SecAppDev 2025 lecture details
Germany’s EUDI Wallet Ecosystem Development
Explore the architecture, governance, and real-world implementation of Germany’s EUDI Wallet ecosystem within the EU Digital Identity Framework.
Download handoutsTuesday June 3rd, 16:00 - 17:30
Room West Wing
Add to calendar (ICS) Add to Google calendarAbstract
This session provides a deep dive into the ongoing development of the German EUDI Wallet ecosystem within the broader EU Digital Identity Framework. We’ll cover architectural decisions, trust model design, technical components, and governance structures driving implementation. The talk highlights how Germany aligns with EU-level specifications while addressing national requirements, and reflects on lessons from pilot deployments, interoperability efforts, and open-source contributions shaping the ecosystem’s future.
Key takeaway
National-scale digital identity is built on both compliance and collaboration - Germany’s EUDI Wallet shows how strategy meets technical execution.
Content level
Deep-dive
Target audience
Practitioners and researchers in digital identity, government IT, and cross-border interoperability
Prerequisites
Understanding identity architecture principles and basic familiarity with verifiable credentials (see Kristina's previous session)
Kristina Yasuda
Product Owner, SPRIND - German Federal Agency for Disruptive Innovation
Expertise: Decentralized Identity, Verifiable Credentials, Technical Standards
Related lectures
Verifiable Credentials: Concepts to Practice
Introductory lecture by Kristina Yasuda in room Lemaire
Monday June 2nd,
14:00 - 15:30
Also available as a recorded session on
Tuesday June 3rd,
11:00 - 12:30
A technical introduction to Verifiable Credentials, highlighting use cases, implementation lessons, interoperability profiles, and recent updates to the related specifications.
Key takeaway: Interoperability in the wallet model requires aligned choices across the stack that meet use case requirements in terms of UX, security, privacy, etc.
PKI and eIDAS
Introductory lecture by Bart Preneel in room Lemaire
Wednesday June 4th, 09:00 - 10:30
This talk covers PKI technologies, their role in web security, key failures and fixes (e.g., EV, pinning, transparency), and the impact of eIDAS 2.0 on EU PKI services and upcoming European Digital Identity Wallets.
Key takeaway: PKI is a core technology that are essential to secure large open systems; surprisingly, it is technically complex and presents governance challenges.
My Name Is Not Cassandra: AppSec and "I Told You So"
Advanced lecture by Izar Tarandach in room Lemaire
Wednesday June 4th, 16:00 - 17:15
Lack of authority, an outsider's view of the development process and a faulty language of risk. Are security practitioners fated to point at risk and not be heard?
Key takeaway: "Raw" security can be fun, but does not lead to change. We must adapt our ways in order to impact the environment we want to protect.