Good Morning Mirko,

thank you for your message. The name can certainly be adjusted to avoid confusion. 

As the overall goal here is indeed very similar to the existing HAIP, it seems to be 
worth to consider in detail, whether simply defining a W3C VCDM JSON-LD profile 
in a new clause 6.2 of HAIP 1.x [1] would do the job.

I would suggest, that we first do our homework here, before we scare the HAIP 
authors with our vague ideas. 

This includes 
1) the discussion and clarification of the goals
2) the risk assessment mentioned by Carsten on LinkedIn
3) the development of mitigation measures, if necessary

Dear all, what is your view on this?

Best Regards, 
   Detlef

[1] https://openid.github.io/OpenID4VC-HAIP/openid4vc-high-assurance-interoperability-profile-1_1-wg-draft.html#section-6

 

Dear Detlef,

I am recommending to not call it HAIP since this term is already used and could lead to confusion. When it has basically the same requirements for oid4vci as the existing one, I would recommend to just define the credential profile for vcdm 2.0 in the ietf there.

Better go with any other name that maybe even includes business wallet to avoid any confusion

Cheers

Am 01.05.2026 23:05 schrieb "Detlef Hühnlein (ecsec GmbH) via HAIP4W3C" <haip4w3c@eid.as>:

Dear Colleagues, 

you should have been subscribed to the mailinglist haip4w3c@eID.AS, which might 
be helpful for our forthcoming discussions around this topic. 

>My objective would be to move this work under W3C and into this repo (as a second step): https://github.com/w3c/vc-dpp-bw

@Carsten, yes contributing our work later on to W3C would certainly be a 
very valid one option. As the HAIP4W3C profile will especially be used in the scope 
of the forthcoming European Business Wallet Regulation [1] and maybe also in the 
scope of the  eIDAS-Regulation [2], it would also be an option to submit our joint work later
on to ETSI ESI. I think both options are conceivable and both may have certain 
advantages and disadvantages. I would propose to start the work and later on decide 
which way to go, or whether a combination is even better. 

The work on XML-DSig [3] and XAdES [4,5], which was produced two decades 
ago jointly at W3C and ETSI ESI shows that a close and fruitful collaboration of 
W3C and ETSI ESI is very well possible. Juan-Carlos could certainly provide more 
details and insights how this worked out, and whether there have been any 
pitfalls to watch.

Best Regards / have a wonderful weekend, 
  Detlef

[1] https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52025PC0838 
[2] https://eID.AS
[3] https://www.w3.org/TR/xmldsig-core1/
[4] https://www.w3.org/TR/XAdES/
[5] https://www.etsi.org/deliver/etsi_en/319100_319199/31913201/01.03.01_60/en_31913201v010301p.pdf

Am 30.04.2026 um 08:19 schrieb carsten.stoecker@spherity.com:

cstoecker

 

@Detlef Hühnlein (ecsec GmbH): My objective would be to move this work under W3C and into this repo (as a second step): https://github.com/w3c/vc-dpp-bw

 

 

Von: Ignacio Alamillo <ignacio.alamillo@logalty.com>
Gesendet: Donnerstag, 30. April 2026 08:15
An: Detlef Hühnlein (ecsec GmbH) <detlef.huehnlein@ecsec.de>; Steffen Schwalm <Steffen.Schwalm@msg.group>; Mikael.afHallstrom@vero.fi; carsten.stoecker@spherity.com; Werner.Folkendt@de.bosch.com; Michael.Jochem@de.bosch.com; ronald.koenig@spherity.com; nalamillo@cgcom.es
Cc: lluisalfons.arino@urv.cat; go@eID.AS; 'EUBW@eID.AS' <eubw@eid.as>; Mirko Mollik <mirko.mollik@eudi.sprind.org>; 'Varga Viktor' <viktor.varga@microsec.com>; Juan Carlos Cruellas <cruellas@ac.upc.edu>
Betreff: Re: Towards a HAIP for W3C VCDM JSON-LD

 

Hi,

 

My github name is nalamillo

 

 

 

Dr. Ignacio Alamillo, CISA, CISM, CDPSE Advisor    +34 663 087 606  C/ de Cantabria, 2 (Ed. Amura) 28108 Alcobendas

 

 

En Logalty trabajamos de forma flexible por lo que, si recibes un correo mío fuera del horario laboral,

no espero que lo leas o me contestes hasta tu horario laboral habitual. Gracias

De: Detlef Hühnlein (ecsec GmbH) <detlef.huehnlein@ecsec.de>
Fecha: jueves, 30 de abril de 2026, 8:04
Para: Steffen Schwalm <Steffen.Schwalm@msg.group>, Mikael.afHallstrom@vero.fi <Mikael.afHallstrom@vero.fi>, carsten.stoecker@spherity.com <carsten.stoecker@spherity.com>, Werner.Folkendt@de.bosch.com <Werner.Folkendt@de.bosch.com>, Michael.Jochem@de.bosch.com <Michael.Jochem@de.bosch.com>, ronald.koenig@spherity.com <ronald.koenig@spherity.com>, nalamillo@cgcom.es <nalamillo@cgcom.es>, Ignacio Alamillo <ignacio.alamillo@logalty.com>
CC: lluisalfons.arino@urv.cat <lluisalfons.arino@urv.cat>, go@eid.as <go@eID.AS>, 'EUBW@eID.AS' <eubw@eid.as>, Mirko Mollik <mirko.mollik@eudi.sprind.org>, 'Varga Viktor' <viktor.varga@microsec.com>, Juan Carlos Cruellas <cruellas@ac.upc.edu>
Asunto: Towards a HAIP for W3C VCDM JSON-LD

Dear Colleagues, 
thank you very much for the interesting and fruitful meeting yesterday. 
Following the discussion on LinkedIn this morning, go@eID.AS kindly 
created the repository https://github.com/eu-business-wallet/haip4w3c 
and sent out first invitations to some of the already known github usernames. 

Everybody who has not received an invitation yet and would like to 
contribute here, is kindly requested to provide the corresponding github 
username. 

Best Regards, 
   Detlef 

Am 29.04.2026 um 14:47 schrieb Steffen Schwalm:

Hi all,

 

thanks for the fruitful and lively discussion. Beside the fact that we didn`t really discuss ETSI TS 119 482-3 as original topic we agreed that there`s need for a High Security Profile for W3CVCDM 2.0 JSON-LD (based on ETSI TS 119 472-1. The profile should be or could be part of current EN development under lead of Juan Carlos Crueallas. We agreed that relevant authorities and experts should be in the boat.

 

@Ignacio Alamillo I guess it might be helpful since Spain pushing W3CVCDM as well that maybe first input could be provided by Spanish experts.

 

Beside this would recommend reaching out to Juan Carlos for alignment and next steps.

 

We also had common sense that

• currently nothing forbids a QTSP to issue QEAA using W3CVCDM JSON-LD as long as a CAB and Supervisory Body accepts it (which is case in certain member states) but sustainable solution would be mentioned Security Profile
• that there´s currently a relationship between the Proposal for EU Business Wallet regulation and the 2024/2979 (IA on Art. 5a eIDAS) which is currently under revision as the proposal for EU Business Wallet regulation in current proposal refers to the IA on Art. 5a eIDAS for (Q)EAA formats

• • if and how the relationship will be kept depends on final version of EU Business Wallet regulation and IA on Art. 5a eIDAS

• ETSI EN 319 482-3 Additional wallet interfaces; Part 3: Interfaces and formats for the catalogue of Attestation Rulebooks and attributes (Rapporteur Viktor Varga) in very first draft states in

• • SCH-SP-5.2-02: For an Attestation Rulebook describing a type of attestation that is a QEAA or a PuB-EAA, the Scheme Provider shall specify that one or more of the following common formats is used for these attestations:

• • • a) ISO/IEC 18013-5-compliant mdoc;
    • b) SD-JWT-based Verifiable Credentials.

 

This can be interpreted in a way that W3C JSON-LD not allowed for QEAA. The standard is in very first version so that changes might be possible.

 

Best

Steffen

 

 

-----Ursprünglicher Termin-----
Von: Mikael.afHallstrom@vero.fi <Mikael.afHallstrom@vero.fi>
Gesendet: Freitag, 24. April 2026 09:54
An: Mikael.afHallstrom@vero.fi; carsten.stoecker@spherity.com; Werner.Folkendt@de.bosch.com; Michael.Jochem@de.bosch.com; ronald.koenig@spherity.com; detlef.huehnlein@ecsec.de; Florin.Coptil@de.bosch.com; Steffen Schwalm; nalamillo@cgcom.es
Betreff: ETSI TS 119 482-3
Zeit: Mittwoch, 29. April 2026 14:00-15:00 (UTC+02:00) Helsinki, Kiew, Riga, Sofia, Tallinn, Wilna.
Ort: Microsoft Teams -kokous

 

Caution: This email originated from outside of the organization. Despite an upstream security check of attachments and links by Microsoft Defender for Office, a residual risk always remains. Only open attachments and links from known and trusted senders.

Hi,

 

we’ll discuss the subjects raised in the email-discussion about ETSI TS 119 482-3

 

See you online Wednesday next week!

 

br

 

Micke

WE BUILD LSP WP4 Semantics Lead

 

-------------------------------------------------
Mikael af Hällström

Development Specialist

Product Management Unit

Finnish Tax Administration

phone +358-(0)40-8271301

email mikael.afhallstrom(at)vero.fi

LinkedIN https://www.linkedin.com/in/mikaelafhallstrom/

 

 

 

 

 

________________________________________________________________________________

Microsoft Teams -kokous

Liity: https://teams.microsoft.com/meet/3212653313232?p=z3ncFxwqpNF5ha9Rqx

Kokoustunnus: 321 265 331 323 2

Tunnuskoodi: iu9Qv3fo

---

Tarvitsetko apua? | Järjestelmäviittaus

Liity puhelimella

+358 9 85626406,,170959911# Suomi, All locations

Etsi paikallinen numero

Puhelinneuvottelun tunnus: 170 959 911#

Järjestäjille: Kokousvaihtoehdot | Palauta soittamalla liittymisen PIN-koodi

________________________________________________________________________________

 

-- 

Dipl. Inform. (FH)

Dr. rer. nat. Detlef Hühnlein

ecsec GmbH

Sudetenstrasse 16

96247 Michelau

Germany

Phone  +49 9571 948 1020

Mobile +49 171  9754980

Mail   detlef.huehnlein@ecsec.de

ecsec GmbH

Sudetenstrasse 16

96247 Michelau

Germany

Registered at Court of Coburg HRB 4622

EUID: DED4401V.HRB4622

Directors:

Tina Hühnlein

Dr. Detlef Hühnlein

This e-mail may contain strictly confidential information and is intended for the person to which it is addressed only. Any dissemination, even partly, is prohibited. If you receive this e-mail by mistake, please contact the sender and delete this e-mail from your computer, including your mailserver. Except in case of gross negligence or wilful misconduct we accept no liability for any loss or damage caused by software or e-mail viruses.

Spherity GmbH  |  Emil-Figge-Straße 80  |  44227 Dortmund

LinkedIn   |  YouTube

Managing Directors: Dr. Carsten Stöcker, Dr. Michael Rüther

Registered in Dortmund HRB 31566

-- 
Dipl. Inform. (FH)
Dr. rer. nat. Detlef Hühnlein
ecsec GmbH
Sudetenstrasse 16
96247 Michelau
Germany
Phone  +49 9571 948 1020
Mobile +49 171  9754980
Mail   detlef.huehnlein@ecsec.de

ecsec GmbH
Sudetenstrasse 16
96247 Michelau
Germany

Registered at Court of Coburg HRB 4622
EUID: DED4401V.HRB4622

Directors:
Tina Hühnlein
Dr. Detlef Hühnlein

This e-mail may contain strictly confidential information and is intended for the person to which it is addressed only. Any dissemination, even partly, is prohibited. If you receive this e-mail by mistake, please contact the sender and delete this e-mail from your computer, including your mailserver. Except in case of gross negligence or wilful misconduct we accept no liability for any loss or damage caused by software or e-mail viruses.

-- 
Dipl. Inform. (FH)
Dr. rer. nat. Detlef Hühnlein
ecsec GmbH
Sudetenstrasse 16
96247 Michelau
Germany
Phone  +49 9571 948 1020
Mobile +49 171  9754980
Mail   detlef.huehnlein@ecsec.de

ecsec GmbH
Sudetenstrasse 16
96247 Michelau
Germany

Registered at Court of Coburg HRB 4622
EUID: DED4401V.HRB4622

Directors:
Tina Hühnlein
Dr. Detlef Hühnlein

This e-mail may contain strictly confidential information and is intended for the person to which it is addressed only. Any dissemination, even partly, is prohibited. If you receive this e-mail by mistake, please contact the sender and delete this e-mail from your computer, including your mailserver. Except in case of gross negligence or wilful misconduct we accept no liability for any loss or damage caused by software or e-mail viruses.