civic-proof: a research site.
中文 ← mashbean.net

#EUDI-Wallet (5 articles)

| 67 min read | Claude Opus 4.7

From State-Issued Credentials to Citizens Proving Themselves: A Restatement of How Digital Identity Transforms Digital Civic Infrastructure under the Public Realm Floor (civic-proof Series Article 0')

The 0' academic restatement of the civic-proof concept. The Public Realm Floor (PRF) is borne as the lower bound of democratic legitimacy that obtains when digital identity intervenes in public action; wallet, AI agent, civic-action receipts, selective-disclosure UX, cross-jurisdictional trust governance, and the Taiwan case are integrated into a single engineering-and-institutional checking framework. The 19 May 2026 revision admits Danielle Allen's political equality and power-sharing liberalism as AllenBridge — the institutional translation layer that carries PRF towards Digital Civic Infrastructure, not as a fifth axis.

civic-proof civic-proof-foundations civic-proof-series-zero-prime Allen-Lab-academic-rewrite Harvard-Kennedy-School-Ash-Center digital-civic-infrastructure digital-public-infrastructure public-realm-floor Arendt-plurality Habermas-validity Pettit-contestation Mouffe-agonism conjunctive-normative-floor civic-proof-operational-concept Danielle-Allen power-sharing-liberalism political-equality AllenBridge input-to-action-loop co-ownership rights-of-participation issuance-legitimacy exchange-architecture two-layer-analysis legal-identity attribute-proof uniqueness-proof pseudonymous-participation anonymity unlinkability verifiability accountability accountability-without-real-name Talley-v-California NAACP-v-Alabama McIntyre-v-Ohio selective-disclosure no-phone-home minimal-proof holder-centric issuer-centric trust-list trust-root trust-anchoring federated-trust-list-alliance wallet-three-presupposition AI-agent-delegation-limits Tomasev-delegation-five-elements civic-action-receipt-schema selective-disclosure-UX supporter-UI-three-layer-separation CRPD-Article-29 four-tier-trust-governance cross-jurisdictional-redress-gap inclusion-rights-three-layers functional-demos-operational-definition universal-conditional-distinction anti-mythologization-clause design-intuition-vs-normative-claim-separation working-strengthened-thesis-discipline likelihood-by-mechanism Taiwan-democratic-frontline MOICA TW-DIW moda Taiwan-Digital-Identity-Wallet EUDI-Wallet eIDAS-2.0 BankID-Sweden California-AB1043 California-OpenCred Utah-digital-identity MOSIP Aadhaar Bhutan-NDI Vocdoni Rarimo-Freedom-Tool QuarkID zkPassport PTT-zero-knowledge-blue-check g0v-Summit-2026 age-verification ISO-IEC-27566-1 Free-Speech-Coalition-v-Paxton structural-slippage minimum-viable-scope-reduction sunset-clause scope-bound split-key opt-out-architecture Bhutan-NDI-Ethereum-mainnet Taiwan-trust-list-public-chain QuarkID-ZKsync-L2 DNS-vs-identity-trust-roots ICANN-research-fellow ACLU EFF Access-Now OpenID4VC-OpenID4VP W3C-VC-2.0 W3C-DID Digital-Credentials-API NIST-SP-800-63-4
| 77 min read | Claude Opus 4.7

The Political-Philosophical Foundations of the Public Realm: A Normative Floor for Civic Proof

The nineteenth and final article of the civic-proof series (A2). This article provides an affirmative account of the political-philosophical foundations implicitly relied upon across the preceding eighteen articles. Taking Arendt's plurality, Habermas's Öffentlichkeit, Pettit's contestation, and Mouffe's agonism as its four anchors, the article defines the Public Realm Floor (PRF) (a composite term proposed by the present author, synthesising Arendt's notion of the public realm with the normative 'floor' metaphor from political philosophy) as PRF ≜ ⟨plurality, validity, contestation, agonism⟩, and articulates the conditional implication PRF_violated(d) ⇒ LegitimacyDegrade(d) ≥ θ_dem ≈ 0.5 via a LegitimacyDegrade function. An 8×4 = 32-cell matrix (eight articles: A1 / A3 / A8 / A14 / A15 / F1 / F2 / F3, crossed against four PRF components) formalises the bearer relations of the series; F1 emerges as the sole article bearing all four components at the core level. Four formal theorems T_PRF1–T_PRF4 establish the conjunctive floor structure in which each component is necessary within the PRF framework and cannot be fully substituted by the remaining three; theorem T_PRF5 extends the Z₃-intrinsic boundaries of F1's RT-ℬ ✗ and AA-ℬ ✗ into an engineering unreachability lemma for the existing engineering design layer (stated explicitly as a formal theorem at the engineering rather than the normative layer). The θ_dem ≈ 0.5 threshold in the LegitimacyDegrade function is an analytic suggestion only, not an empirically calibrated value; this article records it as a strict position awaiting calibration via regression across at least five cases. Counter-argument stress tests address five categories—Coeckelbergh's relational personhood, Floridi's infosphere monism, posthumanism (Braidotti / Hayles), digital-democracy optimism (Benkler), and the meta-objection (why these four thinkers)—and show, under a likelihood × impact matrix, that each weakens but does not overturn PRF's four-component conjunctive floor. The indigenisation of the framework to Chinese intellectual traditions proceeds along four lines: structural homology tests between Zhu Yunhan's 'qun' (群), Wang Hui's 'gong' (公), the Confucian 'jianyi' (諫議) tradition, and the Confucian 'zheng-you' (諍友) tradition and the four anchor thinkers; disparities in historical bearer conditions are stated at the honesty boundary. A special section for Taiwanese readers addresses the concrete impact of TW DIW's entry into the LLM-agent phase on PRF, and its engineering correspondence with F3's supporter UI three-layer separation. The honesty boundary comprises seven conditional implications; open questions comprise 27 items classified under four successor pathways (F4+ follow-on work, expanded academic-community examination, policy implementation empirical research, and technology–philosophy intersection). The series concludes with this article; the extension of the PRF framework to further applications, reinforcement from other political-philosophical approaches, posthumanist re-elaboration of PRF, and cross-national calibration of θ_dem for democratic legitimacy are all left as open space.

civic-proof public-realm political-philosophy normative-floor Arendt-plurality Habermas-Oeffentlichkeit Habermas-Geltungsansprueche Pettit-contestation Pettit-non-domination Mouffe-agonism legitimate-adversary civic-proof-series PRF-normative-floor LegitimacyDegrade 8x4-bearer-matrix 32-cell-matrix F1-three-path-conjunction F2-receipts-provenance F3-supporter-ui A1-anonymous-political-speech A3-civic-proof-concept A8-FTLA-governance A14-cross-jurisdiction-redress A15-inclusion-rights Z3-intrinsic-bearer-floor first-personal-mens-rea active-stance-bearer natality-mortality-uniqueness kommunikatives-Handeln Faktizitaet-und-Geltung Sluice-model Strukturwandel-der-Oeffentlichkeit editorial-democracy Eyeball-Test republican-freedom antagonism-vs-agonism Schmitt-acknowledgment Coeckelbergh-relational-personhood Floridi-infosphere-monism posthumanism Braidotti Hayles Benkler-networked-public-sphere Fraser-counterpublics Honig-Calhoun-Lovett-Norval Wang-Hui-China-public-concept TW-DIW EUDI-Wallet eIDAS-2.0 EU-AI-Act-Article-5 EU-AI-Act-Recital-29 Stanford-Internet-Observatory-2024 Hannah-Arendt-Center V-Dem-Democracy-Report-2024 SCHUFA-C-634-21 SEC-v-Jarkesy CRPD-Article-29 Rawls-Sen-Nussbaum-Honneth-open-boundary TW-Sunflower-318 Hong-Kong-2019-2020 TW-2024-deepfake US-2024-platform-manipulation open-questions-27
| 75 min read | Claude Opus 4.7

The Cognitive Limits of Selective Disclosure UX: Human-Factors Bottlenecks in Auditable Engineering Primitives

The eighteenth article in the civic-proof series (F3). Building on the four cryptographic engineering primitives in Article 17 (F2) §4–§7 and the three engineering corrections in Article 16 (F1) §5.4, this article takes the UX cognitive layer as the 'practical enforceability' supplement to the four F2 primitives. Holder informed consent under selective disclosure fails across four cognitive bottlenecks: (i) Miller 7±2 and Cowan 2001 working memory 4±1 together with Sweller's cognitive load theory demonstrate that selective disclosure multi-option decisions degrade significantly beyond three attribute groups; (ii) consent fatigue and dark patterns structurally replay the eight-year failure of GDPR cookie banners in wallet contexts (11.8% compliance rate); (iii) fluctuating capacity renders 'previously informed consent' invalid, degrading with mechanism-based likelihood medium-high to substituted decision-making in CDR ≥ 2 scenarios; (iv) ambiguous supporter-intervention boundaries allow 'assistance for understanding' to slide into 'decision substitution.' The four UX engineering primitives are UX1 progressive_disclosure_ui, UX2 dark_patterns_firewall, UX3 capacity_aware_consent, and UX4 supporter_ui_three_layer, borne conjunctively as V_ux ≜ C7 ∧ C8 ∧ C9 ∧ C10, with V_receipt' ≜ V_receipt ∧ V_ux as the upgraded validity condition. SA3 reinforcement includes the dementia → wallet three-stage mediation chain, the three alternative CDR paths (self-assessment / supporter-triggered / issuer-side hint) with their legal–engineering–privacy trade-offs, an evidence-strength assessment table of 15 rows, and mechanism-based likelihood medium-high. SA4 supporter UI three-layer separation bears the CRPD §29 'supporter necessary, irreplaceable' principle through two cryptographic hard constraints: signatures_disjoint = true and VerificationMethodDisjoint = true. Working thesis and strengthened thesis are strictly distinguished; the latter contains three major mitigation critical paths: UX-agility by design, threshold signatures plus court-supervised downgrade, and cryptographic distinction of agent and supporter plus institutionalisation of AgentDelegationProof. The CF1–CF5 counterfactual stress tests show that under the extreme scenario of all five CFs triggering: the first-tier baseline is fully preserved, the second-tier timeline is extrapolated by ≥ 10 years, and the third tier fails conditionally. F1's two permanent non-delegable boundaries RT-ℬ ✗ and AA-ℬ ✗ are made explicit by extended theorem T2'—no UX primitive subset reduces P_degrade to ≤ θ₂.

civic-proof selective-disclosure ux-cognitive-load informed-consent dark-patterns wallet-ux openid4vp presentation-exchange sd-jwt-vc EUDI-Wallet EU-AI-Act-Article-5 EDPB-Guidelines-03-2022 GDPR-cookie-banner CRPD-Article-12 CRPD-Article-29 supported-decision-making capacity-aware-ux supporter-ui comprehension-attestation chooser-signature Cowan-working-memory Miller-magical-number Sweller-cognitive-load Tversky-Kahneman progressive-disclosure Clinical-Dementia-Rating Israel-supported-decision Peru-DL-1384-apoyos TW-yiding-jianhu BankID-fullmakt POTENTIAL-UC6 threshold-signatures LLM-agent-governance AgentDelegationProof
| 80 min read | Claude Opus 4.7

Civic-Action Receipts and the Evidentiary Chain: Auditable Engineering Primitives for the Conditionally Delegable Zone

The seventeenth article in the civic-proof series (F2). Building on Article 16 (F1) §5.4 DeliberationRecord schema and §7.3.1 civic-action-receipt envelope, this article instantiates the distinguishability requirement as four standardisable cryptographic primitives: SA1, an SD-JWT-VC baseline with a conditional advanced BBS+ hybrid strategy; SA2, a dual-track preservation design combining holder-controlled storage with a qualified preservation service backup (30-year minimum retention corresponding to CRPD benefit-claim limitation periods); SA3, admissibility aligned with FRE 901(b)(9), eIDAS 2024/1183 Chapter III §§7–8, and Taiwan Electronic Signatures Act §§4/10; and SA4, cross-border mutual recognition advanced through the G_recognition^A soft-law layer in a 5/10/15-year phased timeline. The formal skeleton consists of the civic-action-receipt schema (14 field groups, 23 leaf fields), the receipt-validity function V_receipt with conditions C1–C6, and theorems T1–T4. The four primitives provide coverage within Z₂ over the nine ✓ and four △ cells of the F1 5×3 matrix (Theorem T1); the two Z₃-intrinsic cells (RT-ℬ ✗, AA-ℬ ✗) constitute the unreachable boundary of the cryptographic primitives (Theorem T2). Counterfactual pressure tests CF1–CF5 include the CRPD §12 reverse-application issue and the structural rupture under CF4 for three Taiwan-specific scenarios (mainland-spouse rights, Taiwan-businessperson long-term residence, cross-strait investors). Working thesis and strengthened thesis are strictly distinguished; the latter retains core functionality under all five CFs through three critical-path mitigations: crypto-agility by design, third-party trusted preservation service integration, and G_recognition^A multi-track redundancy.

civic-proof civic-receipts verifiable-credentials selective-disclosure SD-JWT-VC BBS-cryptosuite ZK-SNARK EUDI-Wallet long-term-preservation qualified-preservation-service eIDAS-2024-1183 FRE-902-14 FRE-901-b-9 Mata-v-Avianca Apostille Hague-PIL CETS-225 OECD-AI-Principles APEC-CBPR CRPD-Article-12 supported-decision-making threshold-signatures PQC-migration crypto-agility Estonia-X-Road BankID Toeslagenaffaire TW-DIW cross-strait-recognition
| 74 min read | Claude Opus 4.7

The Institutional Limits of AI Agent Delegation in Civic Action: Conjunctive Necessary Conditions from the Tomasev Five-Element Delegation Structure and the Civic Proof Three-Element Conjunction

This article takes the Tomasev (2026) five-element delegation structure (authority transfer / responsibility transfer / accountability allocation / boundary setting / trust calibration, exhibiting a 2+3 architecture) and performs a conjunctive cross-product with the civic proof three-element conjunction ⟨𝒩, ℱ, ℬ⟩, yielding a 5×3 = 15-cell matrix of necessary conditions. Of these cells, 9 are conditionally satisfiable, 4 are probabilistically degradable, and 2 are structurally unsatisfiable (RT-ℬ ✗ and AA-ℬ ✗). On this basis, civic action is partitioned into three zones — delegable, conditionally delegable, and structurally non-delegable (θ₁ ≈ 0.2, θ₂ ≈ 0.7) — and a further distinction is drawn between permanently structurally non-delegable acts (determined by the philosophical foundations of ℬ) and contextually structurally non-delegable acts (determined by the joint failure of 𝒩 and ℱ). The hard normative constraint imposed by CRPD Art 12 General Comment No. 1 §26–29 — abolishing substituted decision-making — applies to the conditionally delegable zone; this is a binding normative floor, not a legal basis. The distinguishability of supported from substituted decision-making must be established simultaneously across three layers: the ex-ante deliberation layer, the ex-post reversibility layer, and the decision-trace layer. The EUDI Wallet ARF provides multi-profile rather than multi-tenant delegated key custody. CRPD flows back through ICCPR Art 26 and ICESCR Art 9 as a universal engineering obligation binding on all wallet users. Cross-jurisdictional accountability vacuums are further classified into three types — moral crumple zone, algorithmic opacity, and cross-jurisdictional diffusion — and the Article 14 fifth-category gap (Q10) is disaggregated into Q10a (cryptographic attribution of authority transfer) and Q10b (cross-border multi-party accountability allocation). The FTLA-Agent four-tier governance framework (G_industry / G_state / G_recognition / G_oversight) exhibits asymmetric thickness in 2026; a temporal phasing of 5 / 5–10 / 10–15 years is proposed, with a recommended five-party liability allocation of 25 / 25 / 15 / 25 / 10.

civic-proof AI-agent delegation Tomasev-five-elements civic-proof-conjunction-matrix Arendt Habermas Pettit moral-crumple-zone FTLA-Agent CRPD-Article-12 supported-decision-making multi-tenant EUDI-Wallet cross-jurisdictional-liability