2. Normative References¶
Below the normative references and respective acronyms included in these Technical Specifications:
[CAD]
Legislative Decree No. 82 of March 7, 2005, as amended, containing the 'Digital Administration Code'.
[REF_ACCESSIBILITY]
Accessibility Guidelines for IT Tools as per Article 11 of Law 4/2004. Directive (EU) 2019/882 of the European Parliament and of the Council of 17 April 2019 on the accessibility requirements for products and services.
[GL_DESIGN]
Design Guidelines for websites and digital services provided by public administrations, pursuant to Article 53, paragraph 1-ter of Legislative Decree No. 82 of March 7, 2005, as amended.
3. Defined Terms and Acronyms¶
The terms User, Trust Service, Trust Model, Trusted List, Trust Framework, Attribute, Electronic Attestations of Attributes Provider or Trust Service Provider (TSP), Person Identification Data (PID), Revocation List, Qualified Electronic Attestations of Attributes Provider or Qualified Trust Service Provider (QTSP), Electronic Attestation of Attributes (EAA), are defined in the EIDAS-ARF.
Below is the description of acronyms and definitions which are useful for further insights into topics that complement the IT-Wallet System and the interacting components.
4. Defined Terms and Acronyms¶
This section aligns the IT-Wallet System's terminology with the definitions provided in ARF 1.10 (see ARF Annex 1). For each term, the IT-Wallet definition is compared and mapped to the ARF definition, with notes on any differences or clarifications.
- Access Certificate¶
Certificate authenticating and validating the (Wallet-) Relying Party. Aligned with ARF 1.10.
- Accreditation Process¶
Process performed by the National Accreditation Body to accredit CABs, resulting in an accreditation certificate. Identical to ARF 1.10.
- Attributes¶
- User Attribute¶
- User Claim¶
A set of characteristics, qualities, rights, or permissions of a person or object, or a single piece of such information. Aligned with ARF 1.10.
- Authentic Source¶
Public or private entity responsible for a repository/system considered a primary source for Attributes or PID. Aligned with ARF 1.10.
- Authentication¶
Electronic process confirming the identity of a person or the origin/integrity of data. Aligned with ARF 1.10.
- Certificate Signing Request (CSR)¶
Request sent to a CA containing the public key and identifying information for a digital certificate. Aligned with ARF 1.10.
- Certification Process¶
Process by Conformity Assessment Bodies to certify the Wallet Solution, including periodic technical assessments. Aligned with ARF 1.10.
- Conformity Assessment Body (CAB)¶
Accredited body competent to assess/certify Wallet Solutions or trust service providers. Aligned with ARF 1.10.
- Credential Issuer¶
- Issuer¶
- Attestation Provider¶
Organizational Entity providing Digital Credentials to Users (may be PID Provider or (Q)EAA Provider). ARF 1.10 uses similar terms; IT-Wallet merges PID and (Q)EAA Providers under this term.
- Credential Status Assertion¶
- Status Assertion¶
Signed document proving a Digital Credential's current validity status. Aligned with ARF 1.10.
- Critical Assets¶
Assets (e.g., cryptographic keys) whose loss would seriously impact the Wallet Unit. Aligned with ARF 1.10.
- Cryptographic Hardware Key Tag¶
Unique identifier for Cryptographic Hardware Keys, used to access the private key in hardware. Aligned with ARF 1.10.
- Cryptographic Hardware Keys¶
Key pair generated by the Wallet Instance, valid for its lifetime. Aligned with ARF 1.10.
- Device Integrity Service¶
Service by device manufacturers to verify app integrity and secure key storage. Aligned with ARF 1.10.
- Digital Credential¶
- Credential¶
Signed set of Attributes in a specific format (e.g., mDoc-CBOR, SD-JWT VC), may be PID or (Q)EAA. ARF 1.10 restricts to mDoc-CBOR and SD-JWT VC; IT-Wallet notes the definition should be format-neutral.
- Digital Credential Catalogue¶
Electronic catalog containing information about the formats and schemes of Digital Credentials, the data contained and the Authentic Sources. The Catalog contains additional information that allows for the establishment of the authenticity and reliability of the information contained therein.
- Electronic Attestation of Attributes (EAA)¶
Digitally verifiable attestation in electronic form, substantiating possession of attributes. Aligned with ARF 1.10.
- Electronic Attestation of Attributes Provider¶
Entity providing EAAs. Aligned with ARF 1.10.
- Electronic Attestation of Public Interest¶
- Credential of Public Interest¶
Electronic Attestation of Attributes that contains Attributes intended to certify the release, by the State or other public administrations, of authorizations, certifications, qualifications, identity and recognition documents, receipts of revenue, or to assume a fiduciary value and protection of public faith afterwards their issuance or the entries made on them and, in general, when they are considered security documents pursuant to Article 2, paragraph 10-bis, Law 13 July 1966, no. 559.
- Federation Authority¶
Public governance entity issuing guidelines, rules, and managing trust lists and participant status. Aligned with ARF 1.10.
- Holder¶
Person or entity that receives, manages, and presents Digital Credentials via the Wallet Instance. Aligned with ARF 1.10.
- Holder Key Binding¶
- Cryptographic Binding¶
Ability of the Holder to prove possession of the private key attested by a Trusted Third Party. Aligned with ARF 1.10.
- Identity and Access Management (IAM)¶
Framework for managing digital identities and access to information. Aligned with ARF 1.10.
- Intermediate Entity¶
- Intermediate¶
Intermediate Entity as defined in OID-FED Section 1.2, for example in IT-Wallet it could be a Relying Party intermediary that offers and manages, on behalf of Relying Party, the Technical Solutions for the remote or proximity verification of Electronic Attestations.
- IT-Wallet System¶
Set of Technical Solutions implementing the Italian Digital Wallet System. Not present in ARF 1.10; specific to IT-Wallet.
- IT-Wallet System Register¶
Register of entities participating in the IT-Wallet System. Not present in ARF 1.10; specific to IT-Wallet.
- Key Attestation¶
Attestation from device OEM about secure key storage in hardware-backed keystore. Aligned with ARF 1.10.
- Level of Assurance¶
Degree of confidence in identity vetting and credential presentation.
Aligned with ARF 1.10.
- Metadata¶
Digital artifact with information about an Organizational Entity (endpoints, public keys, etc.). Aligned with ARF 1.10.
- National Accreditation Bodies (NAB)¶
Body performing accreditation under authority from a Member State. Aligned with ARF 1.10.
- National Identity Provider¶
Preexisting identity systems (e.g., SPID, CIE) notified to eIDAS. Aligned with ARF 1.10.
- Notification Process¶
Process for transferring information to the EC and inclusion in the Trusted List. Aligned with ARF 1.10.
- Organizational Entity¶
Legal person (organization or public entity) recognized to operate a role in the IT-Wallet ecosystem. Aligned with ARF 1.10.
- Person Identification Data (PID)¶
Electronic Attestation that allows the subject to whom the Personal Identification Data refers to be authenticated. Aligned with ARF 1.10.
- Personal Identification Data¶
A set of data which allow to establish the identity of a natural or legal person, or of a natural person representing another natural or legal person, to be established. Aligned with ARF 1.10.
- PID Provider¶
Credential Issuer responsible for issuing/revoking PID, ensuring cryptographic binding to Wallet Unit. Aligned with ARF 1.10.
- Policy Language¶
Formal language for defining security, privacy, and identity management policies. Aligned with ARF 1.10.
- Primary Actors¶
Entities implementing Technical Solutions for the IT-Wallet System. Not present in ARF 1.10; specific to IT-Wallet.
- Pseudonym¶
Alternative identifier for privacy/anonymity, allowing authentication/authorization. Aligned with ARF 1.10.
- Public Electronic Attestation of Attributes (Pub-EAA)¶
Electronic Attestation of Attributes that contains Attributes deriving from a public Authentic Source. Aligned with ARF 1.10.
- Qualified Electronic Attestation of Attributes (QEAA)¶
Digitally verifiable attestation issued by a QTSP, substantiating possession of attributes. Aligned with ARF 1.10.
- Qualified Electronic Attestation of Attributes Provider¶
Entity providing QEAAs. Aligned with ARF 1.10.
- Qualified Electronic Signature Provider¶
Trust Service Provider issuing Qualified Electronic Signature certificates. Aligned with ARF 1.10.
- Registration Authority¶
- Registrar¶
Party responsible for registering Organizational Entities by issuing Trust Assertions. Aligned with ARF 1.10.
- Registration Certificate¶
Data object indicating the attributes the Relying Party has registered to request from Users. Aligned with ARF 1.10.
- Registration Process¶
Process for verifying eligibility and compliance of Organizational Entities. Aligned with ARF 1.10.
- Relying Party¶
Entity relying on electronic identification or Trust Service from a Wallet Instance. Aligned with ARF 1.10.
- Relying Party Backend¶
Remote infrastructure with server-side components managed by a Relying Party Solution provider. Aligned with ARF 1.10.
- Relying Party Instance¶
- Verifier App¶
Specific deployment of a Relying Party application or device. Aligned with ARF 1.10.
- Relying Party Solution¶
Product (software/hardware/cloud) enabling Credential presentations in various contexts. Aligned with ARF 1.10.
- Selective Disclosure¶
Functionality enabling the User to submit a subset of Digital Credentials Data. Aligned with ARF 1.10.
- Self-Sovereign Identity (SSI)¶
Approach giving individuals control over their digital identity information. Aligned with ARF 1.10.
- Supervision Process¶
Process by a Supervisory Body to review and ensure proper functioning of the Wallet Provider and others. Aligned with ARF 1.10.
- Technical Solutions¶
Hardware/software systems and services implemented by Wallet Solution Providers, PID Provider, etc. Aligned with ARF 1.10.
- Technical Specifications¶
Specifications providing technical architecture, implementation framework, and design requirements. Aligned with ARF 1.10.
- Trust¶
Confidence in the security, reliability, and integrity of entities and their actions. Aligned with ARF 1.10.
- Trust Attestation¶
Electronic attestation of compliance with the regulatory framework, cryptographically verifiable. Aligned with ARF 1.10.
- Trust Evaluation¶
Process of verifying trustworthiness of registered Organizational Entities. Aligned with ARF 1.10.
- Trust Framework¶
Legally enforceable set of rules and agreements for a multi-party system. Aligned with ARF 1.10.
- Trust Layer¶
Architectural component enabling participants to establish trust. Aligned with ARF 1.10.
- Trust Model¶
Collection of rules ensuring legitimacy of components/entities in the IT-Wallet ecosystem. Aligned with ARF 1.10.
- Trust Relationship¶
Reliable relationship between Organizational Entities after Trust Evaluation. Aligned with ARF 1.10.
- Trusted List¶
Repository of information about authoritative entities and their status. Aligned with ARF 1.10.
- User¶
Natural or legal person using trust services or electronic identification means. Aligned with ARF 1.10.
- Verifier¶
Also known as Credential Verifier; a person or entity using a Relying Party Instance. Aligned with ARF 1.10.
- Wallet Instance¶
Application installed on a User's device, part of the Wallet Unit, providing user interfaces. Aligned with ARF 1.10.
- Wallet Provider¶
Organizational Entity responsible for management and provisioning of a Wallet Solution. Aligned with ARF 1.10.
- Wallet Provider Backend¶
Technical infrastructure and server-side components managed by a Wallet Provider. Aligned with ARF 1.10.
- Wallet Secure Cryptographic Application (WSCA)¶
Application managing Critical Assets using cryptographic functions provided by the WSCD. Aligned with ARF 1.10.
- Wallet Secure Cryptographic Device (WSCD)¶
Tamper-resistant device providing an environment for the WSCA to protect Critical Assets. Aligned with ARF 1.10.
- Wallet Solution¶
Set of Technical Solutions for the proper functioning of IT-Wallet Instances. Aligned with ARF 1.10.
- Wallet Unit¶
Unique configuration of a Wallet Solution for an individual User, including security features. Aligned with ARF 1.10.
- Wallet Unit Attestation¶
- Wallet Attestation¶
- Wallet Instance Attestation¶
Data object issued by a Wallet Provider describing the components of the Wallet Unit. Aligned with ARF 1.10.
Note
For any term not present in ARF 1.10, the IT-Wallet definition is provided as authoritative for the Italian context.
Below are the main defined terms and definitions related to User Experience aspects:
- Authentication Button¶
The Engagement Button that enables the User to access the Authentication process and use the services provided by Verifiers.
- Brand Identity¶
Collection of visual, verbal, and strategic elements that a service, a product or an entity uses to present itself to the User and to distinguish itself from others.
- Call To Action¶
A clear and direct suggestion that encourages users to take a specific action. It can be a button, a link, or another element guiding the user toward a particular goal.
- Catalog¶
Section of the Wallet Instance that displays the list of all the available Digital Credentials that can be obtained through the IT-Wallet Instance, and from which it is possible to start the issuing process.
- Detailed View¶
Extended display mode of the Digital Credentials, showing all the Attributes included.
- Discovery Page¶
It's the page of the Touchpoint of the Relying Party where the User lands to access their authenticated area, and it has the goal to show the User all the Authentication methods available.
- Engagement Button¶
Interactive element of the Interface that allows the User to trigger a process (e.g. to Authenticate, to request the issuance of a Digital Credential, etc.).
- Interaction Model¶
A set of characteristics that define how the User interacts with the Interface of one or multiple Touchpoints in order to complete a task or operation and achieve a specific goal.
- Interface¶
The set of graphic, typographical and interactive elements through which the User interacts with the Touchpoint(s) responsible for the delivery of a product or service, in compliance with [GL_DESIGN].
- Preview View¶
Compact visualization mode of the Digital Credential that allows it to be recognized and distinguished in a list of Electronic Attestations thanks to the presence of minimum data or elements.
- Service Model¶
Set of interactions between actors and touchpoints necessary for service delivery and fruition.
- Touchpoint¶
Point of contact (digital and not) between the User and the product or service.
- Trust Mark¶
A graphic element that gives evidence of the participation of the Primary Actors in the IT-Wallet System and thus guarantees adherence to its standards.
- User Experience¶
The set of people's perceptions and reactions resulting from the use and/or expectation of use of a product, system or service. Aligned with ISO 9241-210:2010.
- Visual Identity¶
Coherent set of graphic and typographic elements that visually represent a product or service and make it distinguishable and recognizable.
4.1. Acronyms¶
Below are the main acronyms used in the document:
Acronym |
Description |
---|---|
AAL |
Authenticator Assurance Level as defined in https://csrc.nist.gov/glossary/term/authenticator_assurance_level |
ANPR |
Italian National Registry of the Resident Population |
API |
Application Programming Interface |
CIE |
National Electronic Identity Card |
IAM |
Identity and Access Management |
LoA |
Level of Assurance |
OID4VP |
OpenID for Verifiable Presentation |
PID |
Person Identification Data |
PII |
Personally Identifiable Information |
SPID |
Italian Public Digital Identity System |
SSI |
Self Sovereign Identity |
VC |
Verifiable Credential |
VP |
Verifiable Presentation |
WSCA |
Wallet Secure Cryptographic Application |
WSCD |
Wallet Secure Cryptographic Device |
5. Normative Language and Conventions¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.