered for (article 6c(1c) ).
   4. The wallet shall (1) authenticate the RP (article 6a(4)a(4d) ) and (2) ensure the RP identity can be validated (article 6a(4)ba ) using the services put in place by MS.

There has been some work to start understanding what influencing the disclosure and an initial draft is included introducing an access control model that uses input in the form of metadata to help instruct wallet to grant disclosure AND the final decision by the holder of the wallet. The following diagram is a sample of how the flow may look like.

By initiating this work in TC224 we ensure that there is a close alignment with the onboarding standards work as well as with ETSI ESI. There are already discussions initiated between members of both committees to understand the ramifications of the eIDAS regulation and future the European Digital Identity Architecture and Reference Framework (ARF) development.

An additional goal with this project is to enforce transparency and user control over its personal data. The transparency will help populate the privacy dashboard connected with the wallet of any previous disclosed personal data.