Glossary¶
This document uses the following terms and abbreviations:
| Term | Definition | Reference |
|---|---|---|
| Two Factor Authentication (2FA): | 2FA is a security system that requires two distinct forms of identification in order to access something. | |
| European Digital Identity Wallet Architecture and Reference Framework (ARF): | A toolbox including a technical Architecture and Reference Framework (ARF), a set of common standards and technical specifications, and a set of common guidelines and best practices. | ARF 1.2.0 |
| Authentication: | The process of verifying that the claimed identity is valid. It involves proving that the user is indeed who they claim to be. | eIDAS 2 |
| Authorization: | The process of granting or denying specific permissions or access rights to resources, systems, or data based on the authenticated identity of a user or entity. It determines what an authenticated user or entity is allowed to do. | eIDAS 2 |
| brainpool: | A set of elliptic curve domain parameters over finite prime fields that are recommended for use in cryptographic applications. | RFC5639 |
| OAuth 2.0 Demonstrating Proof of Possession (DPoP): | DPoP binds a token to the client that requested it to protect against misuse. | DPoP |
| Electronic Attestation of Attributes (EAA): | ‘Electronic Attestation of Attributes’ means an attestation in electronic form that allows the authentication of attributes. | eIDAS 2 Article 3 (44) |
| Elliptic-curve Diffie–Hellman (ECDH): | Elliptic-curve Diffie–Hellman (ECDH) is a key agreement protocol that allows two parties, each having an elliptic-curve public–private key pair, to establish a shared secret over an insecure channel. This shared secret may be directly used as a key, or to derive another key. | RFC6090 |
| German eID system (eID): | Architecture for the German electronic Identity Card and electronic Resident Permit is specified in the BSI Technical Guideline TR-03127. | BSI TR-03127 |
| eID-Server (eID-Server): | eID-Server for Online-Authentication based on Extended Access Control Version 2 (EAC2) between an eService and an eIDAS token, e.g. the German National Identity Card, the German electronic Residence Permit, the eID-Card for Union Citizens or an EAC-compatible mobile eID based on secure storage on a mobile device, that was derived from one of the former documents. | BSI TR-03130 |
| eIDAS regulation version 2 (eIDAS): | Regulation of the European Parliament and of the Council amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity. | eIDAS 2 |
| European Digital Identity Wallet (EUDIW): | ‘European Digital Identity Wallet’ means an electronic identification, which allows the user to securely store, manage and validate identity data and electronic attestations of attributes, to provide them to relying parties and to other users of European Digital Identity Wallets, and to sign by means of qualified electronic signatures or to seal by means of qualified electronic seals. | eIDAS 2 |
| (European Digital Identity) Wallet Provider (EUDIW Provider, Wallet Provider): | The obligation to provide an EUDIW arises from the eIDAS Regulation. The MS determines whether it provides the EUDIW itself, mandates the provider(s) or recognizes one or more Wallet Provider(s) by another organization. | eIDAS 2 |
| embedded UICC (eUICC): | A removable or non-removable UICC which enables the secure remote and/or local management of Profiles. | GSMA |
| Hash-based message authentication code (HMAC): | HMAC is a specific type of message authentication code involving a cryptographic hash function and a secret cryptographic key. | RFC6234 |
| Identity Owner (Holder): | The entity, such as a natural person, a legal person, or a device, which is subject of verifiable credentials from credential issuers and being in control of the reception, storage, and sharing of such credentials with relying parties. ARF 1.2.0 | |
| Hardware Security Module (HSM): | A HSM is a device for providing cryptographic functionalities whereas the life cycle of cryptographic keys and the performance of cryptographic functions is managed within a highly protected hardware environment. | |
| Identification: | The process of claiming or recognizing an identity. It involves presenting an identifier that represents an individual or entity. | eIDAS 2 |
| Internet Engineering Task Force (IETF): | The Internet Engineering Task Force is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite. It has no formal membership roster or requirements and all its participants are volunteers. | |
| International Organization for Standardization (ISO): | The International Organization for Standardization is an independent, non-governmental, international standard development organization composed of representatives from the national standards organizations of member countries. | |
| PID presentation format (ISO mdoc): | ||
| Issuer: | An entity that issues credentials to a Holder. Sometimes referred to as Provider. | OpenID4VCI |
| JSON Web Token (JWT): | JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted. | RFC7519 |
| Level of Assurance (LoA): | eIDAS Levels of Assurance (LoA), BSI TR-03107 | |
| Message Authentication Code (MAC): | The result of a HMAC performance. | RFC8446 |
| OpenID for Verifiable Credential Issuance (OpenID4VCI): | OAuth protected API for the issuance of Verifiable Credentials. | OpenID4VCI |
| OpenID for Verifiable Presentations (OpenID4VP): | A mechanism on top of OAuth 2.0 RFC6749 that enables presentation of Verifiable Credentials as Verifiable Presentations. | OpenID4VP |
| Person Identification Data (PID): | ‘Person Identification Data’ means a set of data, issued in accordance with Union or national law, enabling the identity of a natural or legal person, or of a natural person representing a natural or legal person, to be established. | eIDAS 2 |
| Person Identification Data Issuer (PID Provider (PI)): | A Member State or other legal entity issuing Person Identification Data to Users for later use. | ARF 1.2.0 |
| Person Identification Data Provider (PID Provider (PP)): | A Member State or other legal entity providing Person Identification Data to Users. | ARF 1.2.0 |
| Public Key Infrastructure (PKI): | Systems, software, and communication protocols that are used by EUDI Wallet ecosystem components to distribute, manage, and control public keys. A PKI publishes public keys and establishes trust within an environment by validating and verifying the public keys mapping to an entity. | ARF 1.2.0 |
| Proof of Possession (PoP): | Evidence provided by the Wallet regarding the possession of the respective key material. | |
| Qualified Electronic Attestation of Attributes (QEAA): | ‘Qualified Electronic Attestation of Attributes’ means an electronic attestation of attributes, which is issued by a qualified trust service provider and meets the requirements laid down in Annex V. | eIDAS 2 Article 3 (45) |
| Qualified Electronic Signature (QES): | ‘Qualified Electronic Signature’ means an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures. | eIDAS 2 |
| Qualified Trust Service Provider (QTSP): | A Trust Service Provider who provides one or more Qualified Trust Services and is granted the qualified status by the supervisory body. | ARF 1.2.0 |
| Relying Party (RP): | ‘Relying Party’ means a natural or legal person that relies upon an electronic identification, European Digital Identity Wallets or other electronic identification means, or a trust service. | eIDAS 2 Article 3 (6) |
| Selective Disclosure for JWT (SD-JWT): | A composite structure, consisting of an Issuer-signed JWT (JWS, RFC7515), Disclosures and optionally a Key Binding JWT that supports selective disclosure. | SD-JWT (Draft) |
| SD-JWT-based Verifiable Credentials (SD-JWT VC): | Verifiable Credentials with JSON payloads with and without selective disclosure based on the SD-JWT format. | SD-JWT (Draft) |
| Secure Element (SE): | Secure Elements are physical components in electronic devices that securely store and protect sensitive data and applications and may provide certain secure cryptographic operations. | Secure Elements for mobile platforms |
| Seed Credential: | A credential derived from the electronic Identity Card. It is used to request a fresh PID credential created on-demand from the PID Provider. | |
| Smart-eID (Smart-eID): | The smart eID enables citizens to store their electronic proof of identity directly in their smartphones. | Smart-eID Act |
| Trusted List (Trusted List): | Repository of information about authoritative entities in a particular legal or contractual context which provides information about their current and historical status. | ARF 1.2.0 |
| Trust Service Provider (TSP): | A natural or a legal person who provides one or more Trust Services, either as a qualified or as a non-qualified Trust Service Provider. | ARF 1.2.0 |
| Interacting entity (User): | A natural or legal person using an EUDI Wallet. Also referred to as Holder. | ARF 1.2.0 |
| User Experience / User Interface (UX/UI): | The user interaction work flow (UX) and the user interaction functional and visual elements (UI) of a software and/or hardware application. | Wikipedia User experience design |
| Verifiable Credential (VC): | A credential created by an Issuer in a way that the integrity and authenticity of the credential can be cryptographically verified. | OpenID4VCI |
| Wallet Secure Cryptographic Device (WSCD): | Hardware-backed secure environment for creating, storing, and/or managing cryptographic keys and data. Examples include Secure Elements (SE), Trusted Execution Environments (TEEs), and (remote or local) Hardware Security Module (HSM). | ARF 1.2.0 |
| Wallet-Relying Party (WRP): | wallet-relying party means a relying party that intends to rely upon wallet units for the provision of public or private services by means of digital interaction. | eIDAS 2 Article 5b |