Evolution of Digital Identity in Europe: Experimenting with the eIDAS 2.0 Framework and the EU Digital Identity Wallet

Over the past decade, the Self-Sovereign Identity (SSI) model has gained prominence and is expected to become a key element in the authentication and identification processes of European citizens when accessing digital services. Driven by the recent eIDAS 2.0 Regulation, which updates and expands the first eIDAS Regulation by incorporating new concepts and principles aligned with the modern digital landscape, a new framework is being developed to ensure the secure use of digital identity in Europe. This framework places particular emphasis on privacy, user control over personal data, and interoperability across different national systems. This thesis work analyzes both the SSI model, comparing it with previous approaches and highlighting its strengths and challenges, and the innovations introduced by eIDAS 2.0. It then explores the EU Digital Identity Wallet infrastructure and the Architecture and Reference Framework (ARF) on which its implementation is based, outlining the role of each component within the ecosystem and its use cases. Particular attention is given to the security protocols employed for the wallet’s two main tasks - credential issuance request and credential sharing - highlighting the mechanisms that ensure the integrity and confidentiality of communications between the involved entities. Finally, to provide a deeper analysis of the flow of both tasks and demonstrate how the credential issuance process can be reproduced and tested in a controlled environment, all the services involved will be deployed locally and configured to enable their interaction. To this end, an instance of the EUDI Wallet, a Service Provider, and an eIDAS node will be set up, simulating a real-world environment for authentication and credential exchange. This experimental setup will allow for an evaluation of the interaction dynamics between the entities involved and demonstrate the technical feasibility of the framework, verifying its compliance with the security, privacy, and interoperability principles promoted by eIDAS 2.0.