Data Source
Description: The role responsible for collecting, storing, and controlling personal data which persons, operators, and data using services may wish to access and use. Reference: Understanding MyData Operator
Data Using Service
Description: The role responsible for processing personal data from one or more data sources to deliver a service. Reference: Understanding MyData Operator
Decentralized Identifier (DID)
Description: A Decentralized Identifier (DID) is a type of identifier that is globally unique, resolvable with high availability, and cryptographically verifiable. DIDs are typically associated with cryptographic material, such as public keys and service endpoints, for establishing secure communication channels. Reference: DID Primer
Electronic Attestation of Attributes
Description: 'electronic attestation of attributes' means an attestation in electronic form that allows the authentication of attributes. Reference: eIDAS 2 Definitions
Elliptic-curve Diffie–Hellman
Description: Elliptic-curve Diffie–Hellman (ECDH) is a key agreement protocol that allows two parties, each having an elliptic-curve public-private key pair, to establish a shared secret over an insecure channel. This shared secret may be directly used as a key, or to derive another key. Reference: RFC6090
European Digital Identity Wallet
Description: 'European Digital Identity Wallet' means an electronic identification, which allows the user to securely store, manage and validate identity data and electronic attestations of attributes, to provide them to relying parties and to other users of European Digital Identity Wallets, and to sign by means of qualified electronic signatures or to seal by means of qualified electronic seals. Reference: eIDAS 2 Definitions
European Digital Identity Wallet Architecture and Reference Framework
Description: A toolbox including a technical Architecture and Reference Framework (ARF), a set of common standards and technical specifications, and a set of common guidelines and best practices. Reference: ARF 1.3.0
German eID system
Description: Architecture for the German electronic Identity Card and electronic Resident Permit is specified in the BSI Technical Guideline TR-03127. Reference: BSI TR-03127
GDPR
Description: The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). Reference: GDPR as in EU Regulations
Individual
Description: A natural, living human being. Reference: Understanding MyData Operator
JSON Web Token
Description: JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted. Reference: RFC7519
Hardware Security Module
Description: A HSM is a device for providing cryptographic functionalities whereas the life cycle of cryptographic keys and the performance of cryptographic functions is managed within a highly protected hardware environment.
Identity Owner
Description: The entity, such as a natural person, a legal person, or a device, which is subject of verifiable credentials from credential issuers and being in control of the reception, storage, and sharing of such credentials with relying parties. Reference: ARF 1.2.0
Level of Assurance
Description: Degree of confidence in the claimed identity of a person – how certain a service provider can be that it is you, the one using your eID to authenticate to the service, not someone else pretending to be you. In other words, it refers to the difficulty of using someone else’s eID to access an online service. Reference: eIDAS Levels of Assurance
Message Authentication Code
Description: The result of a HMAC performance Reference: RFC8446
OpenID for Verifiable Credential Issuance
Description: OAuth protected API for the issuance of Verifiable Credentials. Reference:
OpenID for Verifiable Presentations
Description: A mechanism on top of OAuth 2.0 [RFC6749] that enables presentation of Verifiable Credentials as Verifiable Presentations. Reference:
Organisation Wallet
Description: An Organisation Wallet is a digital tool for businesses to securely manage (issue, store, and verify) verifiable credentials. It ensures compliance with standards like OpenID4VC (eIDAS 2.0), Aries Inteorop Profile using AnonCreds, JWT, SD-JWT credential formats etc, providing interoperability and robust security. The wallet automates credential management processes, enhancing efficiency and ensuring regulatory compliance with data protection laws like GDPR, eiDAS2.0 etc. Organisation Wallets can issue PID, LPID, (Q)EAAs etc depending on the organisation. Reference:
- iGrant.io Organisation Wallet Overview
- iGrant.io Organisation Wallet Issuer Demo
- OpenID for Verifiable Credential Issuance
Person Identification Data
Description: 'person identification data' means a set of data, issued in accordance with Union or national law, enabling the identity of a natural or legal person, or of a natural person representing a natural or legal person, to be established. Reference: eIDAS 2 Article 3 (45)
Person Identification Data Provider
Description: A Member State or other legal entity providing Person Identification Data to Users. Reference: ARF 1.2.0
Proof of Possession
Description: Evidence provided by the Wallet regarding the possession of the respective key material. Reference: eIDAS 2 Article 3 (45)
Qualified Electronic Attestation of Attributes
Description: 'qualified electronic attestation of attributes' means an electronic attestation of attributes, which is issued by a qualified trust service provider and meets the requirements laid down in Annex V. Reference: eIDAS 2 Article 3 (45)
Qualified Electronic Signature
Description: 'qualified electronic signature' means an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures. Reference: eIDAS 2
Qualified Trust Service Provider
Description: A Trust Service Provider who provides one or more Qualified Trust Services and is granted the qualified status by the supervisory body. Reference: ARF 1.3.0
Relying Party
Description: 'relying party' means a natural or legal person that relies upon an electronic identification, European Digital Identity Wallets or other electronic identification means, or a trust service. Reference: eIDAS 2 Article 3 (6)
Selective Disclosure for JWT
Description: A composite structure, consisting of an Issuer-signed JWT (JWS, RFC7515), Disclosures and optionally a Key Binding JWT that supports selective disclosure. Reference: IETF Draft for Selective Disclosure JWT
SD-JWT-based Verifiable Credentials
Description: Verifiable Credentials with JSON payloads with and without selective disclosure based on the SD-JWT format. Reference: IETF Draft for Selective Disclosure JWT
Self-Sovereign Identity (SSI)
Description: A model for managing digital identities where individual identity holders can fully create and control their verifiable credentials without being forced to request permission from an intermediary or centralized authority and give control over how their personal data is shared and used. Reference: W3C DID Core
Trusted List
Description: Repository of information about authoritative entities in a particular legal or contractual context which provides information about their current and historical status. Reference: ARF 1.3.0
TSP (Trust Service Provider)
Description: A natural or a legal person who provides one or more Trust Services, either as a qualified or as a non-qualified Trust Service Provider. Reference: ARF 1.3.0
User (Holder)
Description: A natural or legal person using a EUDI Wallet. Also referred to as Holder. Reference: ARF 1.3.0
Verifiable Credential
Description: A credential created by an Issuer in a way that the integrity and authenticity of the credential can be cryptographically verified. Reference: OpenID4VCI
WSCD (Wallet Secure Cryptographic Device)
Description: Hardware-backed secure environment for creating, storing, and/or managing cryptographic keys and data. Examples include Secure Elements (SE), Trusted Execution Environments (TEEs), and (remote or local) Hardware Security Modules (HSM). Reference: ARF 1.3.0
Secure Element
Description: Secure Elements are physical components in electronic devices that securely store and protect sensitive data and applications and may provide certain secure cryptographic operations. Reference: Secure Elements for mobile platforms
Zero Knowledge Proofs (ZKP)
Description: In cryptography, a zero-knowledge proof is a method by which an entity can prove that they know a certain value without disclosing the value itself. Reference: AnonCreds Specification