I had an Irma card for a while, with a supporting Android app, must've been about 7 or 8 years ago now. Seemed to work ok'ish then (as a proof of concept). You could use it at some places in the university, although I can't remember what the use case was exactly (it was definitely the same thing though).
Anyway, since they already had that 8 years ago, I don't really understand what the roadmap for this project is. I see it popping up every now and again.
Since then we have mainly moved from smart cards to a mobile app [0], and focused on getting the IRMA server and frontend software production-ready and developer friendly. Additionally we have worked on connecting existing institutions and companies on IRMA; you have to have parties that issue and verify IRMA attributes before the project can be of use to end users.
As to development, we have a public roadmap here [1].
Some Dutch healthcare institutions are using it, but as far as I know that's about it.
There's some development effort and every now and then a new demo pops up, but I don't think the project advertises itself enough when it comes to uptake.
I can see massive benefits to all kinds of businesses, especially now that restricted items such as alcohol and cigarettes are being ordered online because of COVID measures, but sadly the uptake has been minimal so far.
Here [0] is a list of projects that use IRMA. Indeed there are several healthcare institutions, but there is also https://irma-meet.nl which features authenticated video calling, and there are several municipalities that are planning to allow their citizens to log in using IRMA.
In addition, we are cooperating with several institutions and governments, including the Dutch national government, on future IRMA projects. Given the differences of IRMA from other mainstream authentication mechanisms, however, getting parties and their end users ready to use IRMA can be complicated and takes time.
Is IRMA still going to be relevant for healthcare in the Netherlands with the Wet Digitale Overheid law making authentication by means of the government issued DigiD credentials mandatory and all but making access via the ToegangsVerleningsService (TVS) authentication platform offered by the government a requirement for any citizen accessing their medical data?
It seems only a matter of time before municipalities will face the same requirement for authentication. Where does that leave IRMA?
Although developments have slowed down due to the pandemic and now the collapse of the dutch cabinet, the Privacy by Design Foundation and SIDN, who jointly develop and run IRMA, have been in talks and developing pilots with the Ministry of the Interior of the Netherlands to become an accepted party ("toegelaten partij") under the WDO. That would mean that when the WDO comes into effect, the ministry issues basic personal data to IRMA apps, and IRMA becomes one of the ways in which citizens can authenticate to services alongside DigiD.
Good to hear. Availability via the TVS is a must for vendors though, but you are probably aware of this.
I also wonder how something like IRMA will work when not only DigiD is used via the TVS, but also DigiD Machtigen to grant others permission to act on your behalf.
Anyway, since they already had that 8 years ago, I don't really understand what the roadmap for this project is. I see it popping up every now and again.