This white paper describes the eIDAS2 ecosystem and how to use the FIDO standard with the EU Digital Identity (EUDI) Wallet.

In the Czech Republic and Norway, FIDO is already approved under eIDAS as an authentication standard for eID schemes at “Level of Assurance High” or “Substantial.“ Under eIDAS2, such eID schemes can be used for onboarding identification of Person Identification Data (PID) to the EUDI Wallet, or enrollment of Qualified Electronic Attribute Attestations (QEAAs) or Qualified Certificates (QCs). This means that FIDO can play an important role in identification for PID Providers or (Qualified) Trust Service Providers (qTSPs) that issue PIDs, QEAAs, or QCs. FIDO can also be used for authentication to multiple qTSPs in order to issue short-lived, atomic qEAAs, which can be combined into verifiable presentations that cater for selective disclosure.

An additional important use case for FIDO is authentication to a hosted wallet, which is operated in a cloud-based environment. In this scenario, a standard web browser can be used with FIDO for accessing the users’ qEAAs that are hosted in a cloud-based wallet. Interoperability between EUDI Wallets and relying parties could be based on the delegated authorization protocols OAuth2 and OpenID Connect (OIDC), and FIDO can be used for user authentication to these authorization servers. …

Quelle: FIDO Alliance White Paper: Using FIDO for the EUDI Wallet