Dear Colleagues,
you should have been subscribed to the mailinglist haip4w3c@eID.AS, which might
be helpful for our forthcoming discussions around this topic.
>My objective would be to move this work under W3C and into this repo (as a second step): https://github.com/w3c/vc-dpp-bw
@Carsten, yes contributing our work later on to W3C would certainly be a
very valid one option. As the HAIP4W3C profile will especially be used in the scope
of the forthcoming European Business Wallet Regulation [1] and maybe also in the
scope of the eIDAS-Regulation [2], it would also be an option to submit our joint work later
on to ETSI ESI. I think both options are conceivable and both may have certain
advantages and disadvantages. I would propose to start the work and later on decide
which way to go, or whether a combination is even better.The work on XML-DSig [3] and XAdES [4,5], which was produced two decades
ago jointly at W3C and ETSI ESI shows that a close and fruitful collaboration of
W3C and ETSI ESI is very well possible. Juan-Carlos could certainly provide more
details and insights how this worked out, and whether there have been any
pitfalls to watch.
Best Regards / have a wonderful weekend,
Detlef
[1] https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52025PC0838
[2] https://eID.AS
[3] https://www.w3.org/TR/xmldsig-core1/
[4] https://www.w3.org/TR/XAdES/
[5] https://www.etsi.org/deliver/etsi_en/319100_319199/31913201/01.03.01_60/en_31913201v010301p.pdfAm 30.04.2026 um 08:19 schrieb carsten.stoecker@spherity.com:
cstoecker
@Detlef Hühnlein (ecsec GmbH): My objective would be to move this work under W3C and into this repo (as a second step): https://github.com/w3c/vc-dpp-bw
Von: Ignacio Alamillo <ignacio.alamillo@logalty.com>
Gesendet: Donnerstag, 30. April 2026 08:15
An: Detlef Hühnlein (ecsec GmbH) <detlef.huehnlein@ecsec.de>; Steffen Schwalm <Steffen.Schwalm@msg.group>; Mikael.afHallstrom@vero.fi; carsten.stoecker@spherity.com; Werner.Folkendt@de.bosch.com; Michael.Jochem@de.bosch.com; ronald.koenig@spherity.com; nalamillo@cgcom.es
Cc: lluisalfons.arino@urv.cat; go@eID.AS; 'EUBW@eID.AS' <eubw@eid.as>; Mirko Mollik <mirko.mollik@eudi.sprind.org>; 'Varga Viktor' <viktor.varga@microsec.com>; Juan Carlos Cruellas <cruellas@ac.upc.edu>
Betreff: Re: Towards a HAIP for W3C VCDM JSON-LD
Hi,
My github name is nalamillo
Dr. Ignacio Alamillo, CISA, CISM, CDPSE
Advisor
+34 663 087 606
C/ de Cantabria, 2 (Ed. Amura) 28108 Alcobendas
En Logalty trabajamos de forma flexible por lo que, si recibes un correo mío fuera del horario laboral,
no espero que lo leas o me contestes hasta tu horario laboral habitual. Gracias
De: Detlef Hühnlein (ecsec GmbH) <detlef.huehnlein@ecsec.de>
Fecha: jueves, 30 de abril de 2026, 8:04
Para: Steffen Schwalm <Steffen.Schwalm@msg.group>, Mikael.afHallstrom@vero.fi <Mikael.afHallstrom@vero.fi>, carsten.stoecker@spherity.com <carsten.stoecker@spherity.com>, Werner.Folkendt@de.bosch.com <Werner.Folkendt@de.bosch.com>, Michael.Jochem@de.bosch.com <Michael.Jochem@de.bosch.com>, ronald.koenig@spherity.com <ronald.koenig@spherity.com>, nalamillo@cgcom.es <nalamillo@cgcom.es>, Ignacio Alamillo <ignacio.alamillo@logalty.com>
CC: lluisalfons.arino@urv.cat <lluisalfons.arino@urv.cat>, go@eid.as <go@eID.AS>, 'EUBW@eID.AS' <eubw@eid.as>, Mirko Mollik <mirko.mollik@eudi.sprind.org>, 'Varga Viktor' <viktor.varga@microsec.com>, Juan Carlos Cruellas <cruellas@ac.upc.edu>
Asunto: Towards a HAIP for W3C VCDM JSON-LDDear Colleagues,
thank you very much for the interesting and fruitful meeting yesterday.
Following the discussion on LinkedIn this morning, go@eID.AS kindly
created the repository https://github.com/eu-business-wallet/haip4w3c
and sent out first invitations to some of the already known github usernames.
Everybody who has not received an invitation yet and would like to
contribute here, is kindly requested to provide the corresponding github
username.
Best Regards,
DetlefAm 29.04.2026 um 14:47 schrieb Steffen Schwalm:
Hi all,
thanks for the fruitful and lively discussion. Beside the fact that we didn`t really discuss ETSI TS 119 482-3 as original topic we agreed that there`s need for a High Security Profile for W3CVCDM 2.0 JSON-LD (based on ETSI TS 119 472-1. The profile should be or could be part of current EN development under lead of Juan Carlos Crueallas. We agreed that relevant authorities and experts should be in the boat.
@Ignacio Alamillo I guess it might be helpful since Spain pushing W3CVCDM as well that maybe first input could be provided by Spanish experts.
Beside this would recommend reaching out to Juan Carlos for alignment and next steps.
We also had common sense that
- currently nothing forbids a QTSP to issue QEAA using W3CVCDM JSON-LD as long as a CAB and Supervisory Body accepts it (which is case in certain member states) but sustainable solution would be mentioned Security Profile
- that there´s currently a relationship between the Proposal for EU Business Wallet regulation and the 2024/2979 (IA on Art. 5a eIDAS) which is currently under revision as the proposal for EU Business Wallet regulation in current proposal refers to the IA on Art. 5a eIDAS for (Q)EAA formats
- if and how the relationship will be kept depends on final version of EU Business Wallet regulation and IA on Art. 5a eIDAS
- ETSI EN 319 482-3 Additional wallet interfaces; Part 3: Interfaces and formats for the catalogue of Attestation Rulebooks and attributes (Rapporteur Viktor Varga) in very first draft states in
- SCH-SP-5.2-02: For an Attestation Rulebook describing a type of attestation that is a QEAA or a PuB-EAA, the Scheme Provider shall specify that one or more of the following common formats is used for these attestations:
- a) ISO/IEC 18013-5-compliant mdoc;
- b) SD-JWT-based Verifiable Credentials.
This can be interpreted in a way that W3C JSON-LD not allowed for QEAA. The standard is in very first version so that changes might be possible.
Best
Steffen
-----Ursprünglicher Termin-----
Von: Mikael.afHallstrom@vero.fi <Mikael.afHallstrom@vero.fi>
Gesendet: Freitag, 24. April 2026 09:54
An: Mikael.afHallstrom@vero.fi; carsten.stoecker@spherity.com; Werner.Folkendt@de.bosch.com; Michael.Jochem@de.bosch.com; ronald.koenig@spherity.com; detlef.huehnlein@ecsec.de; Florin.Coptil@de.bosch.com; Steffen Schwalm; nalamillo@cgcom.es
Betreff: ETSI TS 119 482-3
Zeit: Mittwoch, 29. April 2026 14:00-15:00 (UTC+02:00) Helsinki, Kiew, Riga, Sofia, Tallinn, Wilna.
Ort: Microsoft Teams -kokous
Caution: This email originated from outside of the organization. Despite an upstream security check of attachments and links by Microsoft Defender for Office, a residual risk always remains. Only open attachments and links from known and trusted senders.
Hi,
we’ll discuss the subjects raised in the email-discussion about ETSI TS 119 482-3
See you online Wednesday next week!
br
Micke
WE BUILD LSP WP4 Semantics Lead
-------------------------------------------------
Mikael af HällströmDevelopment Specialist
Product Management Unit
Finnish Tax Administration
phone +358-(0)40-8271301
email mikael.afhallstrom(at)vero.fi
LinkedIN https://www.linkedin.com/in/mikaelafhallstrom/
________________________________________________________________________________
Microsoft Teams -kokous
Kokoustunnus: 321 265 331 323 2
Tunnuskoodi: iu9Qv3fo
Liity puhelimella
+358 9 85626406,,170959911# Suomi, All locations
Puhelinneuvottelun tunnus: 170 959 911#
Järjestäjille: Kokousvaihtoehdot | Palauta soittamalla liittymisen PIN-koodi
________________________________________________________________________________
--Dipl. Inform. (FH)Dr. rer. nat. Detlef Hühnleinecsec GmbHSudetenstrasse 1696247 MichelauGermanyPhone +49 9571 948 1020Mobile +49 171 9754980Mail detlef.huehnlein@ecsec.deecsec GmbHSudetenstrasse 1696247 MichelauGermanyRegistered at Court of Coburg HRB 4622EUID: DED4401V.HRB4622Directors:Tina HühnleinDr. Detlef HühnleinThis e-mail may contain strictly confidential information and is intended for the person to which it is addressed only. Any dissemination, even partly, is prohibited. If you receive this e-mail by mistake, please contact the sender and delete this e-mail from your computer, including your mailserver. Except in case of gross negligence or wilful misconduct we accept no liability for any loss or damage caused by software or e-mail viruses.
Spherity GmbH | Emil-Figge-Straße 80 | 44227 Dortmund
Managing Directors: Dr. Carsten Stöcker, Dr. Michael Rüther
Registered in Dortmund HRB 31566
-- Dipl. Inform. (FH) Dr. rer. nat. Detlef Hühnlein ecsec GmbH Sudetenstrasse 16 96247 Michelau Germany Phone +49 9571 948 1020 Mobile +49 171 9754980 Mail detlef.huehnlein@ecsec.de ecsec GmbH Sudetenstrasse 16 96247 Michelau Germany Registered at Court of Coburg HRB 4622 EUID: DED4401V.HRB4622 Directors: Tina Hühnlein Dr. Detlef Hühnlein This e-mail may contain strictly confidential information and is intended for the person to which it is addressed only. Any dissemination, even partly, is prohibited. If you receive this e-mail by mistake, please contact the sender and delete this e-mail from your computer, including your mailserver. Except in case of gross negligence or wilful misconduct we accept no liability for any loss or damage caused by software or e-mail viruses.
