4. User Experience Design

4.1. Design Principles

The IT-Wallet System adheres to the Digital Identity Wallet Paradigm, aiming to provide Users with a simple, fast, and more secure experience when accessing services.

The Wallet Solution serves as the primary Touchpoint, enabling Users to manage and use their PID and Attributes when interacting with public or private entities, in both physical and digital contexts. However, the overall service depends on the interactions of a network of Touchpoints and Technical Solutions, that support its delivery and directly impact the User Experience.

To ensure service quality from a User Experience perspective, Primary Actors, both public and private entities, MUST ensure the usability and accessibility of their Technical Solutions while aligning with the distinctive elements of the IT-Wallet System. Specifically:

  • Usability: Technical Solutions MUST be designed and maintained to meet high usability standards, to facilitate service adoption and reduce the need for assistance. Public entities MUST adhere to [GL_DESIGN], whereas private entities MAY refer to it as a best practice.

  • Accessibility: Technical Solutions MUST be designed and maintained to meet high accessibility standards to ensure service access regardless of individual abilities, technological skills, or external and contextual constraints. Public entities MUST adhere to [REF_ACCESSIBILITY], whereas private entities MUST comply with applicable regulations.

  • Consistency: Technical Solutions MUST be designed and maintained in adherence to the IT-Wallet System's Brand Identity and User Experience functional requirements in this document, to promote the recognizability of components, to ensure the overall system consistency, and to minimize the User's cognitive load.

4.2. Functionalities Overview

The IT-Wallet System provides Users with a simpler, faster, and more secure way to access services. This service is delivered through the use of a Wallet Solution, whose User Experience is structured into three main phases: pre-use, use, and post-use.

User Experience phases of Wallet usage

Fig. 4.1 User Experience phases of Wallet usage

The following sections focus on the usage and post-usage phases. They define the functional requirements supporting the User Experience for the activation, acquisition, presentation, management, and deactivation phases, along with interaction requirements related to error management, assistance requests, and feedback collection.

Additional documentation and resources are provided in the Official Resources section.

The Official Resources include recommendations on the required User-Wallet Instance interactions and design best practices that promote consistency across different Wallet Solutions in terms of how functionalities are accessed and used.

To ensure a correct and consistent implementation, Primary Actors:

  • MUST use Official Resources and MUST comply with all related usage specifications provided;

  • MAY choose from the available configurations provided. Primary Actors MUST ensure the correct use of atomic components, such as the Engagement Buttons;

  • MUST keep used resources up to date, in line with the latest available version of the Official Resources.

4.3. Activation of the Wallet Instance

Activation enables the User to access the Wallet Solution's functionalities for securely obtaining, presenting, and managing their Electronic Attestations. The activation process involves User Authentication with the Wallet Instance using their digital identity, which enables the generation of the PID.

Below are the User Experience requirements that the Wallet Provider MUST guarantee via their Wallet Solution:

  • The User downloads the Wallet Solution onto their device to generate their Wallet Instance;

  • The User sets an unlock PIN for their Wallet Instance if one has not been previously set in the app. In addition to the PIN, the User can decide to use their own unlock mechanism used within the device and managed at the operating system level (e.g., biometric authentication) as an alternative to the PIN. The User uses the unlock method whenever an authorization is required to ensure security and protect their information;

  • The User reviews all relevant information regarding the activation process and service usage. Additionally, the User reads any policy from the Provider and PID Provider and/or the service's terms and conditions. The User gives their consent to proceed or declines to cancel the operation;

  • The User selects an Authentication option from those available;

  • The User completes the Authentication flow with the National Identity Provider's service;

  • The User receives confirmation of the Authentication process outcome. If successful, the User views a preview of their PID. The User confirms the previewed information to proceed with Wallet Instance activation, or cancels the operation;

  • The User authorizes the operation using the unlock method previously set;

  • The User receives confirmation of the successful activation of the Wallet Instance.

The Wallet Provider MUST allow the User to remove the PID issued during the activation phase. In addition, the PID Provider SHOULD allow the User to revoke the issued PID through a specific Touchpoint. The Wallet Provider MUST allow the User to always have the option to request the deactivation of their Wallet Instance, even in the absence of the device on which it was installed. For further details, please refer to the Deactivation of the Wallet Instance and Management of Electronic Attestations sections.

In case of errors using the Wallet Instance, the Wallet Provider MUST guarantee that the User receives consistent messages that inform them and guide them toward resolving the issue. For further details, please refer to the Error Management section.

4.3.1. Focus on PID – Person Identification Data

The PID (Person Identification Data) refers to verified minimum set of informations about the User identity (see Digital Credential Data Model) issued as a result of the activation process and made available in the Wallet Instance. Below are the requirements for displaying and using the PID that each Wallet Provider MUST adhere to, in order to provide a consistent and accessible consultation and usage experience:

  • The PID MUST be displayed correctly across all devices, ensuring a consistent experience on screens of varying sizes;

  • The PID MUST be named as defined by the PID Provider;

  • The PID MUST display its status if different from valid to provide transparency on its lifecycle and MAY display it if valid. Specific details about the PID status, if invalid, MAY be provided (e.g., the reason why the PID is revoked);

  • The PID MUST include Action Buttons to enable lifecycle management and allow the User to revoke the PID, thus the entire Wallet Instance with all EAAs issued, or to update the PID at any time (see Management of Electronic Attestations);

  • The PID MUST be an interactive element, for the User to be authenticated by a Relying Party in a digital context (see Authentication), to access services in proximity contexts, and to request the issuance of additional EAAs (see Issuance of Electronic Attestations of Attributes);

  • The PID MUST display a method of assistance by the PID Provider (see User Assistance);

  • The PID MUST be recognizable by the User and distinguishable from other EAAs;

  • The PID MUST be named with the naming convention that will be defined in this document's future version, avoiding custom or technical terms such as "Person Identification Data" or its acronym "PID";

  • The PID representation MUST adhere to a defined set of specifications provided by the PID Provider to ensure recognizability, consistency and homogeneity among different Wallet Solutions.

The PID Provider MUST:

  • Implement a name/naming convention to refer to the PID, to guarantee consistency across all Wallet Solutions;

  • Define a clear set of specifications for the PID to ensure consistent identification and representation of the PID across different Wallet Solutions, in terms of format, structure and appearance standards (e.g. color, background image, etc.).

4.4. Issuance of Electronic Attestations of Attributes

Once activation is complete, the User MAY obtain one or more Electronic Attestations of Attributes within their Wallet Instance.

Depending on the User's specific needs, the type of Electronic Attestation of Attributes, and the offerings available from the Wallet Provider, the Electronic Attestation of Attributes Provider, and the Authentic Source, the request of Electronic Attestations of Attributes can occur in two ways:

  • from the Wallet Instance Catalogue: the User explores the list of Electronic Attestations of Attributes provided by the Wallet Solution, selects the one of interest, and initiates the request process, concluding with the issuance of the Electronic Attestation of Attributes in the Wallet Instance;

  • from a Touchpoint of the Authentic Source (or the Electronic Attestation of Attributes Provider if it coincides with the Authentic Source): Users interact with the digital service of the Authentic Source, allowing them to get a specific Electronic Attestation of Attributes in their Wallet Instance via an Engagement Button.

Although the methods for initiating the request are different, the issuance flows share a similar structure and process.

4.4.1. Issuance from the Wallet Instance Catalogue

Below are illustrated the User Experience requirements for the issuance of an Electronic Attribute Attestation from the Catalogue that the Wallet Solution Provider MUST guarantee through their own Wallet Solution:

  • The User accesses their Wallet Instance using the unlock method previously set;

  • The User selects the Electronic Attestation of Attributes they wish to request from the available options in the Catalogue;

  • The User selects from which Electronic Attestation Provider they want to obtain the Electronic Attribute Attestation, if there is more than one;

  • The User views any additional information on requirements and/or limitations related to obtaining the Electronic Attestation of Attributes from the Authentic Source;

  • The User views the PID data, if required by the Authentic Source for the request of the Electronic Attestation of Attributes, the name of the related Electronic Attestation of Attributes Provider, and any related information policy. The User gives their consent to proceed, presenting their PID data to the Electronic Attestation of Attributes Provider, or cancels the operation;

  • The User views a preview of the Electronic Attestation of Attributes. The User confirms the data shown in the preview to proceed with the request or cancels the operation;

  • The User authorizes the operation using the unlock method previously set;

  • The User views the positive outcome of the request;

  • The User views the details of the requested Electronic Attestation of Attributes, including: the data contained in it, the name of the Electronic Attestation of Attributes Provider who issued the Attestation, and the name of the Authentic Source;

  • The User has access to all issued Electronic Attestations by navigating the Wallet Instance.

The Authentic Source MAY provide additional information related to an Electronic Attestation of Attributes. This information MUST be displayed by the Wallet Instance to the User, before initiating the process of issuing the Electronic Attestation of Attributes. In order to properly draft this informational content, the Authentic Source:

  • MUST use clear language (e.g. avoid technical or complex terms), be concise (e.g. avoid excessively long or elaborate texts) and inclusive (e.g. avoid ability-based verbs), following the best practices for writing, language and tone of voice described in [REF_ACCESSIBILITY] and, in the case of public entities, in [GL_DESIGN];

  • MUST adhere to the specific purpose of the text, communicating useful information to the User before engaging in the issuance process (e.g. listing prerequisites or stating limitations that could affect the successful outcome of the procedure);

  • MUST ensure that the information is constantly updated;

  • MUST include a title and text in which it MAY include references to external channels to direct Users to a procedure, explore a specific topic and/or open support requests.

Following is an example of informative text:

Note

Title: Do you already have the physical document? Text: To obtain the digital version of [Document name], please make sure to already have obtained the corresponding physical document. For more details, [read more information] (URL).

For further information, please refer to the section Digital Credentials Catalogue (see claim user_information).

The Wallet Provider MUST allow the User to remove an Electronic Attestation of Attributes through their Wallet Instance at any moment. In case of absence of the device where the Wallet Instance was activated, the Wallet Provider MUST allow the User to deactivate the entire Wallet Instance through a specific Touchpoint. In addition, the Electronic Attestation of Attributes Providers SHOULD allow the User to revoke the issued Digital Credentials through specific Touchpoints. For more details, please refer to the Deactivation of the Wallet Instance and Management of Electronic Attestations sections.

In the event of communication issues between the systems of the Electronic Attestation of Attributes Provider and the Authentic Source, or if administrative or technical processes prevent the immediate issuance of the Electronic Attestation of Attributes, the actors involved MAY support a deferred issuance process. In this case the Wallet Provider MUST guarantee that:

  • Upon reaching the final step of the process, the User visualizes a message prompting them to wait until the Electronic Attestation of Attributes can be issued.

  • The User is informed by the Electronic Attestation of Attributes Provider once the Electronic Attestation of Attributes becomes available.

If the User encounters incorrect data in an already obtained or in-progress Electronic Attestation of Attributes, the Wallet Provider SHOULD guarantee the User appropriate assistance via their Wallet Instance. For more information, please refer to the User Assistance section.

In case of errors using the Wallet Instance, the Wallet Provider MUST guarantee that the User receives consistent messages that inform them and guide them toward resolving the issue. For further details, please refer to the Error Management section.

4.4.2. Issuance from a Touchpoint of the Authentic Source

Below are illustrated the User Experience requirements for the issuance of an Electronic Attribute Attestation from the Catalogue that the Wallet Solution Provider MUST guarantee through their own Wallet Solution:

  • The User interacts with the Engagement Button clearly displayed in the Touchpoint interface;

  • The User selects the Wallet Solution with which to proceed, through an interface that SHOULD follow the directions and functionalities described for the Selection Page in the Authentication section;

  • (cross-device only) the User scans the QR code that invokes the opening of their chosen Wallet Instance, through an interface that SHOULD follow the directions and functionalities described for the QR Code Page in the Authentication section;

  • (cross-device only) the User displays a message inviting them to continue on their chosen Wallet Instance, through an interface that SHOULD follow the directions and functionalities described for the Waiting Page in the Authentication section;

  • The User accesses their Wallet Instance using the unlock method previously set;

  • The User views the PID data, if required for the request of the Electronic Attestation of Attributes, the name of the related Electronic Attestation of Attributes Provider, and any related information policy. The User gives their consent to proceed, presenting their PID data to the Electronic Attestation of Attributes Provider, or cancels the operation;

  • The User views any additional information on requirements and/or limitations related to obtaining the Electronic Attestation of Attributes;

  • The User views a preview of the Electronic Attestation of Attributes. The User confirms the data shown in the preview to proceed with the request or cancels the operation;

  • The User authorizes the operation using the unlock method previously set;

  • The User views the positive outcome of the request;

  • The User views the details of the requested Electronic Attestation of Attributes, including: the data contained in it, the name of the Electronic Attestation of Attributes Provider who issued the Attestation, and the names of the Authentic Sources.

In case of errors during the issuance of the Electronic Attestation of Attributes, the Authentic Source MUST guarantee that the User receives consistent messages that inform them and guide them toward resolving the issue. For further details, please refer to the Error Management section.

4.4.3. Focus on Electronic Attestations of Attributes

The EAAs obtained within the Wallet Instance SHOULD be displayed in a list within a Preview View. In this case, each EAA MUST ensure a high level of recognizability and accessibility [REF_ACCESSIBILITY] of the information contained. Below are the requirements for displaying the EAA that each Wallet Provider MUST adhere to in order to provide a consistent and accessible consultation and usage experience:

  • The EAA MUST be displayed correctly across all devices, ensuring a consistent experience on screens of varying sizes;

  • The name of the EAA MUST be clearly visible and always displayed in both the Detail View and the Preview View;

  • The EAA, both in the Preview View and the Detailed View, MUST display its status if different from valid to provide transparency on its lifecycle and MAY display it if valid. The Preview View MAY also include additional Attributes to enhance the User Experience and management; for example, it MAY display the name or logo of the Electronic Attestation of Attributes Provider or the PID Provider. The Detailed View MAY provide specific details about the state if invalid (e.g., the reason why the EAA is revoked);

  • The EAA MUST include Action Buttons in the Detail View to enable lifecycle management and allow the User to revoke or to update a EAA at any time (see Management of Electronic Attestations);

  • The EAA MUST be an interactive element, for the User to access services provided by Relying Parties in digital and proximity contexts (see Presentation of Electronic Attestations);

  • The EAA MAY be displayed in a card format in their Preview View, in line with approaches already used by other digital wallets in the market, to mirror the appearance of a corresponding physical document. When applicable, the digital nature of the document MAY be indicated, such as by labeling it as a "digital version" in the layout;

  • The EAA MUST display the same information in the Detail View as shown in the Preview View and MAY include additional details;

  • The EAA MUST display a method of assistance (see User Assistance);

  • The EAA layout in the Preview View MUST be optimized for scalability and usability, especially when multiple EAAs are displayed on the same screen;

  • The EAA representation MUST adhere to a defined set of specifications provided by the Electronic Attestation of Attributes Provider to ensure recognizability, consistency and homogeneity among different Wallet Solutions.

The Electronic Attestation of Attributes Provider:

  • MUST define a name/ naming convention to refer to the EAAs issued, to guarantee consistency across all Wallet Solutions; the EAA name MUST be comprehensible and user-friendly avoiding technical terms or acronyms whenever possible;

  • MUST define a clear set of specifications for the EAA to ensure consistent identification and representation of the EAA across different Wallet Solutions, in terms of format, structure, and appearance standards (e.g. color, background image, etc.).

4.5. Presentation of Electronic Attestations

The presentation process allows the User to access a service or demonstrate ownership of certain data or their eligibility to perform a specific action. The presentation of Electronic Attestations and their subsequent verification involves interaction between the Wallet Instance, managed by the User, and a Relying Party Instance. Depending on the circumstances and context of the interaction, the following scenarios can be outlined:

  • Proximity Presentation: the User presents the PID and/or EAA data through the Wallet Instance, directly to a Verifier or to a device designated for in-person verification.

  • Remote Presentation: the User presents the PID and/or EAA data through the Wallet Instance, to a Relying Party configured for online verification, for instance, to Authenticate and access the services offered.

4.5.1. Proximity Presentation

Proximity presentation allows the User to present the PID and/or EAA data via their Wallet Instance, using one of two methods:

  • Supervised mode: the User presents the PID and/or EAA data through the Wallet Instance to a Verifier (e.g., law enforcement officer, desk operator) equipped with a dedicated verification system (Mobile Relying Party Instance).

  • Unsupervised mode: the User presents the PID and/or EAA data through the Wallet Instance to a designated device (e.g., turnstile, totem) provided with a dedicated verification system (Embedded Relying Party Instance).

Below are the User Experience requirements related to both methods that the Wallet Provider MUST guarantee via their Wallet Solution.

Supervised Mode

  • The User accesses their Wallet Instance using the unlock method previously set;

  • The User navigates to the feature dedicated to QR Code generation;

  • The User presents the generated QR Code to the Verifier acting on behalf of the Relying Party, who scans it using the designated verification app or system;

  • The User reviews the requested PID and/or EAA data, the name of the requesting Service Provider, and any related policy. The User decides whether to present any non-mandatory PID and/or EAA data (Selective Disclosure). The User provides consent to proceed or cancels the operation;

  • The User authorizes the operation using the unlock method previously set;

  • The User receives confirmation of the successful presentation.

In case of errors using the Wallet Instance, the Wallet Provider MUST guarantee that the User receives consistent messages that inform them and guide them toward resolving the issue. For further details, please refer to the Error Management section.

Unsupervised Mode

  • The User accesses their Wallet Instance using the unlock method previously set;

  • The User navigates to the feature dedicated to QR Code generation;

  • The User presents the generated QR Code to the designated device (e.g., a turnstile) of the Relying Party for scanning;

  • The User reviews the requested PID and/or EAA data, the name of the requesting Relying Party, and any related policy. The User decides whether to present any non-mandatory PID and/or EAA (Selective Disclosure). The User provides consent to proceed or cancels the operation;

  • The User authorizes the operation using the unlock method previously set;

  • The User receives confirmation of the successful presentation.

In case of errors using the Wallet Instance, the Wallet Provider MUST guarantee that the User receives consistent messages that inform them and guide them toward resolving the issue. For further details, please refer to the Error Management section.

4.5.2. Remote Presentation

Remote presentation allows the User to present the PID and/or EAA data by interacting with a Relying Party's Touchpoint through a designated Engagement Button.

This presentation can occur in two different modes, depending on the type of device used to access the service:

  • Same-device mode: when the User accesses an online digital service integrated with a special verification system (Web Relying Party Instance) using the same device on which the Wallet Instance is installed;

  • Cross-device mode: when the User accesses a digital service integrated with a special verification system (Web Relying Party Instance) using a different device from the one where the Wallet Instance is installed.

Below are the User Experience requirements related to both methods that the Wallet Provider MUST guarantee via their Wallet Solution.

Same-Device Mode

  • The User clicks the Engagement Button provided on the Relying Party's Touchpoint;

  • The User accesses their Wallet Instance using the unlock method previously set;

  • The User reviews the requested PID and/or EAA data, the name of the requesting Relying Party, and any related policy. The User decides whether to present any non-mandatory PID and/or EAA data (Selective Disclosure). The User provides consent to proceed or cancels the operation;

  • The User authorizes the operation using the unlock method previously set;

  • The User receives confirmation of the successful presentation within the Wallet Instance;

  • The User returns to the Relying Party's Touchpoint, where they see confirmation of the completed presentation.

In case of errors using the Wallet Instance, the Wallet Provider MUST guarantee that the User receives consistent messages that inform them and guide them toward resolving the issue. For further details, please refer to the Error Management section.

Cross-Device Mode

  • The User clicks the Engagement Button provided on the Touchpoint of the Relying Party while accessing the service from a different device than the one where the Wallet Instance is installed;

  • The User accesses the desired Wallet Instance from the device where it is installed, using the unlock method previously set;

  • The User scans the QR Code provided by the Relying Party using their Wallet Instance;

  • The User reviews the requested PID and/or EAA data, the name of the requesting Relying Party, and any related policy. The User decides whether to present any non-mandatory personal data (Selective Disclosure). The User provides consent to proceed or cancels the operation.

  • The User authorizes the operation using the unlock method previously set;

  • The User receives confirmation of the successful presentation within the Wallet Instance;

  • The User returns to the Relying Party's Touchpoint and views confirmation of the completed presentation.

In case of errors using the Wallet Instance, the Wallet Provider MUST guarantee that the User receives consistent messages that inform them and guide them toward resolving the issue. For further details, please refer to the Error Management section.

4.5.2.1. Authentication

Authentication is a specific use case of remote presentation that allows the User to securely access services provided by both public and private Relying Parties. This is achieved by presenting the PID and, if necessary, a set of Attributes contained in the obtained Electronic Attestations of Attributes. This process ensures that the User retains control over their data, including the ability to present only the information strictly necessary for verification by Relying Parties.

The Authentication process can be carried out using both the same-device and cross-device modes described above. For the User Experience functional requirements that MUST be addressed, please refer to the functional requirements for remote presentation in same-device and cross-device modes.

From a User Experience perspective, the Authentication process differs from the Presentation process only in how it is initiated, which is through a dedicated Authentication Button.

To ensure a consistent and seamless Authentication process across all Relying Parties, each Relying Party MUST follow the visual and User Experience requirements outlined below, together with compliance with [REF_ACCESSIBILITY] and, in the case of public entities, with [GL_DESIGN]

Relying Parties SHOULD use the Official Resources for design and development. If a Relying Party does not intend to use such open source resources, it MAY independently develop the Technical Solutions enabling the Authentication flow, ensuring that it follows the specifications herein provided.

Note

The images in this section are to be considered illustrative as they are the subject of interface (UI) evolutions, pending the definition of the branding of the IT-Wallet System.

Relying Parties MUST implement and provide the following pages as part of the Authentication process:

  • Discovery Page: lists all the available Authentication methods;

  • Selection Page: shows the User all the Wallet Solutions available in the Register and let them choose which one to continue the Authentication process with;

  • QR Code Page (cross-device only): prompts the User to scan a QR code;

  • Waiting Page (cross-device only): instructs the User to continue the Authentication process on their Wallet Instance;

  • Thank You Page: confirms the successful Authentication;

  • Error Page: displays error messages related to the Authentication process.

Each of these pages MUST include the following recurring elements, in line with the Visual Identity of the Relying Party's Touchpoint:

  • A header and/or subheader allowing Users to navigate back to the previous page.

  • A footer including the privacy policy, legal notice, and accessibility statement, where required by current regulations.

Specific requirements for each individual page are detailed below.

Discovery Page

To enable Authentication via the IT-Wallet System, the Relying Party MAY replace its existing Discovery Page with the version provided in the Official Resources.

Layout Model of Discovery Page in grid

Fig. 4.3 Layout Model of Discovery Page in grid

Alternatively, the Relying Party MAY maintain its own Discovery Page but MUST integrate the Authentication Button as specified in the Authentication Button section.

The Relying Party implementing the page:

  • MUST display all available Digital Identity Authentication methods, including the IT-Wallet System Authentication through the Authentication Button;

  • MAY also present alternative Authentication methods, if available;

  • SHOULD provide essential supporting information to help the User make an informed and conscious choice.

If the User accesses the Discovery Page from a different Touchpoint than the one where the Wallet Instance is activated (cross-device), selecting IT-Wallet System Authentication MUST redirect the User to the QR Code Page.

If the User accesses the Discovery Page from the same Touchpoint where the Wallet Instance is activated (same-device), the selection MUST trigger the opening of the User's Wallet Instance.

Selection Page

The Selection Page is the page on which the User lands after they have chosen to Authenticate via the IT-Wallet System, and is intended to present the User with the Wallet Solutions available to perform Authentication.

The Relying Party MUST implement the Selection Page made available in the Official Resources.

Selection Page

Fig. 4.5 Selection Page

The Relying Party implementing the page:

  • MUST include the elements proper to the Visual Identity of the IT-Wallet System, including the Logo by placing it alongside its own logo according to the guidance provided in the Visual Identity section;

  • MUST ensure that the copy on the page mirrors that reported in the Official Resources;

  • MUST present each Wallet Solution in the IT-Wallet Register through a modular component that displays the logo and name in full;

  • MUST present the Wallet Solutions in a dynamic layout that adapts to the number of Wallet Solutions available: when less than 3 MUST distribute them in a 2-column grid, when less than 2 MUST use a center-column layout; in all cases random sorting MUST be guarantee;

  • MUST allow the User to search for a Wallet Solution through a filter feature by name, when more than 5 Wallet Solutions are present;

  • MUST allow the User to find out, when needed, which Wallet Solutions are available in the Register by preparing a cross-reference to the official site of the IT-Wallet System;

  • MUST include a Call to Action that allows the User to abort the operation and return to the Discovery Page.

The Relying Party MAY also include a text component on the Selection Page to promote the Authentication mode via IT-Wallet, which links back to the IT-Wallet System's official website, as represented in the Official Resources.

QR Code Page (cross-device only)

The QR Code Page is presented to the User who selects IT-Wallet System Authentication within a cross-device process. Its purpose is to prompt the User to scan the generated QR code using their Wallet Instance.

Relying Parties MUST implement the QR Code Page (cross-device) provided in the Official Resources.

QR Code Page

Fig. 4.7 QR Code Page

The Relying Party implementing the page:

  • MUST include the Visual Identity elements of the IT-Wallet System, including the logo;

  • MUST ensure that the copy on the page mirrors that reported in the Official Resources;

  • MUST include a Call To Action allowing the User to generate a new QR code in case of timeout;

  • MUST include a Call To Action allowing the User to cancel the operation and return to the Discovery Page.

Furthermore, in compliance with [REF_ACCESSIBILITY], regarding the QR code, the Relying Parties:

  • MUST respect the minimum recommended dimensions to ensure effective scanning. A size of 150x150 pixels is generally adequate, but for codes with high data density (e.g. long URLs or numerous characters), it is advisable to increase it to 300x300 pixels or more;

  • MUST ensure minimum contrast between the QR code and the background (the ideal condition provides for a white background with a black QR code);

  • MUST avoid color inversions between background and QR code;

  • MUST limit the presence to only one QR code per page;

  • MUST ensure sharpness and high quality;

  • MUST ensure SVG format;

  • MUST ensure that it is not partially hidden by text or other elements.

Waiting Page (cross-device only)

The Waiting Page is shown after the QR code has been scanned and prompts the User to continue the Authentication process within their Wallet Instance.

Relying Parties MUST implement the Waiting Page (cross-device) provided in the Official Resources.

Waiting Page

Fig. 4.9 Waiting Page

The Relying Party implementing the page:

  • MUST include the Visual Identity elements of the IT-Wallet System, including the logo and an icon or graphical element consolidating the message;

  • MUST ensure that the copy on the page mirrors that reported in the Official Resources.

Thank You Page

The Thank You Page is displayed after the User completes the Authentication process via their Wallet Instance. Its purpose is to prompt the User to proceed to the authenticated area of the Relying Party's Touchpoint.

Relying Parties MUST implement the Thank You Page provided in the Official Resources.

Thank You Page

Fig. 4.11 Thank You Page

The Relying Party implementing the page:

  • MUST include the Visual Identity elements of the IT-Wallet System, including the logo and an icon or graphical element consolidating the message;

  • MUST ensure that the copy on the page mirrors that reported in the Official Resources;

  • MUST include a Call To Action prompting the User to proceed to the Touchpoint authenticated area.

Error Page

The Error Page is displayed when an issue occurs during the Authentication process. Its purpose is to inform the User about the nature of the error (e.g., technical issue, network issues, Wallet Instance malfunction, denied data sharing, etc.) and to present the available next steps. For further details, refer to the Error Management section.

Relying Parties MUST implement the Error Page provided in the Official Resources.

Error Page

Fig. 4.13 Error Page

The Relying Party implementing the page:

  • MUST include the Visual Identity elements of the IT-Wallet System, including the logo and an icon or graphical element that conveys the type of error;

  • MUST ensure that the copy on the page mirrors that reported in the Official Resources;

  • MUST include one or more Call To Action guiding the User toward the appropriate next step (e.g., retry, contact support, etc.).

4.5.2.1.1. Authentication Button

The Authentication Button "Login with IT-Wallet" serves as an Engagement Button, providing Users with a standardized way to Authenticate themselves using their digital Wallet.

Relying Parties MUST make the Authentication Button available within the Discovery Page of their Technical Solutions to allow the User to get authenticated into their services using the Wallet Instance under their control.

The Authentication Button has the following requirements:

  • The Authentication Button MUST be used exactly as outlined in the Official Resources and MUST NOT be redesigned ad hoc;

  • The Authentication Button MUST be used only in the shapes, colors and proportions defined and MUST NOT be altered, distorted, or hidden;

  • The Authentication Button MUST be responsive to all screen resolutions and MUST be integrated in the Discovery Page in order to meet minimum usability and accessibility requirements;

  • Actors wishing to integrate the Authentication Button into their Technical Solution MUST ensure that it is translated into other languages, at least English;

  • The Authentication Button MUST maintain a minimum distance from other elements (quiet zone) of at least 24px;

  • The Authentication Button MUST state "Login with IT-Wallet";

  • The Authentication Button SHOULD always be accompanied by an external link (e.g., "Learn more") that links to the official website of the IT-Wallet System www.wallet.gov.it;

  • Where space allows and/or the context requires it, the Authentication Button SHOULD be accompanied by a descriptive text, e.g., "IT-Wallet is the Italian Digital Wallet System that gives you full control over your information, without the issuing entity being aware of when and how it is used” or "Login through an IT-Wallet app, the Italian Digital Wallet System that simplifies interactions between citizens, public administrations and private entities, in the physical and digital world. With IT-Wallet you have full control over your information, sharing it only when necessary and securely, without the issuing entity knowing when and how it is used.".

Below are some non-mandatory examples of Authentication Button layouts:

Variants of Authentication Button

Fig. 4.15 Variants of Authentication Button

The integration of the Authentication Button within the Discovery Page may vary depending on the page layout. Below are illustrative, non-exhaustive examples of Discovery Pages using grid, tab, and list layouts, respectively.

Examples of Discovery Page layouts: grid, tab, and list

Fig. 4.17 Examples of Discovery Page layouts: grid, tab, and list

For further details on the use of the Authentication Button, please refer to the Authentication section.

"Login with IT-Wallet" button - html code

The button is available in 3 variants (default / M / L ) and in "get" (call to an external page) and "post" (form inside the button) formats. The references to the html code and the Brand Identity will be included in the next releases of the present specifications.

"Login with IT-Wallet" button – svg Below a non-normative example of the Authentication Button. The references to the Brand Identity will be included in the next releases of the present specifications.

<svg width="291" height="105" viewBox="0 0 291 105" fill="none" xmlns="http://www.w3.org/2000/svg">
<rect width="290" height="104" transform="translate(0.945312 0.730469)" fill="white"/>
<rect x="12.9453" y="12.7305" width="266" height="48" rx="4" fill="#0066CC"/>
<path d="M37.0053 35.5705L41.4253 31.1505L37.0053 26.7305L32.5853 31.1505L37.0053 35.5705ZM42.6453 41.2105L47.0653 36.7905L42.6453 32.3705L38.2253 36.7905L42.6453 41.2105ZM31.3653 41.2105L35.7853 36.7905L31.3653 32.3705L26.9453 36.7905L31.3653 41.2105ZM37.0053 46.8505L41.4253 42.4305L37.0053 38.0105L32.5853 42.4305L37.0053 46.8505Z" fill="white"/>
<path d="M60.9453 16.7305V56.7305" stroke="white" stroke-linejoin="round"/>
<path d="M99.6624 42.7305V31.7705H106.574V33.3225H101.438V36.4265H105.614V37.9625H101.438V41.1625H106.574V42.7305H99.6624ZM110.042 42.7305H108.298V34.7305H110.026V35.2265C110.805 34.7785 111.541 34.5545 112.234 34.5545C113.301 34.5545 114.026 34.8585 114.41 35.4665C114.805 36.0638 115.002 37.0558 115.002 38.4425V42.7305H113.274V38.4905C113.274 37.6265 113.178 37.0131 112.986 36.6505C112.805 36.2878 112.426 36.1065 111.85 36.1065C111.306 36.1065 110.784 36.2131 110.282 36.4265L110.042 36.5225V42.7305ZM121.337 36.2185H119.129V39.7385C119.129 40.3891 119.177 40.8211 119.273 41.0345C119.369 41.2478 119.614 41.3545 120.009 41.3545L121.321 41.3065L121.401 42.6985C120.686 42.8371 120.142 42.9065 119.769 42.9065C118.862 42.9065 118.238 42.6985 117.897 42.2825C117.566 41.8665 117.401 41.0825 117.401 39.9305V36.2185H116.377V34.7305H117.401V32.4105H119.129V34.7305H121.337V36.2185ZM122.767 42.7305V34.7305H124.495V35.6905C125.402 35.1038 126.308 34.7251 127.215 34.5545V36.2985C126.298 36.4798 125.514 36.7145 124.863 37.0025L124.511 37.1465V42.7305H122.767ZM134.468 37.1945V40.8425C134.479 41.0771 134.538 41.2531 134.644 41.3705C134.762 41.4771 134.938 41.5465 135.172 41.5785L135.124 42.9065C134.207 42.9065 133.498 42.7091 132.996 42.3145C132.143 42.7091 131.284 42.9065 130.42 42.9065C128.831 42.9065 128.036 42.0585 128.036 40.3625C128.036 39.5518 128.25 38.9651 128.676 38.6025C129.114 38.2398 129.78 38.0211 130.676 37.9465L132.74 37.7705V37.1945C132.74 36.7678 132.644 36.4691 132.452 36.2985C132.271 36.1278 131.999 36.0425 131.636 36.0425C130.954 36.0425 130.1 36.0851 129.076 36.1705L128.564 36.2025L128.5 34.9705C129.663 34.6931 130.73 34.5545 131.7 34.5545C132.682 34.5545 133.386 34.7678 133.812 35.1945C134.25 35.6105 134.468 36.2771 134.468 37.1945ZM130.884 39.1785C130.148 39.2425 129.78 39.6425 129.78 40.3785C129.78 41.1145 130.106 41.4825 130.756 41.4825C131.29 41.4825 131.855 41.3971 132.452 41.2265L132.74 41.1305V39.0025L130.884 39.1785ZM143.165 34.5545C143.731 34.5545 144.397 34.6291 145.165 34.7785L145.565 34.8585L145.501 36.2345C144.659 36.1491 144.035 36.1065 143.629 36.1065C142.819 36.1065 142.275 36.2878 141.997 36.6505C141.72 37.0131 141.581 37.6958 141.581 38.6985C141.581 39.7011 141.715 40.3945 141.981 40.7785C142.248 41.1625 142.803 41.3545 143.645 41.3545L145.517 41.2265L145.565 42.6185C144.488 42.8105 143.677 42.9065 143.133 42.9065C141.917 42.9065 141.059 42.5811 140.557 41.9305C140.067 41.2691 139.821 40.1918 139.821 38.6985C139.821 37.2051 140.083 36.1438 140.605 35.5145C141.128 34.8745 141.981 34.5545 143.165 34.5545ZM147.605 35.5945C148.16 34.9011 149.077 34.5545 150.357 34.5545C151.637 34.5545 152.549 34.9011 153.093 35.5945C153.648 36.2878 153.925 37.3278 153.925 38.7145C153.925 40.1011 153.659 41.1465 153.125 41.8505C152.592 42.5545 151.669 42.9065 150.357 42.9065C149.045 42.9065 148.123 42.5545 147.589 41.8505C147.056 41.1465 146.789 40.1011 146.789 38.7145C146.789 37.3278 147.061 36.2878 147.605 35.5945ZM148.917 40.7945C149.163 41.2211 149.643 41.4345 150.357 41.4345C151.072 41.4345 151.552 41.2211 151.797 40.7945C152.043 40.3678 152.165 39.6691 152.165 38.6985C152.165 37.7278 152.032 37.0398 151.765 36.6345C151.509 36.2291 151.04 36.0265 150.357 36.0265C149.675 36.0265 149.2 36.2291 148.933 36.6345C148.677 37.0398 148.549 37.7278 148.549 38.6985C148.549 39.6691 148.672 40.3678 148.917 40.7945ZM157.402 42.7305H155.658V34.7305H157.386V35.2265C158.164 34.7785 158.9 34.5545 159.594 34.5545C160.66 34.5545 161.386 34.8585 161.77 35.4665C162.164 36.0638 162.362 37.0558 162.362 38.4425V42.7305H160.634V38.4905C160.634 37.6265 160.538 37.0131 160.346 36.6505C160.164 36.2878 159.786 36.1065 159.21 36.1065C158.666 36.1065 158.143 36.2131 157.642 36.4265L157.402 36.5225V42.7305ZM168.116 42.7305V31.7705H169.892V42.7305H168.116ZM171.356 33.3545V31.7705H179.356V33.3545H176.268V42.7305H174.476V33.3545H171.356ZM179.593 39.2105V37.6265H184.377V39.2105H179.593ZM185.47 31.7705H187.342L188.91 41.1945H189.246L191.326 31.8025H193.406L195.486 41.1945H195.838L197.406 31.7705H199.278L197.118 42.7305H194.254L192.366 33.9465L190.494 42.7305H187.614L185.47 31.7705ZM206.406 37.1945V40.8425C206.416 41.0771 206.475 41.2531 206.582 41.3705C206.699 41.4771 206.875 41.5465 207.11 41.5785L207.062 42.9065C206.144 42.9065 205.435 42.7091 204.934 42.3145C204.08 42.7091 203.222 42.9065 202.358 42.9065C200.768 42.9065 199.974 42.0585 199.974 40.3625C199.974 39.5518 200.187 38.9651 200.614 38.6025C201.051 38.2398 201.718 38.0211 202.614 37.9465L204.678 37.7705V37.1945C204.678 36.7678 204.582 36.4691 204.39 36.2985C204.208 36.1278 203.936 36.0425 203.574 36.0425C202.891 36.0425 202.038 36.0851 201.014 36.1705L200.502 36.2025L200.438 34.9705C201.6 34.6931 202.667 34.5545 203.638 34.5545C204.619 34.5545 205.323 34.7678 205.75 35.1945C206.187 35.6105 206.406 36.2771 206.406 37.1945ZM202.822 39.1785C202.086 39.2425 201.718 39.6425 201.718 40.3785C201.718 41.1145 202.043 41.4825 202.694 41.4825C203.227 41.4825 203.792 41.3971 204.39 41.2265L204.678 41.1305V39.0025L202.822 39.1785ZM208.691 42.7305V31.4025H210.435V42.7305H208.691ZM212.738 42.7305V31.4025H214.482V42.7305H212.738ZM222.385 41.2905L222.833 41.2425L222.865 42.5385C221.649 42.7838 220.571 42.9065 219.633 42.9065C218.449 42.9065 217.595 42.5811 217.073 41.9305C216.561 41.2798 216.305 40.2398 216.305 38.8105C216.305 35.9731 217.462 34.5545 219.777 34.5545C222.017 34.5545 223.137 35.7758 223.137 38.2185L223.025 39.4665H218.065C218.075 40.1278 218.219 40.6131 218.497 40.9225C218.774 41.2318 219.291 41.3865 220.049 41.3865C220.806 41.3865 221.585 41.3545 222.385 41.2905ZM221.425 38.1225C221.425 37.3331 221.297 36.7838 221.041 36.4745C220.795 36.1545 220.374 35.9945 219.777 35.9945C219.179 35.9945 218.742 36.1598 218.465 36.4905C218.198 36.8211 218.059 37.3651 218.049 38.1225H221.425ZM229.118 36.2185H226.91V39.7385C226.91 40.3891 226.958 40.8211 227.054 41.0345C227.15 41.2478 227.395 41.3545 227.79 41.3545L229.102 41.3065L229.182 42.6985C228.467 42.8371 227.923 42.9065 227.55 42.9065C226.643 42.9065 226.019 42.6985 225.678 42.2825C225.347 41.8665 225.182 41.0825 225.182 39.9305V36.2185H224.158V34.7305H225.182V32.4105H226.91V34.7305H229.118V36.2185Z" fill="white"/>
<path d="M16.8653 80.3445C15.68 80.3445 15.0873 80.7598 15.0873 81.5905C15.0873 82.0198 15.2273 82.3278 15.5073 82.5145C15.7873 82.6918 16.4033 82.9158 17.3553 83.1865C18.3166 83.4478 18.9933 83.7651 19.3853 84.1385C19.7773 84.5025 19.9733 85.0811 19.9733 85.8745C19.9733 86.8825 19.684 87.6385 19.1053 88.1425C18.536 88.6371 17.7566 88.8845 16.7673 88.8845C15.974 88.8845 15.0966 88.7911 14.1353 88.6045L13.6313 88.5065L13.7853 87.2605C15.0453 87.4285 16.0066 87.5125 16.6693 87.5125C17.8266 87.5125 18.4053 86.9991 18.4053 85.9725C18.4053 85.5711 18.2746 85.2771 18.0133 85.0905C17.752 84.8945 17.164 84.6845 16.2493 84.4605C15.3346 84.2271 14.6533 83.9098 14.2053 83.5085C13.7573 83.1071 13.5333 82.4725 13.5333 81.6045C13.5333 80.7365 13.8133 80.0831 14.3733 79.6445C14.9426 79.1965 15.7266 78.9725 16.7253 78.9725C17.444 78.9725 18.2933 79.0565 19.2733 79.2245L19.7633 79.3085L19.6373 80.5685C18.3306 80.4191 17.4066 80.3445 16.8653 80.3445ZM24.0889 81.5765C24.5835 81.5765 25.1669 81.6418 25.8389 81.7725L26.1889 81.8425L26.1329 83.0465C25.3955 82.9718 24.8495 82.9345 24.4949 82.9345C23.7855 82.9345 23.3095 83.0931 23.0669 83.4105C22.8242 83.7278 22.7029 84.3251 22.7029 85.2025C22.7029 86.0798 22.8195 86.6865 23.0529 87.0225C23.2862 87.3585 23.7715 87.5265 24.5089 87.5265L26.1469 87.4145L26.1889 88.6325C25.2462 88.8005 24.5369 88.8845 24.0609 88.8845C22.9969 88.8845 22.2455 88.5998 21.8069 88.0305C21.3775 87.4518 21.1629 86.5091 21.1629 85.2025C21.1629 83.8958 21.3915 82.9671 21.8489 82.4165C22.3062 81.8565 23.0529 81.5765 24.0889 81.5765ZM27.9739 82.4865C28.4592 81.8798 29.2619 81.5765 30.3819 81.5765C31.5019 81.5765 32.2999 81.8798 32.7759 82.4865C33.2612 83.0931 33.5039 84.0031 33.5039 85.2165C33.5039 86.4298 33.2705 87.3445 32.8039 87.9605C32.3372 88.5765 31.5299 88.8845 30.3819 88.8845C29.2339 88.8845 28.4265 88.5765 27.9599 87.9605C27.4932 87.3445 27.2599 86.4298 27.2599 85.2165C27.2599 84.0031 27.4979 83.0931 27.9739 82.4865ZM29.1219 87.0365C29.3365 87.4098 29.7565 87.5965 30.3819 87.5965C31.0072 87.5965 31.4272 87.4098 31.6419 87.0365C31.8565 86.6631 31.9639 86.0518 31.9639 85.2025C31.9639 84.3531 31.8472 83.7511 31.6139 83.3965C31.3899 83.0418 30.9792 82.8645 30.3819 82.8645C29.7845 82.8645 29.3692 83.0418 29.1359 83.3965C28.9119 83.7511 28.7999 84.3531 28.7999 85.2025C28.7999 86.0518 28.9072 86.6631 29.1219 87.0365ZM35.0197 91.7405V81.7305H36.5317V82.1645C37.1757 81.7725 37.7777 81.5765 38.3377 81.5765C39.2617 81.5765 39.9384 81.8611 40.3677 82.4305C40.797 82.9905 41.0117 83.9378 41.0117 85.2725C41.0117 86.5978 40.7644 87.5311 40.2697 88.0725C39.7844 88.6138 38.9864 88.8845 37.8757 88.8845C37.493 88.8845 37.0497 88.8425 36.5457 88.7585V91.7405H35.0197ZM38.0717 82.9345C37.633 82.9345 37.1944 83.0325 36.7557 83.2285L36.5457 83.3265V87.4565C36.919 87.5311 37.3297 87.5685 37.7777 87.5685C38.4124 87.5685 38.851 87.3865 39.0937 87.0225C39.3364 86.6585 39.4577 86.0378 39.4577 85.1605C39.4577 83.6765 38.9957 82.9345 38.0717 82.9345ZM42.5392 88.7305V81.7305H44.0512V82.5705C44.8446 82.0571 45.6379 81.7258 46.4312 81.5765V83.1025C45.6286 83.2611 44.9426 83.4665 44.3732 83.7185L44.0652 83.8445V88.7305H42.5392ZM47.5978 88.7305V81.7305H49.1238V88.7305H47.5978ZM47.5978 80.5405V78.9305H49.1238V80.5405H47.5978ZM59.763 78.8185V88.7305H58.251V88.3665C57.5696 88.7118 56.9443 88.8845 56.375 88.8845C55.4603 88.8845 54.7883 88.6091 54.359 88.0585C53.939 87.5078 53.729 86.5838 53.729 85.2865C53.729 83.9891 53.9623 83.0465 54.429 82.4585C54.905 81.8705 55.6423 81.5765 56.641 81.5765C56.977 81.5765 57.509 81.6371 58.237 81.7585V78.8185H59.763ZM57.999 87.2745L58.237 87.1765V83.0325C57.677 82.9391 57.159 82.8925 56.683 82.8925C55.7403 82.8925 55.269 83.6765 55.269 85.2445C55.269 86.1031 55.3763 86.7005 55.591 87.0365C55.815 87.3631 56.165 87.5265 56.641 87.5265C57.117 87.5265 57.5696 87.4425 57.999 87.2745ZM61.6115 88.7305V81.7305H63.1375V88.7305H61.6115ZM61.6115 80.5405V78.9305H63.1375V80.5405H61.6115ZM68.0646 91.7405V81.7305H69.5766V82.1645C70.2206 81.7725 70.8226 81.5765 71.3826 81.5765C72.3066 81.5765 72.9833 81.8611 73.4126 82.4305C73.842 82.9905 74.0566 83.9378 74.0566 85.2725C74.0566 86.5978 73.8093 87.5311 73.3146 88.0725C72.8293 88.6138 72.0313 88.8845 70.9206 88.8845C70.538 88.8845 70.0946 88.8425 69.5906 88.7585V91.7405H68.0646ZM71.1166 82.9345C70.678 82.9345 70.2393 83.0325 69.8006 83.2285L69.5906 83.3265V87.4565C69.964 87.5311 70.3746 87.5685 70.8226 87.5685C71.4573 87.5685 71.896 87.3865 72.1386 87.0225C72.3813 86.6585 72.5026 86.0378 72.5026 85.1605C72.5026 83.6765 72.0406 82.9345 71.1166 82.9345ZM75.5842 88.7305V81.7305H77.1102V88.7305H75.5842ZM75.5842 80.5405V78.9305H77.1102V80.5405H75.5842ZM83.2031 81.7305H84.7151V88.7305H83.2031V88.2965C82.5218 88.6885 81.8918 88.8845 81.3131 88.8845C80.3518 88.8845 79.7078 88.6278 79.3811 88.1145C79.0544 87.5918 78.8911 86.6818 78.8911 85.3845V81.7305H80.4171V85.3985C80.4171 86.2385 80.4871 86.8031 80.6271 87.0925C80.7671 87.3818 81.0938 87.5265 81.6071 87.5265C82.1111 87.5265 82.5731 87.4331 82.9931 87.2465L83.2031 87.1625V81.7305ZM79.9831 78.2585L83.2871 79.6725L82.9231 80.6665L79.5071 79.5745L79.9831 78.2585Z" fill="#0066CC"/>
<path d="M12.9453 90.2705H34.6034V90.6905H12.9453V90.2705ZM36.9669 90.2705H67.6425V90.6905H36.9669V90.2705ZM70.0137 90.2705H85.6391V90.6905H70.0137V90.2705Z" fill="#0066CC"/>
<path d="M99.1123 77.7314C99.3403 77.736 99.5237 77.9195 99.5283 78.1475C99.5283 78.3775 99.3423 78.5643 99.1123 78.5645H94.9453C94.0248 78.5645 93.2783 79.311 93.2783 80.2314V87.7314C93.2785 88.6518 94.0249 89.3975 94.9453 89.3975H102.454C103.374 89.3972 104.12 88.6516 104.12 87.7314V83.1475C104.12 82.9175 104.307 82.7314 104.537 82.7314C104.761 82.7359 104.941 82.916 104.945 83.1396V87.7314C104.945 89.112 103.826 90.2314 102.445 90.2314H94.9453C93.5647 90.2314 92.4455 89.112 92.4453 87.7314V80.2314C92.4453 78.8507 93.5646 77.7314 94.9453 77.7314H99.1123ZM105.778 76.0645C106.238 76.0645 106.612 76.4374 106.612 76.8975V81.4814C106.612 81.7114 106.425 81.8975 106.195 81.8975C105.965 81.8975 105.778 81.7114 105.778 81.4814V77.4092L98.7266 84.4609C98.5638 84.6236 98.3004 84.6236 98.1377 84.4609C97.975 84.2982 97.975 84.0348 98.1377 83.8721L105.112 76.8975H101.195C100.965 76.8975 100.778 76.7114 100.778 76.4814C100.778 76.2513 100.965 76.0645 101.195 76.0645H105.778Z" fill="#0066CC"/>
</svg>

4.6. Management of Electronic Attestations

The Wallet Provider, via their Wallet Solution, and the PID provider or Electronic Attestations of Attributes Provider, via dedicated Touchpoints, MUST let the User manage their Electronic Attestations at any time.

This section outlines three different categories of requirements for managing each Electronic Attestations, specifically regarding:

  • Its status: to allow the User to verify whether an Electronic Attestation is valid or invalid;

  • Its usage: to enable the User to view and manage the history of presentations carried out with an Electronic Attestation;

  • Its data: to allow the User to backup and restore each Electronic Attestation of Attributes in compliance with the principle of data portability.

Below are the key aspects that impact and define the User Experience in managing Electronic Attestations though the Wallet Instance, along with the functional requirements associated with each category.

4.6.1. Status of Electronic Attestations

To ensure reliability and promote the proper use of a Wallet Solution, the Wallet Provider MUST guarantee the User to always have visibility of the status of the Electronic Attestations stored within their Wallet Instance, based on the information received from the Electronic Attestation Provider, which manages their lifecycle.

Each Electronic Attestation can be either valid or invalid, with corresponding impacts on its usage opportunities:

  • Valid: Valid Electronic Attestations MUST be usable and therefore presentable. This category also includes Electronic Attestations that are nearing expiration. If an Electronic Attestation is about to expire, the Wallet Instance SHOULD inform the User with adequate advance notice to allow sufficient time to request its reissuance or, if necessary, revoke it.

  • Invalid: Invalid Electronic Attestations MUST NOT be usable or presentable. This category includes expired or revoked Electronic Attestations. In such cases, the Wallet Instance MUST inform the User of the invalid status and SHOULD give the reason why. If an Electronic Attestation is no longer valid and cannot be used in any scenario, the Wallet Solution MAY implement mechanisms to restrict access to the Detailed View of that Electronic Attestation. This is intended to encourage the User to update or delete the Electronic Attestation by providing appropriate informational text and a Call to Action.

4.6.1.1. Revocation of Electronic Attestations

Revocation is the procedure that turns an Electronic Attestation from a valid state to an invalid state. Revocation can occur in either an active or passive mode:

  • Active revocation: This refers to the revocation of an Electronic Attestation at the User's request. This process affects only the Electronic Attestation and not its corresponding physical document, if one exists. Below is an illustrative list of scenarios in which the Wallet Provider MUST give the User the ability to request the revocation of an Electronic Attestation:

    • The User decides they no longer wish to use a specific Electronic Attestation;

    • The User decides to deactivate their Wallet Instance, thereby revoking all previously obtained Electronic Attestations;

    • The User no longer has possession of the device on which their Wallet Instance is installed due to loss or theft.

  • Passive revocation: This refers to the revocation of an Electronic Attestation managed by the respective Electronic Attestation Provider on behalf of the Authentic Source. In this case, the Wallet Instance MUST inform the User of the status change of the Electronic Attestation and the Electronic Attestation Provider MAY additionally notify the User via other Touchpoints . Below is an illustrative list of scenarios that could lead to the revocation of an Electronic Attestation:

    • The physical document corresponding to the Electronic Attestation has been reported lost or damaged by the User through the appropriate channel/ Touchpoint;

    • The physical document corresponding to the Electronic Attestation has been revoked by the competent authorities;

    • The minimum security and/ or reliability requirements for one or more involved parties are no longer met.

    • The User's device no longer meets the minimum security requirements (rooted or jailbroken).

4.6.2. History of Electronic Attestations

To ensure the principles of visibility and transparency, the Wallet Provider MUST guarantee the User to view the history of all Electronic Attestations presentations performed using their Wallet Instance. In particular:

  • The Wallet Instance MUST show the User which Relying Party they have interacted with and which Electronic Attestations have been presented and verified;

  • The Wallet Instance MUST allow the User to easily request the Relying Party to delete their information related to previous presentations.

4.6.3. Backup and Restore of Electronic Attestation of Attributes

With the aim of ensuring the principle of data portability, the Wallet Solution MUST guarantee the User to have access to specific functionalities, particularly to:

  • Request the backup and storage of Electronic Attestations of Attributes obtained through their Wallet Instance;

  • Request the restore of their Electronic Attestations of Attributes on another Wallet Instance.

4.7. Deactivation of the Wallet Instance

The deactivation of the Wallet Instance is the functionality that makes the Wallet Instance inactive and therefore no longer operational. The deactivation process can be triggered by different actors depending on the circumstances, specifically:

  • By the User, in cases such as:

    • The device has been lost or stolen;

    • The device has been compromised;

    • The device has been reset to factory settings.

  • By an authorized third party, in cases such as:

    • The Wallet Solution no longer meets the minimum security requirements.

The Wallet Provider MUST guarantee the User the ability to voluntarily deactivate their Wallet Instance through:

  • The Wallet Instance itself;

  • A Touchpoint (e.g., a website) provided by the Wallet Provider;

  • The device's app store, by uninstalling the Wallet Instance.

Below are the functional and User Experience requirements that the Wallet Provider MUST guarantee via their Wallet Solution:

  • The User accesses their Wallet Instance using the previously configured unlock method or Authenticates at the Touchpoint provided by the Wallet Provider;

  • The User selects the Wallet Instance deactivation functionality;

  • The User is informed that deactivating the Wallet Instance will invalidate previously obtained Electronic Attestations;

  • The User confirms the action to proceed with deactivation, or cancels the operation;

  • The User receives confirmation of successful deactivation;

  • The User is notified that the Wallet Instance is inactive when logging in again;

  • The User has the ability to reactivate the Wallet Instance by re-downloading the app from the app store (if uninstalled) and/or by following the activation process again. For further details, please refer to the Activation of the Wallet Instance section.

Once the Wallet Instance is reactivated, Electronic Attestations of Attributes can be re-obtained by starting the issuance or restore process again. For more details, please refer to sections Issuance of Electronic Attestations of Attributes and Backup and Restore of Electronic Attestation of Attributes.

In case of errors using the Wallet Instance, the Wallet Provider MUST guarantee that the User receives consistent messages that inform them and guide them toward resolving the issue. For more details, please refer to the Error Management section.

4.8. Error Management

The IT-Wallet System involves the interaction of multiple services provided by different actors. It is therefore important to define an effective error management model with the goal of improving the perception and reliability of the entire ecosystem and enabling the User to feel guided during interactions with the various Technical Solutions and to consciously manage any issues while using the service.

Effective communication in case of an error also provides benefits for the actors involved, as it contributes to the reduction of assistance requests and, thus, to the minimisation of the impact on support systems.

Each Primary Actor MUST implement a proper error management, in compliance with current Technical Specification, in order to communicate errors and exceptions to the User and through the IT-Wallet Instance. Errors can be categorized, based on their nature, as follows:

  • The stage of the User Experience where the error may occur: activation or deactivation of the Wallet Instance, obtaining, presenting, or managing Electronic Attestations of Attributes;

  • The type of error: system error, communication error between actors, etc.;

  • The actor responsible for the error: Wallet Provider, PID Provider, Electronic Attestations of Attributes Provider, Authentic Source;

  • The way the error is displayed: message on the page, banner, toast message, and so on;

  • Suggested actions for the User to resolve the error: suggestion to wait, request to try again, referral to FAQs and/or customer care, etc.;

  • The method for error management: opening an assistance request through the Wallet Instance, linking to other detailed channels, and so on. For further details, please refer to the User Assistance section.

Below is a non-exhaustive list of the main error cases, with reference to the actor responsible for their management, for each phase of the User Experience. The detailed list of errors to be managed for each interaction endpoint with the User is available in the dedicated error sections within Endpoints.

4.8.1. Activation of the Wallet Instance Errors

Error type

Actor in charge

The device does not support the Wallet Solution (e.g. absence of minimum security or technological requirements)

Wallet Provider

The Wallet Provider's services are unresponsive (e.g. technical errors or lack of connection)

Wallet Provider

The PID Provider's services are unresponsive (e.g. technical errors)

PID Provider

The Authentication process on the National Identity Provider's service was unsuccessful (e.g. technical errors, unrecognized identity, etc.)

National Identity Provider

Note

When electronic document verification is performed in addition to National Identity Provider authentication, additional error scenarios may occur. For detailed error codes and handling procedures, see Error Management.

4.8.2. Issuance of Electronic Attestations of Attributes Errors

Error type

Actor in charge

The Wallet Instance and/or the PID are not active

Wallet Provider

The service for obtaining an Electronic Attestation of Attributes is unavailable (e.g. technical errors)

Electronic Attestations of Attributes Provider, Authentic Source

The User is unable to obtain a specific Electronic Attestation of Attributes in their Wallet Instance (e.g. no eligibility, invalid or expired physical version, etc.)

Authentic Source

4.8.3. Presentation of Electronic Attestations Errors

Error type

Actor in charge

The User does not hold the required Attributes contained in one or more Electronic Attestations within their Wallet Instance to access a specific service

Wallet Provider

The Wallet Provider's services or the Relying Party's services are unresponsive (e.g. technical errors or lack of connection)

Wallet Provider, Relying Party

4.8.4. Management of Electronic Attestations Errors

Error type

Actor in charge

The service for revocation/ backup/ restore of an Electronic Attestation of Attributes is unavailable (e.g. technical errors)

Electronic Attestations of Attributes Provider

The service for revocation of PID is unavailable (e.g. technical errors)

PID Provider

4.8.5. Deactivation of the Wallet Instance Errors

Error type

Actor in charge

The service for deactivating the Wallet Instance is unavailable (e.g. technical errors)

Wallet Provider

In addition to error management, all Primary Actors MUST also deal with negative feedback resulting from the User's decision to abandon or cancel a flow (e.g. Activation, Acquisition, Presentation, etc.). In such cases, feedback MUST be provided to confirm the User's choice, and it MAY include a Call to Action to continue.

4.9. User Assistance

For effective error management and the resolution of any other issues, Primary Actors MUST ensure adequate support to the User by structuring a simple and effective assistance model based on the following principles:

  • Self-resolution: to allow the User to consult the frequently asked questions (FAQs) about the content and functionalities of the Wallet Instance, in order to resolve any error cases or issues independently.

  • Guided issue reporting: to guide the User through the process of opening an assistance ticket, in order to clearly define the issue and facilitate its resolution.

  • Collaboration between actors: to allow the coordination among each actor involved (Wallet Provider, Electronic Attestations of Attributes Provider, PID Provider, and Authentic Source), according to their specific roles and operational procedures.

  • Efficient communication: to allow the User to track the updated status of their request throughout all stages of processing, with clear, continuous, and coordinated communication.

To apply these best practices, the involved actors SHOULD implement the following hierarchical support levels:

  1. Level I | Self-management: the Wallet Provider SHOULD allow the User to access to a Frequently Asked Questions (FAQ) section within their Wallet Instance to clarify doubts and resolve certain issues independently. Each actor SHOULD create specific FAQs and corresponding answers regarding the data and functionalities they provide to the Wallet Provider or in their Touchpoints. For certain error cases, the Wallet Provider SHOULD provide another actor's direct channel of support to facilitate timely management and avoid opening an assistance request within the Wallet Instance.

  2. Level II | Requesting assistance from the Wallet Provider: if Level I is insufficient, the Wallet Provider SHOULD give the User the possibility to open one or more assistance requests, perform a diagnosis and proceed with resolving the issue, if within their competence. These requests SHOULD be managed through the Wallet Instance or other Wallet Provider Touchpoints. The Wallet Provider MUST diagnose and resolve the issue if it falls under their responsibility.

  3. Level III | Forwarding the request to the responsible actor: if Level II is insufficient, the Wallet Provider SHOULD ensure that the request is forwarded to the responsible actor (Electronic Attestations of Attributes Provider, PID Provider, or Authentic Source), who ensures the availability of dedicated back-office channels to resolve the issue and communicate the outcome to the User.

Below are the User Experience requirements that the Wallet Solution Provider MUST guarantee through their own Wallet Solution:

  • The User accesses to assistance options at any point during the User Experience, with a clear indication of how to access them;

  • The User opens an assistance request through their Wallet Instance or other Touchpoints provided by the Wallet Provider;

  • When a support request is open, the User receives prompt confirmation that the request has been acknowledged;

  • The User is informed in advance if it is necessary to present their data with third parties;

  • The User is informed when an assistance request needs to be managed outside of their Wallet Instance, such as on third-party channels;

  • The User tracks the status of the request at any time through functionalities that MUST be made available by the actors dealing with the request.

4.10. User Feedback

User feedback collection allows for monitoring the User Experience, identifying potential areas for optimization, and continuously measuring the effectiveness of the service. Each Wallet Provider SHOULD establish a structured feedback collection system to monitor and improve the User Experience.

This feedback system MAY be fed by two different types of feedback collection:

  • Transactional Feedback (Customer Effort Score, Customer Satisfaction): collected in response to specific actions, such as adding an Electronic Attestation or completing a presentation and verification process;

  • Relational Feedback (Net Promoter Score): not in connection with specific actions, collected to measure the overall perception of the User in terms of satisfaction, loyalty, and likelihood of recommending the service to third-party users.

Here are some suggestions for implementing these types of feedback tools:

Transactional Feedback Collection

  • Customer Effort Score (CES): To measure the ease of use of the functionalities, surveys MAY be provided, for example, through components like modals or pop-ups within the Wallet Instance, triggered at the conclusion of specific actions or processes. Examples include:

    • After completing the process of obtaining an Electronic Attestation;

    • After the Authentication process, if positive;

    • After the presentation process, particularly at the end of the first presentation opportunity and no more than once every 6 months;

    • After the revocation and deactivation processes, to explore the reasons behind these actions.

  • Customer Satisfaction Survey (CSAT): To measure the overall satisfaction of the User after a prolonged period of using the Wallet Instance, surveys MAY be provided, for example, through modals or pop-ups within the Wallet Instance. It is recommended to use the CSAT at intervals of no less than six months and as an alternative to CES, to avoid overwhelming Users with too frequent surveys.

Relational Feedback Collection

  • Net Promoter Score (NPS): To measure User loyalty and the likelihood of recommending the service to others, an evaluation MAY be requested from the User once or twice a year, either through the same service delivery channel (e.g. the Wallet Instance) or external channels such as email or SMS. This should be aligned with the overall feedback collection strategy.