Glossary¶
This page defines terms, abbreviations, and acronyms used across the German EUDI Wallet Ecosystem documentation. Entries are drawn from the Blueprint, the Wallet Architecture Documentation, and this Developer Guide. Each entry links to the primary source specification or regulation where applicable.
A¶
Access Certificate An X.509 certificate issued to a Relying Party by a national Registrar that authenticates the RP's legal identity to the EUDI Wallet during a presentation request. It is distinct from the Registration Certificate and must be included directly in OID4VP requests. RPs may hold multiple Access Certificates for key rotation purposes, and revoked certificates must remain available via the Registrar for ten years. Defined under ETSI TS 119 411-8. See also: Registration Certificate, Registrar, Overasking Protection.
ARF – Architecture and Reference Framework The European Commission's toolbox for EUDI Wallet implementations across all member states, comprising technical architecture specifications, common standards, guidelines, and best practices. The German ecosystem implementation is derived from and aligned with the ARF. Source: ARF on GitHub.
Attestation Catalog (also: Catalog of Attestations) A public registry maintained by the Orchestrator listing all EAA types available within the German EUDI Wallet ecosystem. Each entry references the corresponding Rulebook, JSON schema (Schema Metadata), and Trust List for authorised issuers. EAA Providers publish their schema metadata to the Catalog to make their credential type discoverable by wallets and verifiers. See the Catalog of Attestations section of the Blueprint.
Attribute
A single piece of identity or qualification data within a credential, for example family_name, birthdate, or driving_privileges. Attributes can be selectively disclosed to Relying Parties using the SD-JWT or mDoc selective disclosure mechanisms.
Authentication The process of verifying that a claimed identity is valid — proving that the user is who they claim to be. Distinct from Identification (claiming an identity) and Authorization (granting access rights). Source: eIDAS 2.0, Article 3.
Authorization In the OID4VCI context, Authorization refers to the OAuth 2.0 grant flows that allow a wallet to obtain a credential from an issuer. Source: eIDAS 2.0; OAuth 2.0 (RFC 6749).
Authorization Code Flow An OID4VCI grant type following standard OAuth 2.0 authorization code semantics, where the wallet initiates an authentication step with the issuer's authorization server before obtaining a credential. Supports PID-based identification during EAA issuance. See OID4VCI.
B¶
Blueprint (BMI Blueprint) The public architecture and governance reference document for the German EUDI Wallet ecosystem, published on OpenCoDE. It proposes architectural, governance, and operational models aligned with eIDAS 2.0 and the ARF. Not a final binding specification, but the authoritative design basis for the German ecosystem. Published at bmi.usercontent.opencode.de/eudi-wallet/eidas-2.0-architekturkonzept/.
Bundesdruckerei (BDR) Designated PID Provider for the German EUDI Wallet. Bundesdruckerei issues PID credentials derived from chip data of the Personalausweis (German national identity card) or electronic residence permit.
C¶
CBOR – Concise Binary Object Representation A compact binary data encoding format used as the serialisation basis for ISO mDoc credentials. CBOR is the mDoc equivalent of JSON for SD-JWT VC. Defined in RFC 7049 / RFC 8949.
CIR 2024/2977 Commission Implementing Regulation (EU) 2024/2977. The EU Commission's implementing act specifying the mandatory and optional attribute set for the PID, along with technical format requirements applying to all member states. This is the normative source for the German PID attribute catalogue.
CIR 2024/2979 Commission Implementing Regulation (EU) 2024/2979. Specifies the requirements for electronic identification means at each Level of Assurance. Sets out security requirements, including two-factor authentication and resistance to cloning, that the German wallet's authentication mechanism must satisfy, particularly for PID issuance at LoA High.
Credential A digitally signed, verifiable data structure issued into a wallet that represents a set of attributes about the holder. Credentials in the German EUDI Wallet ecosystem are issued in SD-JWT VC or ISO mDoc format. Also referred to as a Verifiable Credential. See OID4VCI.
Credential Offer
An OID4VCI mechanism through which an issuer initiates a credential issuance flow by presenting a URI (openid-credential-offer://) or a reference URL (credential_offer_uri) to the wallet. The wallet fetches the offer object, which contains the issuer URL and credential configuration identifiers. Source: OID4VCI spec.
CSC API – Cloud Signature Consortium API A standardised API for interoperable remote digital signing operations. Version 2 (CSC API v2) is referenced in the German ecosystem for future QES integration. Source: CSC API v2.2.0.0.
D¶
DCQL – Digital Credentials Query Language A structured query language used within OID4VP presentation requests to specify exactly which credential types and attributes a Relying Party requires from the wallet. DCQL is the query format used in HAIP-compliant flows, superseding the earlier Presentation Exchange format for this profile. Specified in the OID4VP spec.
DPoP – Demonstrating Proof of Possession An OAuth 2.0 mechanism that cryptographically binds an access token to the client that requested it, preventing misuse by a third party in possession of the token. Used in OID4VCI and OID4VP flows to bind tokens to the wallet's key material. Source: DPoP draft (IETF).
E¶
EAA – Electronic Attestation of Attributes A digitally signed credential issued into the EUDI Wallet by an authorised EAA Provider, attesting to one or more attributes of the holder beyond the core identity (PID). Examples include driver's licences, academic degrees, professional qualifications, and health records. EAAs are legally equivalent to their paper counterparts across the EU when issued by a recognised provider. Defined in eIDAS 2.0, Article 3(44).
EAA Provider (also: EAA Issuer) An organisation authorised to issue EAAs into a user's EUDI Wallet. EAA Providers define and publish a Rulebook for each credential type, register with the Orchestrator, and implement an OID4VCI-compliant issuance endpoint. Both public sector bodies and private organisations may act as EAA Providers.
eID (German eID system) Germany's electronic identity system based on the chip in the Personalausweis (national ID card), electronic Residence Permit, and eID Card for Union Citizens. The eID chip and its Online-Ausweis functionality are the trust anchor for PID issuance in the German EUDI Wallet. Architecture specified in BSI TR-03127.
eID-Server A server implementing Online Authentication based on Extended Access Control Version 2 (EAC2) between an eService and an eIDAS token (e.g. the German national ID card). Used in the PID issuance flow to authenticate users via their Personalausweis chip. Specified in BSI TR-03130.
eIDAS 2.0 Regulation (EU) 2024/1183 of the European Parliament and of the Council, amending eIDAS (Regulation (EU) No 910/2014). The legal foundation for the EUDI Wallet, requiring all member states to make a wallet available to citizens and mandating acceptance by public sector bodies, Very Large Online Platforms, and certain regulated private sector entities. Source: eIDAS 2.0 full text.
ERICA An open-source debug and testing tool for the German EUDI Wallet ecosystem. Allows developers to inspect credential issuance and presentation flows, simulate wallet interactions, and diagnose protocol-level issues. Hosted at gitlab.opencode.de/bmi/eudi-wallet/erica. Documentation in the Developer Guide.
ETSI – European Telecommunications Standards Institute The European standards body responsible for defining technical specifications for trust services, electronic signatures, and the EUDI Wallet ecosystem. Key ETSI standards referenced in the German ecosystem include the TS 119 4xx series (trust service requirements), TS 119 472 series (EAA/PID attestation profiles), and TS 119 612 (Trusted Lists). See the full standards list in the Blueprint.
EUDI Wallet (EUDIW) – European Digital Identity Wallet An electronic identification means that allows a user to securely store, manage, and share identity data and Electronic Attestations of Attributes, to provide them to Relying Parties, and to create Qualified Electronic Signatures or Seals. Member states are required to make wallets available to their citizens under eIDAS 2.0. Defined in eIDAS 2.0.
H¶
HAIP – High Assurance Interoperability Profile A profile of the OpenID for Verifiable Credentials specifications (OID4VCI + OID4VP) that selects a specific, constrained set of protocol options to ensure interoperability at high assurance levels. HAIP is the primary normative profile for the German EUDI Wallet ecosystem. Specifies use of SD-JWT VC and ISO mDoc formats, DCQL for presentation queries, and FAPI 2.0-aligned security mechanisms. Source: OpenID4VC High Assurance Interoperability Profile 1.0-draft 04.
HSM – Hardware Security Module A physical device providing cryptographic functions where the lifecycle of cryptographic keys and the execution of cryptographic operations occur within a highly protected hardware environment. The Wallet Backend uses an HSM to sign Wallet Instance Attestations (WIA) and manage long-term signing keys. See Wallet Architecture Documentation, Section 4.3.
Holder (also: User, Identity Owner) A natural or legal person who receives credentials from issuers, stores them in a EUDI Wallet, and controls their presentation to Relying Parties. Also referred to as the User in eIDAS 2.0 and the Identity Owner in ARF terminology. Source: ARF 1.2.0.
I¶
Identification The process of claiming or presenting an identity, typically involving presentation of an identifier. Distinct from Authentication (proving the identity) and Authorization (granting rights). Source: eIDAS 2.0.
ISO/IEC 18013-5 The international standard specifying the interface for a mobile driving licence (mDL), including the credential format (mDoc/CBOR), device engagement mechanisms, and the interface between the mDL and reader. Adopted in the EUDI Wallet ecosystem as one of the two primary credential formats for PID and EAAs. Source: ISO/IEC 18013-5:2021.
Issuer An entity that issues a Verifiable Credential to a Holder. In the EUDI Wallet context: the PID Provider issues PID; EAA Providers issue EAAs. Sometimes referred to as Provider. Source: OID4VCI.
J¶
JOSE – JSON Object Signing and Encryption The IETF framework (RFC 7515–7520) covering JSON Web Signatures (JWS), JSON Web Encryption (JWE), JSON Web Keys (JWK), and JSON Web Algorithms (JWA). SD-JWT VC credentials and WIA tokens are built on JOSE primitives.
JWT – JSON Web Token A compact, URL-safe format for representing claims as a JSON object, signed and optionally encrypted. The base format for SD-JWT VC credentials and Wallet Instance Attestations in the German EUDI Wallet ecosystem. Source: RFC 7519.
K¶
KB-JWT – Key Binding JWT An optional component of an SD-JWT presentation that cryptographically proves the presenter is the legitimate holder of the credential. The Key Binding JWT is signed with the holder's private key and binds the presentation to a specific audience and nonce, preventing replay attacks. Part of the SD-JWT (RFC 9901) specification.
L¶
LoA – Level of Assurance A classification of the trustworthiness of an identity verification or authentication process, defined by eIDAS as Low, Substantial, or High. The German PID is issued at LoA High, based on the eID chip authentication of the Personalausweis. CIR 2024/2979 sets the security requirements for each LoA. Sources: eIDAS Levels of Assurance; BSI TR-03107.
M¶
mDoc / ISO mDoc
The binary credential format defined by ISO/IEC 18013-5, encoded in CBOR. Used as one of the two primary credential formats in the German EUDI Wallet ecosystem alongside SD-JWT VC. In the mDoc format, the German PID uses docType: eu.europa.ec.eudi.pid.1; Germany-specific extension attributes are in the namespace eu.europa.ec.eudi.pid.de.1. See ISO/IEC 18013-5.
MDVM – Mobile Device Vulnerability Management
A component of the German EUDI Wallet architecture that continuously monitors identified vulnerabilities in the hardware key store (HKS) and operating system of user devices. The MDVM issues mdvm_token attestations that the Wallet Backend uses to assess device security posture before issuing Wallet Instance Attestations (WIA). If an exploitable vulnerability is known for a device, the use of RWSCD keys is prevented. See Wallet Architecture Documentation, Section 6.
O¶
OID4VC – OpenID for Verifiable Credentials The collective name for the OpenID Foundation specification family covering credential issuance (OID4VCI) and presentation (OID4VP). The core protocol family used throughout the German EUDI Wallet ecosystem.
OID4VCI – OpenID for Verifiable Credential Issuance The OpenID Foundation protocol specification defining an API for issuers to issue Verifiable Credentials into a wallet. Defines the Credential Offer, Authorization Endpoint, Token Endpoint, and Credential Endpoint flows. The issuance protocol used by all EAA Providers in the German EUDI Wallet ecosystem. Source: OID4VCI v1.0.
OID4VP – OpenID for Verifiable Presentations The OpenID Foundation protocol specification defining a mechanism on top of OAuth 2.0 for Relying Parties to request and receive Verifiable Credentials from a wallet. Defines the authorisation request, presentation exchange using DCQL, and response flows. The presentation protocol used by all Relying Parties in the German EUDI Wallet ecosystem. Source: OID4VP v1.0.
Orchestrator The entity responsible for operating the German EUDI Wallet ecosystem infrastructure, including the Trusted List, the Attestation Catalog, the sandbox environment, and ecosystem governance. Currently operated by SPRIND (Bundesagentur für Sprunginnovationen) on behalf of BMDS. See Blueprint – Governance & Operation Model.
Overasking A situation where a Relying Party requests more attributes from a user than is necessary for the declared purpose of the transaction, potentially violating GDPR's data minimisation principle. The wallet performs an over-asking check by comparing the requested attributes against those declared in the RP's Registration Certificate, and displays a warning to the user if the request exceeds the registered scope. See Blueprint – Overasking Protection.
P¶
Personalausweis The German national identity card. The chip in the Personalausweis (and the electronic Residence Permit) is the trust anchor for PID issuance in the German EUDI Wallet. The chip data is read via the eID Online-Ausweis function to derive PID attributes.
PID – Person Identification Data
A set of data, issued in accordance with Union or national law, enabling the identity of a natural or legal person to be established. In the German EUDI Wallet, PID is issued by Bundesdruckerei at LoA High, based on the Personalausweis chip data. Available in SD-JWT VC (vct: urn:eudi:pid:de:1) and mDoc (docType: eu.europa.ec.eudi.pid.1) formats. PID does not include a persistent unique identifier across sessions. Defined in eIDAS 2.0, Article 3(3); see also [CIR 2024/2977] and the German PID Rulebook.
PID Provider A Member State or other legal entity that issues Person Identification Data to users for later use in a EUDI Wallet. In Germany, the designated PID Provider is Bundesdruckerei. Source: ARF 1.2.0.
PKI – Public Key Infrastructure Systems, software, and protocols used to distribute, manage, and control public keys and certificates, establishing trust within the EUDI Wallet ecosystem. The ecosystem PKI underpins certificate chains for Access Certificates, Registration Certificates, Trusted Lists, and Wallet Instance Attestations. Source: ARF 1.2.0.
PoP – Proof of Possession
Evidence provided by the wallet demonstrating control of specific key material. In the German wallet architecture, the Wallet Instance generates PoP JWTs (wi_wb_auth_pop, wi_wia_pop) to prove possession of hardware-bound private keys when requesting Wallet Instance Attestations. See Wallet Architecture Documentation, Section 4.2.
Pre-Authorized Code Flow
An OID4VCI grant type (urn:ietf:params:oauth:grant-type:pre-authorized_code) in which the issuer pre-generates an authorization code and delivers it to the wallet via the Credential Offer, without requiring a separate OAuth authorization step. Used when the issuer has already authenticated the user through an out-of-band process. Source: OID4VCI.
PubEAA – Public Electronic Attestation of Attributes An EAA issued by or on behalf of a public sector body (e.g. a government ministry or agency), carrying equivalent legal status to official documents. Subject to specific trust and governance requirements under eIDAS 2.0. Trust model described in Blueprint – QEAA/PubEAA Trust.
Q¶
QEAA – Qualified Electronic Attestation of Attributes An EAA issued by a Qualified Trust Service Provider (QTSP), meeting the highest assurance requirements under eIDAS 2.0 Annex V. QEAAs carry enhanced legal standing and are required for certain regulated use cases. Defined in eIDAS 2.0, Article 3(45).
QES – Qualified Electronic Signature An advanced electronic signature created using a Qualified Electronic Signature Creation Device, based on a qualified certificate. Legally equivalent to a handwritten signature across the EU. A planned upcoming feature for the German EUDI Wallet, see Blueprint – QES (Upcoming Features). Defined in eIDAS 2.0.
QTSP – Qualified Trust Service Provider A Trust Service Provider that has been granted qualified status by a national supervisory body and provides one or more Qualified Trust Services (such as QEAA issuance or QES). Source: ARF 1.2.0.
R¶
RASP – Runtime Application Self-Protection A security mechanism that continuously and dynamically monitors a wallet application and its host device at runtime for integrity and authenticity threats, including app hooking, repackaging, debugging, rooting, and emulation. Used in the German wallet's MDVM architecture on both Android and iOS as a platform-independent detection layer. See Wallet Architecture Documentation, Section 6.1.
Registration Certificate An X.509 certificate issued to a Relying Party by a national Registrar that declares the RP's intended use, specifying which attributes may be requested, for what stated purpose, and including a human-readable service description. Included in OID4VP requests to allow the wallet to perform over-asking checks and inform the user. Defined under ETSI TS 119 475. See also: Access Certificate, Overasking.
Registrar The national entity responsible for registering Relying Parties, validating their identity and intended use declarations, and issuing Access Certificates and Registration Certificates. The Registrar also maintains a public lookup of registered RPs and certificate history. In the German ecosystem, Registrar functions are operated by the Orchestrator. See Blueprint – Wallet-Relying Party Authentication.
Relying Party (RP) A natural or legal person that relies upon an EUDI Wallet or electronic identification means to verify a user's identity or attributes for a service. RPs must register with the Orchestrator, obtain Access and Registration Certificates, and implement an OID4VP-compliant verification flow. Defined in eIDAS 2.0, Article 3(6). See also: RP Onboarding – Developer Guide.
Rulebook The human-readable technical and governance specification for a specific EAA type. Defines the credential schema, attribute semantics, issuance assurance level, acceptable credential formats, trust list governance, and credential lifecycle rules. EAA Providers either adopt an existing Rulebook or author and publish a new one. A published and registered Rulebook is required at production; in sandbox it is not required to begin testing. See Developer Guide – Rulebooks.
RWSCD / RWSCA – Remote Wallet Secure Cryptographic Device / Application A remote Hardware Security Module (HSM) operated by the Wallet Backend that stores and manages long-term cryptographic keys on behalf of the Wallet Instance. The RWSCA provides the user authentication and key protection assurances required for LoA High, independent of the security of the user's mobile device. See Wallet Architecture Documentation, Section 5.
S¶
Sandbox The non-production testing environment for the German EUDI Wallet ecosystem. The Sandbox allows developers to integrate and test credential issuance and presentation flows using test credentials, without the full governance requirements that apply at production. Real eID usage is not supported; only test credentials may be used. See Developer Guide – Sandbox.
Schema Metadata A machine-consumable entry in the Attestation Catalog linking an EAA type to its Rulebook, JSON schema definition, and Trust List. Schema metadata enables wallets and verifiers to understand and validate a credential type without out-of-band configuration. See Blueprint – Catalog of Attestations.
SD-JWT – Selective Disclosure JSON Web Token An IETF specification defining a mechanism for selective disclosure of individual claims within a JWT. An SD-JWT consists of an issuer-signed JWT, one or more Disclosure objects (salted hash-encoded claims), and an optional Key Binding JWT. Holders can reveal only a chosen subset of claims to a verifier. Source: RFC 9901.
SD-JWT VC – SD-JWT-based Verifiable Credential
A credential format combining SD-JWT with the Verifiable Credential data model. The primary credential format for the German EUDI Wallet. For the German PID, the vct claim is urn:eudi:pid:de:1. Source: draft-ietf-oauth-sd-jwt-vc.
SE – Secure Element A tamper-resistant hardware component in a mobile device that securely stores and processes sensitive data and cryptographic keys. Examples include the embedded Secure Enclave (iOS) and StrongBox / hardware-backed KeyStore (Android). The German wallet architecture prioritises the most secure hardware key store available on a device for credential key material. Source: BSI on Secure Elements.
Seed Credential A credential derived from the electronic identity card (Personalausweis chip) that is used to request a fresh PID credential on-demand from the PID Provider. The Seed Credential acts as a renewable bridge between the physical eID and the wallet's PID, enabling PID refresh without requiring the user to re-tap their card. Described in the Wallet Architecture Documentation.
Selective Disclosure The capability for a credential holder to reveal only a chosen subset of attributes from a credential during a presentation, without exposing the full credential. Implemented in SD-JWT VC via the SD-JWT Disclosure mechanism and in mDoc via the ISO 18013-5 selective disclosure mechanism. A core privacy feature of the German EUDI Wallet.
Status List A compact, bit-array-based mechanism for publishing the revocation or suspension status of credentials or Wallet Instance Attestations, allowing verifiers to check status without querying a central server per credential. Used by the Wallet Backend to express the security status of Wallet Instances in the WIA. Source: IETF draft-ietf-oauth-status-list.
T¶
TEE – Trusted Execution Environment A secure area of the main processor in a mobile device that runs code and processes data in isolation from the standard operating system. Used as a hardware-backed key store (HKS) in the German wallet's mobile device security architecture when a dedicated Secure Element is not available.
Trust List (Trusted List) A machine-readable, cryptographically signed list of authorised issuers (and their certificates) for a given credential type, or a list of authorised Trust Service Providers. Relying Parties use Trust Lists to verify that a received credential was issued by a legitimate, registered entity. Required at production; optional in sandbox. Format specified in ETSI TS 119 612. Source definition: ARF 1.2.0.
TSP – Trust Service Provider A natural or legal person providing one or more Trust Services, either as a qualified (QTSP) or non-qualified Trust Service Provider. Source: ARF 1.2.0.
2FA – Two-Factor Authentication A security system requiring two distinct forms of identification before granting access. In the German EUDI Wallet, users authenticate to the RWSCA using two factors: a possession factor (hardware-bound key on the mobile device) and a knowledge factor (wallet PIN). Both factors are required for credential presentations at LoA High.
V¶
VC – Verifiable Credential A credential issued by an Issuer in a way that the integrity and authenticity of the credential, including the identity of the issuer and the integrity of the claims, can be cryptographically verified by any party. Source: OID4VCI.
VLOP – Very Large Online Platform Online platforms designated under the EU Digital Services Act (DSA) with more than 45 million monthly active users in the EU (e.g. Meta, Amazon, Booking.com). VLOPs are required under eIDAS 2.0 to accept EUDI Wallets for user authentication upon request by end of 2027.
W¶
Wallet Backend (WB) The server-side infrastructure operated by the Wallet Provider that manages wallet account registration, issues Wallet Instance Attestations (WIA), and interfaces with the Remote WSCD (HSM). The Wallet Backend validates device security posture via the MDVM before issuing WIAs. See Wallet Architecture Documentation, Section 4.
Wallet Instance (WI) The installed instance of the EUDI Wallet application on a specific user device. Each Wallet Instance registers with the Wallet Backend, obtains a Wallet Instance Attestation (WIA) per issuer it interacts with, and manages its own hardware-bound key pairs. See Wallet Architecture Documentation.
Wallet Provider An entity that develops and distributes a EUDI-compliant wallet application to end users. Germany operates a national reference wallet and supports additional certified third-party wallet providers. Defined in eIDAS 2.0.
WIA – Wallet Instance Attestation A signed JWT issued by the Wallet Backend that attests to the validity, security posture, and integrity of a specific Wallet Instance toward Issuers and Relying Parties. The WIA is bound to the Wallet Instance's hardware-backed public key and includes a Status List entry for revocation. Format profiled under ETSI TS 119 472-3 and OAuth Attestation-Based Client Authentication. See Wallet Architecture Documentation, Section 4.
WRP – Wallet-Relying Party A Relying Party that intends to rely upon EUDI Wallet Units for the provision of public or private services through digital interaction. The term emphasises the wallet-specific context of the relying party relationship, as distinct from general eIDAS relying parties. Defined in eIDAS 2.0, Article 5b.
WSCD – Wallet Secure Cryptographic Device A hardware-backed secure environment for creating, storing, and managing cryptographic keys and data within the wallet. Examples include Secure Elements (SE), Trusted Execution Environments (TEE), and local or remote Hardware Security Modules (HSM). The WSCD is the hardware foundation that enables the LoA High security properties of the German EUDI Wallet. Source: ARF 1.2.0.