Entity

Anything that can be referenced in statements as an abstract or concrete noun. Entities include but are not limited to people, organizations, physical things, documents, abstract concepts, fictional characters, and arbitrary text. Any entity might perform roles in the ecosystem, if it can do so. Note that some entities fundamentally cannot take actions, for example, the string "abc" cannot issue credentials

National Accreditation Bodies (NAB)

A body that performs accreditation with authority derived from a Member State under Regulation (EC) No 765/2008

Public Sector Body

Public Sector Body

A state, regional or local authority, a body governed by public law or an association formed by one or several such authorities or one or several such bodies governed by public law, or a private entity mandated by at least one of those authorities, bodies or associations to provide public services, when acting under such a mandate

Certificate Authority (CA)

An entity which is trusted by one or more parties in the EUDI Wallet ecosystem to create and seal certificates

Trust Anchor

An authoritative entity represented by a public key and associated data. Note: based on RFC 5914

Registrar (of wallet-relying parties)

The body responsible for establishing and maintaining the list of registered wallet-relying parties established in their territory who has been designated by a Member State

Wallet Provider

A natural or legal person who provides Wallet Solutions

Wallet Provider

An Organizational Entity responsible for the development, publication, and management of a Wallet Solution

Provider of wallet-relying party access certificates (Access Certificate Authority, Access CA)

A natural or legal person mandated by a Member State to issue Relying Party access certificates to (Wallet-) Relying Parties registered in that Member State

Organizational Entity

A Federation Entity represented by a legal entity, specifically referring to public or private organizations (excluding natural persons) recognized through a unique identifier. For the purposes of this specification, an Organizational Entity is also referred to as an Organization

Subject

A thing about which claims are made

Holder

A role an entity might perform by possessing one or more verifiable credentials and generating verifiable presentations from them. A holder is often, but not always, a subject of the verifiable credentials they are holding. Holders store their credentials in credential repositories

User

User

A natural or legal person, or a natural person representing another natural person or a legal person, that uses trust services or electronic identification means provided in accordance with the [European Digital Identity Regulation]

Personal Device

Any electronic device that is primarily used by an individual. This includes smartphones, tablets, laptops, personal computers, smart watches, and other wearable technologies. Personal Devices are owned and managed by End-Users as individuals, rather than by Organizations, or by End-Users on behalf of an Organization

(Wallet) User

A user who is in control of the Wallet Unit

Wallet Solution

A combination of software, hardware, services, settings, and configurations, including Wallet Instances, one or more Wallet Secure Cryptographic Applications and one or more Wallet Secure Cryptographic Devices

Wallet Solution

The Wallet Solution is a product offered by a Wallet Provider to enable End-Users to securely manage and use their Digital Credentials. It is delivered by the Wallet Provider in the form of mobile app or cloud service or another form of software application. It may also utilize services and web services for the exchange of data between its Wallet Provider and the Wallet Instances

Wallet Unit

A unique configuration of a Wallet Solution that includes Wallet instances, Wallet Secure Cryptographic Applications and Wallet Secure Cryptographic Devices provided by a Wallet Provider to an individual Wallet User

Wallet Instance

The application installed and configured on a Wallet User’s device or environment, which is part of a Wallet Unit, and that the Wallet User uses to interact with the Wallet Unit

Wallet Instance

Instance of a Wallet Solution belonging to and controlled by a person, be this natural or legal. It enables the request, storage, presentation, and management of Digital Credentials. It can be installed (instantiated) in a Personal Device or in a Remote Service.

Wallet Secure Cryptographic Application (WSCA)

An application that manages critical assets by being linked to and using the cryptographic and non-cryptographic functions provided by the Wallet Secure Cryptographic Device

Wallet Secure Cryptographic Device (WSCD)

A tamper-resistant device that provides an environment that is linked to and used by the Wallet Secure Cryptographic Application to protect critical assets and provide cryptographic functions for the secure execution of critical operations

Critical assets

Assets within or in relation to a Wallet Unit of such extraordinary importance that where their availability, confidentiality or integrity are compromised, this would have a very serious, debilitating effect on the ability to rely on the Wallet Unit

Issuer

A role an entity can perform by asserting claims about one or more subjects, creating a verifiable credential from these claims, and transmitting the verifiable credential to a holder

Provider of person identification data (PID Provider)

A natural or legal person responsible for issuing and revoking the person identification data and ensuring that the person identification data of a user is cryptographically bound to a Wallet Unit

Attestation Provider

When not further qualified, a collective term for QEAA Provider, PuB-EAA Provider, or (non-qualified) EAA Provider

Attestation Revocation List

A mechanism provided by a PID Provider or an Attestation Provider (or a trusted party acting on its behalf) for communicating the revocation status of PIDs and attestations, by publishing a list of identifiers of revoked PIDs or attestations

Attestation Status List

A mechanism provided by a PID Provider or an Attestation Provider (or a trusted party acting on its behalf) for communicating the revocation status of PIDs and attestations, by publishing status information (Valid or Invalid) for all relevant PIDs or attestations

Attestation Rulebook

A document describing the attestation type, namespace(s), and other features for a specific attestation type

Attestation Type

An identifier for a type of attestation, unique within the context of the EUDI Wallet ecosystem

Electronic identification scheme

Electronic identification scheme

A system for electronic identification under which electronic identification means are issued to natural or legal persons or natural persons representing other natural persons or legal persons

Verifier

A role an entity performs by receiving one or more verifiable credentials, optionally inside a verifiable presentation for processing. Other specifications might refer to this concept as a relying party

Credential Verifier

Entity that requests and verifies Digital Credentials presented by a Holder

Relying Party Instance

A software and/or hardware module with the capability to interact with a Wallet Unit and to perform Relying Party authentication, that is controlled by a Relying Party

Credential Verifier Instance

A software application that allows an individual to request to an Holder and receive from that Holder a Digital Credential, sometimes in a proximity flow, and then verify the received Digital Credential

Relying Party

Relying Party

A natural or legal person that relies upon electronic identification, European Digital Identity Wallets or other electronic identification means, or upon a trust service

(Wallet-) Relying Party

A Relying Party that intends to rely upon Wallet Units for the provision of public or private services by means of digital interaction

(Wallet-relying party) access certificate

A certificate for electronic seals or signatures authenticating and validating the (Wallet-) Relying Party, issued by a provider of wallet-relying party access certificates

(Wallet-relying party) registration certificate

A data object that indicates the attributes the Relying Party has registered to intend to request from Users

Verifiable Data Registry

A role a system might perform by mediating the creation and verification of identifiers, verification material, and other relevant data, such as verifiable credential schemas, revocation registries, and so on, which might require using verifiable credentials. Some configurations might require correlatable identifiers for subjects. Some registries, such as ones for UUIDs and verification material, might act as namespaces for identifiers

Trusted List

Repository of information about authoritative entities in a particular legal or contractual context which provides information about their current and historical status

Conformity Assessment Body (CAB)

Conformity Assessment Body (CAB)

A conformity assessment body as defined in Article 2, point 13, of Regulation (EC) No 765/2008, which is accredited in accordance with that Regulation as competent to carry out conformity assessment of a qualified trust service provider and the qualified trust services it provides, or as competent to carry out certification of European Digital Identity Wallets or electronic identification means.

Qualified Trust Service Provider (QTSP)

Qualified Trust Service Provider (QTSP)

Qualified Trust Service Provider means a trust service provider who provides one or more qualified trust services and is granted the qualified status by the supervisory body

Credential Repository

Software, such as a file system, storage vault, or personal verifiable credential wallet, that stores and protects access to holders' verifiable credentials

Authentic Source

Authentic Source

A repository or system, held under the responsibility of a public sector body or private entity, that contains and provides attributes about a natural or legal person or object and that is considered to be a primary source of that information or recognised as authentic in accordance with Union law or national law, including administrative practice.

Authentic Source

A protected Resource Server, not necessarily an OAuth 2.0 Resource Server, utilized by the Credential Issuer to retrieve the data necessary for issuing a Credential related to a subject

Claim

An assertion made about a subject

Attribute

Attribute

A characteristic, quality, right or permission of a natural or legal person or of an object.

Person Identification Data (PID)

Person Identification Data (PID)

A set of data that is issued in accordance with Union or national law and that enables the establishment of the identity of a natural or legal person, or of a natural person representing another natural person or a legal person

Pseudonym

Data uniquely representing a user which in itself does not allow to infer any user's attribute or person identification data, without the use of additional information that is kept separately by the issuer of the data uniquely representing the user

Credential

A set of one or more claims made by an issuer. The claims in a credential can be about different subjects. The definition of credential used in this specification differs from, NIST's definitions of credential

Verifiable Credential

A tamper-evident credential whose authorship can be cryptographically verified. Verifiable credentials can be used to build verifiable presentations, which can also be cryptographically verifiable

Presentation

Data derived from one or more verifiable credentials issued by one or more issuers that is shared with a specific verifier

Verifiable Presentation

A tamper-evident presentation of information encoded in such a way that authorship of the data can be trusted after a process of cryptographic verification. Certain types of verifiable presentations might contain data that is synthesized from, but does not contain, the original verifiable credentials (for example, zero-knowledge proofs)

Attestation

When not further qualified, a collective term for a QEAA, PuB-EAA, or (non-qualified) EAA.

Electronic attestation of attributes (EAA)

Electronic attestation of attributes (EAA)

An attestation in electronic form that allows attributes to be authenticated

Electronic attestation of attributes issued by or on behalf of a public sector body (PuB-EAA)

Electronic attestation of attributes issued by or on behalf of a public sector body (PuB-EAA)

An electronic attestation of attributes issued by a public sector body that is responsible for an authentic source or by a public sector body that is designated by the Member State to issue such attestations of attributes on behalf of the public sector bodies responsible for authentic sources in accordance with Article 45f and with Annex VII

Qualified Electronic Attestation of Attributes (QEAA)

Qualified Electronic Attestation of Attributes (QEAA)

An electronic attestation of attributes which is issued by a qualified trust service provider and meets the requirements laid down in Annex V

Graph

A set of claims, forming a network of information composed of subjects and their relationship to other subjects or data. Each claim is part of a graph; either explicit in the case of named graphs, or implicit for the default graph

Default Graph

The graph containing all claims that are not explicitly part of a named graph

Named Graph

A graph associated with specific properties, such as verifiableCredential. These properties result in separate graphs that contain all claims defined in the corresponding JSON objects

Decentralized Identifier

A portable URL-based identifier, also known as a DID, is associated with an entity. These identifiers are most often used in a verifiable credential and are associated with subjects such that a verifiable credential can be easily ported from one credential repository to another without reissuing the credential. An example of a DID is did:example:123456abcdef

Verification Material

Information that is used to verify the security of cryptographically protected information. For example, a cryptographic public key is used to verify a digital signature associated with a verifiable credential

Qualified Electronic Signature (QES)

Qualified Electronic Signature (QES)

An advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures

Qualified Electronic Signature Creation Device (QSCD)

Qualified Electronic Signature Creation Device (QSCD)

Configured software or hardware used to create an electronic signature that meets the requirements laid down in Annex II of the [European Digital Identity Regulation

Qualified Electronic Signature Remote Creation Provider

A natural or a legal person that offers services related to the remote creation, validation, and management of qualified electronic signatures that meet legal requirements and standards in the [European Digital Identity Regulation] to be considered as legally equivalent to handwritten signatures

(Electronic) signature

(Electronic) signature

Data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign

(Electronic) seal

(Electronic) seal

Data in electronic form which is attached to or logically associated with other data in electronic form to ensure the latter’s origin and integrity

Public Key Infrastructure (PKI)

Systems, software, and communication protocols that are used by EUDI Wallet ecosystem components to distribute, manage, and control public keys. A PKI publishes public keys and establishes trust within an environment by validating and verifying the public keys mapping to an entity

Verification

The evaluation of whether a verifiable credential or verifiable presentation is an authentic and current statement of the issuer or presenter, respectively. This includes checking that the credential or presentation conforms to the specification, the securing mechanism is satisfied, and, if present, the status check succeeds. Verification of a credential does not imply evaluation of the truth of claims encoded in the credential.

Validation

The assurance that a claim from a specific issuer satisfies the business requirements of a verifier for a particular use. This specification defines how verifiers verify verifiable credentials and verifiable presentations. It also specifies that verifiers validate claims in verifiable credentials before relying on them. However, the means for such validation vary widely and are outside the scope of this specification. Verifiers trust certain issuers for certain claims and apply their own rules to determine which claims in which credentials are suitable for use by their systems

Authentication

Authentication

An electronic process that enables the confirmation of the electronic identification of a natural or legal person or the confirmation of the origin and integrity of data in electronic form

Administrative validity period (of a PID or attestation)

The date(s) from and/or up to which the attributes in the attestation are valid, which are represented as attribute(s) in the attestation

Technical validity period (of a PID or attestation)

The dates (and possibly times) from and up to which the attestation is valid, which are represented as metadata of the attestation. Note: All PIDs and attestations have a technical validity period, which is typically much shorter than its administrative validity period (if existent). The technical validity period is chosen based on a risk analysis, e.g. with regard to User privacy.

Selective Disclosure

The ability of a holder to make fine-grained decisions about what information to share.

Selective Disclosure

Selective Disclosure

Selective disclosure is a concept empowering the owner of data to disclose only certain parts of a larger data set, in order for the receiving entity to obtain only such information as is necessary for the provision of a service requested by a user

Selective Disclosure

The capability enabling the User to present a subset of the attributes included in a PID or attestation.

Embedded disclosure policy

A set of rules, embedded in an electronic attestation of attributes by its provider, that indicates the conditions that a wallet-relying party has to meet to access the electronic attestation of attributes

Namespace

A specification of the attribute identifier, syntax and semantics of attributes that can be used in an attestation, having an identifier that is unique within the context of the EUDI Wallet ecosystem

Notification

The act of transferring information to the European Commission