3. Architecture Overview

The IT-Wallet System is a federated ecosystem that enables secure Digital Identity management and Digital Credential exchange for citizens and organizations. The IT-Wallet ecosystem is built on a multi-layered architecture, where governance bodies establish and maintain the trust infrastructure, Primary Actors implement and operate the technical solutions, and external systems provide additional services.

The following diagrams depict the IT-Wallet architecture overview.

Fig. 3.1 IT-Wallet architecture overview - Governance.

The governance level requires all participants in the ecosystem to comply with security and technical standards and requirements.

Fig. 3.2 IT-Wallet architecture overview - Primary Actors.

The primary operational layer implements the core Digital Credential lifecycle through coordinated interactions among specialized technical solutions, so that all credential operations maintain security and privacy standards while enabling seamless user experiences.

Fig. 3.3 IT-Wallet architecture overview - external Actors.

External systems provide services that connect the IT-Wallet ecosystem to the national digital infrastructure, enabling interoperability with existing government services and data sources.

The architecture enables the following interaction processes:

1. Entity Onboarding and Federation: Only qualified and compliant Entities are registered in the IT-Wallet Federation. The Trust Registry is updated during registration, allowing participants to monitor federation status. This process includes administrative, technical and security assessments.

2. Credential Issuance: Credential Issuers connect to Authentic Sources via standardized APIs (on the National Digital Data Platform if the Authentic Source belongs to the Public sector) to request verified User attributes. Digital Credentials are based on authoritative, current data with proper authorization and audit trails.

3. Credential Storage and Management: IT-Wallet Solutions receive and manage Digital Credentials on User devices, allowing Users to control and use credentials from multiple Issuers.

4. Credential Presentation and Verification: Users present Digital Credentials to Relying Parties for verification. Verification systems check claims through cryptographic methods and status checks for both public and private sector use.

The Trust Infrastructure manages onboarding and revocation of Entities, provides credential schemas, and lets participants discover and verify authorized entities and their status. It supports automatic trust chain validation, distributed trust anchoring, standardized metadata exchange, and Federation API services for secure, seamless federation operations.

Architecture Overview Table of Contents

• 3.1. Functionalities
  • 3.1.1. Activation of the Wallet Instance
    • 3.1.1.1. Focus on PID – Person Identification Data
  • 3.1.2. Issuance of Electronic Attestations of Attributes
    • 3.1.2.1. Focus on Electronic Attestations of Attributes
  • 3.1.3. Presentation of Electronic Attestations
    • 3.1.3.1. Proximity Presentation
    • 3.1.3.2. Remote Presentation
  • 3.1.4. Management of Electronic Attestations
    • 3.1.4.1. Status of Electronic Attestations
    • 3.1.4.2. History of Electronic Attestations
    • 3.1.4.3. Backup and Restore of Electronic Attestation of Attributes
  • 3.1.5. Deactivation of the Wallet Instance
  • 3.1.6. Error Management
    • 3.1.6.1. Activation of the Wallet Instance Errors
    • 3.1.6.2. Issuance of Electronic Attestations of Attributes Errors
    • 3.1.6.3. Presentation of Electronic Attestations Errors
    • 3.1.6.4. Management of Electronic Attestations Errors
    • 3.1.6.5. Deactivation of the Wallet Instance Errors
  • 3.1.7. User Assistance
  • 3.1.8. User Feedback