Overview
The e-Wallet represents a comprehensive age verification solution powered by the dewa platform's Core API and VX API services. Built upon the Architecture and Reference Framework for European Digital Identity, the system provides a privacy-preserving approach to credential issuance and verification that supports both anonymous age confirmation and selective identity disclosure through standards-compliant APIs.
System Architecture
The e-wallet ecosystem operates through the dewa platform's dual-API architecture that separates credential issuance from verification workflows. The Core API implements OpenID for Verifiable Credential Issuance (OpenID4VCI) standards, enabling trusted attestation providers like e-Boks to securely issue digital credentials to wallet holders. The VX API implements OpenID for Verifiable Presentations (OpenID4VP) standards, allowing relying parties to request and verify credential presentations while maintaining compliance with eIDAS 2.0 requirements.
Figure 5: Age verification solution components, interfaces and protocols - Cross Device Source: ageverification.dev
The architectural design follows a trust-based model where the Core API manages attestation provider registration and credential lifecycle management, while the VX API handles the verification workflows that relying parties need for regulatory compliance. This separation ensures that credential issuance and verification can operate independently while maintaining a verifiable chain of trust across the European digital identity ecosystem.
User Journey and Experience
The user experience leverages both dewa platform APIs to create a seamless flow from credential acquisition to presentation. When users need age verification capabilities, they interact with the Core API through the wallet application to obtain verified credentials from trusted sources like e-Boks. Subsequently, when accessing age-restricted services, the VX API facilitates the presentation workflow that allows relying parties to verify user credentials without compromising privacy.
Figure 1: Journey of a Proof of Age attestation user Source: ageverification.dev
The journey demonstrates how the Core API's device attestation and cryptographic binding capabilities work alongside the VX API's presentation request handling to create a user-controlled experience. Users maintain full control over which credentials to present and which attributes to disclose, with the VX API ensuring that relying parties receive only the minimum necessary information for their specific verification needs.
Technical Implementation
The technical architecture showcases how the dewa platform's APIs work together to implement modern cryptographic standards and protocols. The Core API handles secure key management, device attestation, and proof-of-possession mechanisms during credential issuance, while the VX API manages presentation requests, selective disclosure, and cryptographic verification of presented credentials.
Figure 4: Age verification solution components, interfaces and protocols - Same Device Source: ageverification.dev
Both APIs use SD-JWT (Selective Disclosure JSON Web Tokens) to enable fine-grained attribute disclosure, allowing the system to support privacy-preserving verification scenarios. The Core API ensures that credentials are cryptographically bound to specific devices and wallets, while the VX API validates these bindings during presentation to prevent credential theft and replay attacks.
Security and Privacy Considerations
The dewa platform implements comprehensive security measures across both APIs, including device attestation, proof-of-possession mechanisms, cryptographic verification, and secure key management. Privacy protection varies significantly between different credential types, with anonymous age credentials providing complete unlinkability while identity credentials support selective disclosure with some theoretical traceability vectors.
For detailed information about privacy implications, credential tracking capabilities, user controls, and best practices for privacy protection, please refer to the comprehensive Privacy Concerns documentation.