Qualified Trust Service Providers have lived in a narrow corner of the market: qualified signatures, seals, timestamps and eDelivery. Important, yes — but now more can be done. With EBW (x-EUBW), EUDIW, DPPs, DIIP formats and the rise of agentic AI, QTSPs can find themselves in the right place at the right time. They can become the backbone of Euro...
5 hours Innovation in Financial Services
It is not only a question of getting the organisation wallets rolled out - to get a cricitacal mass of verifiable credentials issued to and received from citizens and enterprises. Buried in the Commission’s staff working document for the EUBW proposal is this line that should make every builder, bank, policymaker and automation geek sit up straight...
20 November 2025 Innovation in Financial Services
How do I issue a Power of Attorney with my EUDIW? Soon also issued to AI-agents' wallets... ChatGPT in the know? " It’s finally simple. 1️⃣ Open my EUDIW 2️⃣ Select “Issue Power of Attorney” 3️⃣ Choose the person/company I want to authorise 4️⃣ Define the scope + duration 5️⃣ Wallet signs it with my PID key 6️⃣ Share the PoA as a verifiab...
19 November 2025 Transaction Banking
More here: https://docs.igrant.io/concepts/eudi-wallet-dcql-openid4vp-business-wallet-payments/#243-use-case-request-and-share-alternative-identities
06 Nov 2025 14:24 Read comment
There isn’t a single, standalone protocol that everyone calls “Zero Trust Authorisation Protocol.” Zero Trust is a security architecture and mindset—“never trust, always verify”—rather than a formal RFC-defined wire protocol. What you’ll actually see in production are protocol stacks and policy engines built to enforce Zero Trust principles:
Authentication & Federation:
OIDC / OAuth 2.0 – Used for delegated auth with continuous verification.
SAML 2.0 – Older but still used in enterprises.
FIDO2/WebAuthn – Phishing-resistant, passwordless auth for Zero Trust endpoints.
Policy Decision/Enforcement:
XACML or OPA (Open Policy Agent) – Express fine-grained, attribute-based access control (ABAC).
SPIFFE/SPIRE – Secure workload identities in service meshes.
gRPC/Envoy + mTLS – For microservice-to-microservice trust with certificate rotation.
Zero Trust Frameworks/Specs:
NIST SP 800-207 – The de facto reference for Zero Trust architecture.
CNCF Zero Trust Working Groups – Define patterns for cloud-native stacks.
Google BeyondCorp – A reference implementation (not a protocol) showing continuous verification of user, device, and context.
So if you’re looking for one standardised “Zero Trust authorisation protocol,” it doesn’t exist. The industry achieves Zero Trust by composing existing protocols (OAuth 2.0 + OIDC + mTLS + ABAC/RBAC engines) under strict “verify every access, every time” policies. If you need a starting point:
NIST SP 800-207 – for architecture principles.
OAuth 2.0 + OIDC with continuous re-auth and device posture checks.
OPA or XACML for dynamic, context-aware authorisation decisions.
mTLS/SPIFFE for workload identities inside your network.
That’s the current state of play—Zero Trust is a design pattern, not a new protocol.
14 Sep 2025 17:28 Read comment
Valuable wider view: https://www.linkedin.com/posts/bo-harald-4768b51_from-ai-slop-to-signal-verifiable-provenance-activity-7362832443499773953-jdHY?utm_source=share&utm_medium=member_desktop&rcm=ACoAAABPj1oB9_D7YNYACmHvY9HioUqpuULqZCo
20 Aug 2025 05:58 Read comment
Electronic invoicing
Whatever...
Transaction Banking
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.