5.1.2. Wallet Solution Components

5.1.2.1. Wallet Backend

5.1.2.1.1. Frontend Component

The Frontend Component MUST provide a web-based User interface for Wallet Instance management, offering functionality to:

• Display and verify Wallet Instances and their status.

• Manage Wallet Instance lifecycle (e.g., revocation).

• Provide User support and documentation.

5.1.2.1.2. API Interface

This component MUST:

• forward the request from the Frontend Component or the Wallet Instance to the Wallet Instance Lifecycle Management component.

• use PDND according to rules in Section e-Service PDND to be notified by the PID Provider of the need to revoke the Wallet Instance and delete the User's account due to the User's death.

5.1.2.1.3. Wallet Instance Lifecycle Management

This component MUST handle:

• Wallet Instance Registration (detailed in Wallet Instance Initialization and Registration).

• Wallet Attestation Issuance (detailed in Wallet Attestation Issuance).

• Status management (maintaining and updating validity).

• Revocation processes (implementing mechanisms to revoke Wallet Instances), according to Section Wallet Instance Revocation.

5.1.2.1.4. Trust & Security Component

This component MUST ensure security through:

• Key and certificate management.

• Audit logging.

• Security monitoring and incident response.

• Compliance with IT-Wallet Federation security requirements.

5.1.2.2. Wallet Unit

5.1.2.2.1. User Interface

The User Interface is the point of interaction and communication between the User and the Wallet Instance.

5.1.2.2.2. Wallet Instance Lifecycle Management Component

Interacting with the Wallet Backend, this component MUST handle:

• Wallet Instance Registration (detailed in Wallet Instance Initialization and Registration).

• Wallet Attestation Issuance (detailed in Wallet Attestation Issuance).

• Status management (maintaining and updating validity).

• Revocation processes (implementing mechanisms to revoke Wallet Instances), according to Section Wallet Instance Revocation.

Based on the status of the Wallet Instance and the User request, this component interact with the other Wallet Instance components.

5.1.2.2.3. Issuer Component

Following the OpenID4VCI specification and the implementation profile in Section Digital Credential Issuance, this component MUST implement the Digital Credential issuance protocols and flows to request Digital Credentials to Credential Issuers.

5.1.2.2.4. Presentation Component

Following the implementation profile in Section Digital Credential Presentation, this component MUST be compliant with remote flows based on OpenID4VP and proximity flow based on ISO18013-5 .

5.1.2.2.5. Backup and Restore Component

For each Digital Credential that is issued to the Wallet Instance, this component MUST add all data that is necessary to request re-issuance of that Digital Credential as specified in Section Backup and Restore.

Note

Currently the re-issuance of the PID is not managed by the Backup and Restore Component.

5.1.2.2.6. Secure Storage

The Wallet Instance MUST use this component to protect critical assets and to securely execute cryptographic functions.

5.1.3. Wallet Solution Interaction Patterns

The Wallet Solution supports these interaction patterns:

1. User to Wallet Backend Frontend: Web-based interactions for Wallet Instance management.

2. Wallet Instance to Wallet Backend API: for Wallet Instance registration and Wallet Attestation issuance.

3. PID Provider to Wallet Backend API: Secure API calls to request Wallet Instance revocation.

4. User to Wallet Instance User Interface: for Digital Credential management (issuance, presentation, backup, restore, deletion).

5. Wallet Intance to Relying Party: for Digital Credential presentation.