Wallet Providers
What is a Wallet Provider?
A Wallet Provider is an organization that makes wallet solutions available to users and issues attestations that establish trust with credential issuers and verifiers.
In the European Digital Identity (EUDI) Wallet ecosystem defined by the Architecture Reference Framework (ARF), the Wallet Provider is a distinct organizational role, separate from the entities that issue or verify credentials.
The Wallet Provider's responsibilities include:
- Providing the wallet solution: Making wallet software available to users, whether as a mobile application, web-based solution, or other form factor.
- Supporting users: Offering ongoing support for wallet operation.
- Issuing wallet attestations: Generating cryptographic attestations that vouch for the wallet's integrity and the security properties of its keys.
The "Wallet Provider" is the organization fulfilling this role, while a "Wallet Unit" is an instance of wallet software installed on a user's device. A single Wallet Provider may support many Wallet Units across many users. The user controls and activates their own Wallet Unit, but the Wallet Provider is responsible for attesting to its trustworthiness.
Where does the Wallet Provider fit in the ecosystem?
The ARF defines a comprehensive ecosystem of roles that work together to enable trusted digital identity:
The Wallet Provider (2) sits between the User (1) and the broader ecosystem of credential issuers and relying parties.
Key relationships
With users: The Wallet Provider offers services to users, provides the wallet solution itself, and provides ongoing support.
With the Wallet Unit: The Wallet Unit is what the Wallet Provider delivers. It's the actual software instance on the user's device that stores credentials and handles presentations. The user controls and activates their Wallet Unit, but the Wallet Provider is responsible for its integrity and for issuing attestations about it.
With credential issuers: PID Providers (3), QEAA Providers (5), PuB-EAA Providers (6), and EAA Providers (7) all issue credentials to the Wallet Unit. These issuers rely on wallet attestations to verify they're issuing credentials to a legitimate, secure wallet. These attestations come from the Wallet Provider.
With Relying Parties: When a user presents credentials to a Relying Party (10), the verifier needs confidence that the wallet presenting the credentials is trustworthy. If a Relying Party knows the credential can only be issued to a wallet providing sufficient attestation, it can trust the credential.
Notably, the Wallet Provider does not issue credential and does not verify presentations. Its role is specifically to provide the wallet infrastructure and to attest to that infrastructure's trustworthiness.
What are wallet attestations?
Wallet attestations are cryptographic proofs issued by a Wallet Provider that make claims about the wallet itself, not about the user or their credentials. They allow credential issuers and verifiers to trust that a wallet is a legitimate, secure place to store and present identity information.
Acting as a Wallet Provider with Procivis One
Procivis One enables you to act as a Wallet Provider in the ARF sense, issuing attestations that establish trust between your wallet solution and the broader EUDI ecosystem.
With Procivis One, you can:
- Issue attestations to authenticate your wallet application
- Issue attestations to attest to the security properties of user keys
- Manage Wallet Unit lifecycle, including revoking units and invalidating their attestations
- Integrate attestation issuance into your wallet backend
- Use the Procivis One Wallet application or integrate with your own wallet app
Ready to enable wallet providing? See Configure Wallet Provider to set up your system.