ANNEX 1 - Definitions
A.1 Introduction
Table 1 -- eIDAS regulation definitions
In this [ARF] definitions are used. Several definitions are already defined in the legal text, these definitions are cited from the eIDAS Regulation or from the eIDAS Regulation amendment proposal. For convenience they are listed in table 1.
Table 2 -- Additional definitions used in this ARF
In writing this [ARF], additional technical terms and definitions are used. These are listed in table 2. Note the technical terms and definitions in table 2 are intended to be defined in such a way that they are aligned with the definitions used in the eIDAS Regulation and eIDAS amendment and should be interpreted as such.
In some cases, the definition or terms has its origin in the context of specific topics (see Appendix 2, High level Requirements, listed per topic). To give the relevant context, the topic number appears in brackets following the definition, e.g., [Topic 11]. If the definition is related to two topics, both topic numbers will appear in the brackets, e.g., [Topic 33, Topic 34]. If the definition is generic to the [ARF] as a whole or to more than 2 topics, no brackets will be added. If the definition relies on an external source, such as a standard or a formal publication, that source will be mentioned.
A.1.1 Table 1 - eIDAS regulation definitions
| Term | Definition [eIDAS Regulation] |
|---|---|
| Advanced electronic signature | An electronic signature which meets the requirements set out in Article 26. |
| Attestation | An attestation in electronic form that allows attributes to be authenticated. |
| Attribute | A characteristic, quality, right or permission of a natural or legal person or of an object. |
| Authentic Source | A repository or system, held under the responsibility of a public sector body or private entity, that contains and provides attributes about a natural or legal person and that is considered to be a primary source of that information or recognised as authentic in accordance with Union law or national law, including administrative practice. |
| Authentication | An electronic process that enables: the confirmation of the electronic identification of a natural or legal person or; the confirmation of the origin and integrity of data in electronic form. |
| Certificate for electronic signature | An electronic attestation which links electronic signature validation data to a natural person and confirms at least the name or the pseudonym of that person. |
| Conformity Assessment Body (CAB) | A conformity assessment body as defined in Article 2, point 13, of Regulation (EC) No 765/2008, which is accredited in accordance with that Regulation as competent to carry out conformity assessment of a qualified trust service provider and the qualified trust services it provides, or as competent to carry out certification of European Digital Identity Wallets or electronic identification means. |
| Electronic Attestation of Attributes (EAAs) | An attestation in electronic form that allows attributes to be authenticated. |
| Electronic attestation of attributes issued by or on behalf of a public sector body | 'Electronic attestation of attributes issued by or on behalf of a public sector body responsible for an authentic source' means an electronic attestation of attributes issued by a public sector body that is responsible for an authentic source or by a public sector body that is designated by the Member State to issue such attestations of attributes on behalf of the public sector bodies responsible for authentic sources in accordance with Article 45f and with Annex VII [Article 3(46)]. |
| Electronic identification means | A material and/or immaterial unit containing person identification data and which is used for authentication for an online service or, where appropriate, for an offline service. |
| Electronic identification scheme | A system for electronic identification under which electronic identification means are issued to natural or legal persons or natural persons representing other natural persons or legal persons. |
| Electronic signature | Data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign. |
| Electronic signature creation data | Unique data which is used by the signatory to create an electronic signature. |
| EUDI Wallet User | A natural or legal person, or a natural person representing another natural person or a legal person, that uses trust services or electronic identification means provided in accordance with this Regulation. |
| Identity matching | Is defined in Article 3 (54) 'identity matching': A process where person identification data, or person identification means are matched with or linked to an existing account belonging to the same person. |
| Person Identification Data (PID) | A set of data that is issued in accordance with Union or national law and that enables the identity of a natural or legal person, or of a natural person representing another natural person or a legal person, to be established [Article 3, (3a)]. |
| Qualified certificate for electronic signature | A certificate for electronic signatures, that is issued by a qualified trust service provider and meets the requirements laid down in Annex I. |
| Qualified Electronic Attestation of Attributes (QEAA) | An electronic attestation of attributes which is issued by a qualified trust service provider and meets the requirements laid down in Annex V. |
| Qualified electronic signature | An advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures. |
| Qualified Electronic Signature Creation Device (QSCD) | Configured software or hardware used to create an electronic signature that meets the requirements laid down in Annex II of the eIDAS Regulation amendment proposal. |
| Qualified Trust Service Provider (QTSP) | Qualified Trust Service Provider means a trust service provider who provides one or more qualified trust services and is granted the qualified status by the supervisory body. |
A.1.2 Table 2 -- Additional definitions used in this ARF
Table 2 - Technical definitions originating in the ARF - not cited from the eIDAS Regulation or the amendment proposal:
| Term | Definition |
|---|---|
| Alias | An alternative name assigned to a pseudonym by a User. [Topic 11] |
| Application | An Application from a Relying Party to be included in a Relying Party Registry. [Topic 27] |
| Attestation Provider | QEAA Provider, PuB-EAA Provider or EAA Provider. Note: This term is used in the ARF merely for practical reasons, as a collective term. |
| Attestation Revocation List | A mechanism provided by an Attestation Provider (or a trusted party acting on its behalf) for communicating the revocation or suspension status of attestations, by publishing a list of identifiers of revoked or suspended attestations; and used by a Relying Party to verify the status. [Topic 7] |
| Attestation Rulebook | A document describing the attestation type, namespace(s), and other features for a specific attestation type in compliance with the minimum requirements for attestation rulebooks. [Topic 12] |
| Attestation Status List | A mechanism provided by an Attestation Provider (or a trusted party acting on its behalf) for communicating the status of attestations, by publishing status information for all valid attestations at the time of publication. [Topic 7] |
| Attestation type | An identifier for a type of attestation, unique within the context of the EUDI Wallet ecosystem. Note: Examples of attestation types are a mobile driving license (mDL), a diploma, or a concert ticket. [Topic 12] |
| Backup and Restore Object | A data structure that includes attributes such as Serial number, Attestation type, Attestation Provider, and Issuance time. [Topics 33, 34] |
| Certificate Authority (CA) | An entity which is trusted by one or more parties in the EUDI Wallet ecosystem to create and seal certificates. |
| Certificate Policy (CP) | Named set of rules that indicates the applicability of a certificate to a particular community and/or class of application with common security requirements. |
| Controlled vocabulary | A consistent way to describe data as a standardized and organized arrangement of words and phrases presented as alphabetical lists of terms or as thesauri and taxonomies with a hierarchical structure of broader and narrower terms. Adapted from https://op.europa.eu/en/web/eu-vocabularies/controlled-vocabularies |
| DPA | Data Protection Authority. [Topic 43] |
| EUDI Wallet Instance | The software installed on a User's device which is part of an EUDI Wallet Solution and belongs to and is controlled by a User. |
| EUDI Wallet Provider | A public or private organisation, responsible for provisioning and operating an EUDI Wallet Solution. |
| EUDI Wallet Solution | The product(s) and service(s) provided by an EUDI Wallet Provider to Users. |
| mDL | Mobile Driving License. [Topics 2, 4] |
| Migration | The activity of moving data from one EUDI Wallet Instance to another EUDI Wallet Instance, where the Wallet Instances are instances of different Wallet Solutions. [Topic 34] |
| Namespace | A specification of the attribute identifier, syntax and semantics of attributes that can be used in an attestation, having an identifier that is unique within the context of the EUDI Wallet ecosystem. [Topic 12] |
| National Accreditation Bodies (NAB) | A body that performs accreditation with authority derived from a Member State under Regulation (EC) No 765/2008. |
| Notifier | The entity in a Member State that is responsible for notifying the Commission and maintaining that notification accurate over time. [Topics 31, 40] |
| Notification | The act of transferring information to the European Commission. [Topics 31, 40] |
| Proximity flow | A presentation flow when the EUDI Wallet User is physically close to a Relying Party representative and the attestation exchange and disclosure happens using proximity protocols (NFC, Bluetooth, QR-Code, etc.). |
| Person Identification Data (PID) Provider | A Member State or other legal entity providing Person Identification Data to Users. |
| Pseudonym | Data uniquely representing a user which in itself does not allow to infer any user's attribute or person identification data, without the use of additional information that is kept separately by the issuer of the data uniquely representing the user. [Topic 11] |
| PuB-EAA | Electronic attestation of attributes issued by or on behalf of a public sector body responsible for an authentic source. [Topics 12, 38, 41] |
| Public Key Infrastructure (PKI) | Systems, software, and communication protocols that are used by EUDI Wallet ecosystem components to distribute, manage, and control public keys. A PKI publishes public keys and establishes trust within an environment by validating and verifying the public keys mapping to an entity. |
| Qualified Electronic Signature Remote Creation Service Provider | A natural or a legal person that offers services related to the remote creation, validation, and management of qualified electronic signatures that meet eIDAS regulation legal requirements and standards to be considered as legally equivalent to handwritten signatures. |
| Relying Party Registry | A registry of registered Relying Parties intending to rely on EUDI Wallets to provide public or private service. [Topic 27] |
| Relying Party Registrar | A party responsible for maintaining and publishing a Relying Party Registry. [Topic 27] |
| Registration | The act of registering. [Topic 27] |
| Relying Party Instance | A software and/or hardware module with the capability to interact with a Wallet Instance and to perform Relying Party authentication, that is controlled by a Relying Party. |
| Relying party Instance Certificate | An electronic certificate issued by a Relying Party Instance Certificate Provider to a Relying Party, for the purposes of enabling the identification and authentication of that Relying Party when signing or sealing a presentation request towards an EUDI Wallet Instance. [Topic 27] |
| Requestee EUDI Wallet Instance | An EUDI Wallet Instance requested by another EUDI Wallet Instance to present an attestation of attributes. [Topic 30] |
| Requestor EUDI Wallet Instance | An EUDI Wallet Instance requesting another EUDI Wallet Instance to present an attestation of attributes. [Topic 30] |
| Restore | The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident1. [Topics 33, 34] |
| Selective Disclosure | The capability enabling the User to present a subset of the attributes included in a PID or attestation. |
| Trust Anchor | The public key of an entity that is trusted by a Wallet Instance and used for validating certificates in certification paths. |
| Trust model | Collection of rules that ensure the legitimacy of the components and the entities involved in the EUDI Wallet ecosystem. |
| Trusted List | Repository of information about authoritative entities in a particular legal or contractual context which provides information about their current and historical status. [Topic 40 -- included in Topic 31, and other Topics] |
| User | See 'EUDI Wallet User' in table 1. |
| Wallet Instance | See EUDI Wallet Instance. |
| Wallet Instance Attestation (WIA) | Attestation issued by a Wallet Provider to a Wallet Instance with the sole purpose of allowing Relying Parties and Attestation Providers to verify the authenticity and validity of the Wallet Instance. [Topic 38] |
| Wallet Secure Cryptographic Application (WSCA) | A secure application running on and utilizing a WSCD. One WSCA is associated with at most one wallet instance, and manages assets, such as keys, for this specific wallet instance. |
| Wallet Secure Cryptographic Device (WSCD) | The WSCD is a hardware anchor providing a secure environment and storage for cryptographic assets and software. This includes the keystore but also the environment where the security critical functionality is executed. The WSCD is tamper and duplication proof. [Topics 33, 34] |
| Wallet Trust Evidence (WTE) | A signed data structure provided by the Wallet Provider to a Wallet Instance during the Wallet Instance activation process, allowing the Wallet Instance to inform Attestation Providers about the properties of the Wallet Instance and (one of) its WSCD(s) and to prove various associations. |
-
https://www.privacy-regulation.eu/en/article-32-security-of-processing-GDPR.htm, Article 32, section 1 (c) ↩