12.1. Normative References

Below the normative references and respective acronyms included in these Technical Specifications:

[CAD]

Legislative Decree No. 82 of March 7, 2005, as amended, containing the 'Digital Administration Code'.

[REF_ACCESSIBILITY]

Accessibility Guidelines for IT Tools as per Article 11 of Law 4/2004. Directive (EU) 2019/882 of the European Parliament and of the Council of 17 April 2019 on the accessibility requirements for products and services.

[GL_DESIGN]

Design Guidelines for websites and digital services provided by public administrations, pursuant to Article 53, paragraph 1-ter of Legislative Decree No. 82 of March 7, 2005, as amended.

12.2. Defined Terms and Acronyms

This section aligns the IT-Wallet System's terminology with the definitions provided in ARF 1.10 (see ARF Annex 1). For each term, the IT-Wallet definition is compared and mapped to the ARF definition, with notes on any differences or clarifications.

The terms User, Trust Service, Trust Model, Trusted List, Trust Framework, Attribute, Electronic Attestations of Attributes Provider or Trust Service Provider (TSP), Person Identification Data (PID), Revocation List, Qualified Electronic Attestations of Attributes Provider or Qualified Trust Service Provider (QTSP), Electronic Attestation of Attributes (EAA), are defined in the EIDAS-ARF.

Below is the description of acronyms and definitions which are useful for further insights into topics that complement the IT-Wallet System and the interacting components.

Access Certificate

Certificate authenticating and validating the (Wallet-) Relying Party. Aligned with ARF 1.10.

Accreditation Process

Process performed by the National Accreditation Body to accredit CABs, resulting in an accreditation certificate. Not present in ARF 1.10; specific to IT-Wallet.

Attributes
User Attribute
User Claim

A set of characteristics, qualities, rights, or permissions of a person or object, or a single piece of such information. Aligned with ARF 1.10.

Authentic Source

Public or private entity responsible for a repository/system considered a primary source for Attributes or PID. Aligned with ARF 1.10.

Authentication

Electronic process confirming the identity of a person or the origin/integrity of data. Aligned with ARF 1.10.

Certificate Signing Request (CSR)

Request sent to a CA containing the public key and identifying information for a digital certificate. Not present in ARF 1.10.

Certification Process

Process by Conformity Assessment Bodies to certify the Wallet Solution, including periodic technical assessments. Not present in ARF 1.10; specific to IT-Wallet.

Conformity Assessment Body (CAB)

Accredited body competent to assess/certify Wallet Solutions or trust service providers. Aligned with ARF 1.10.

Credential Issuer
Issuer

Organizational Entity providing Digital Credentials to Users (may be PID Provider or (Q)EAA Provider). ARF 1.10 uses similar terms; IT-Wallet merges PID and (Q)EAA Providers under this term.

Credential Status Assertion
Status Assertion

Signed document proving a Digital Credential's current validity status. Not present in ARF 1.10; specific to IT-Wallet.

Critical Assets

Assets (e.g., cryptographic keys) whose loss would seriously impact the Wallet Unit. Aligned with ARF 1.10.

Cryptographic Hardware Key Tag

Unique identifier for Cryptographic Hardware Keys, used to access the private key in hardware. Not present in ARF 1.10.

Cryptographic Hardware Keys

Key pair generated by the Wallet Instance, valid for its lifetime. Not present in ARF 1.10.

Device Integrity Service

Service by device manufacturers to verify app integrity and secure key storage. Not present in ARF 1.10.

Digital Credential
Credential

Signed set of Attributes in a specific format (e.g., mDoc-CBOR, SD-JWT VC), may be PID or (Q)EAA. ARF 1.10 restricts to mDoc-CBOR and SD-JWT VC; IT-Wallet notes the definition should be format-neutral.

Digital Credential Catalogue

Electronic catalog containing information about the formats and schemes of Digital Credentials, the data contained and the Authentic Sources. The Catalog contains additional information that allows for the establishment of the authenticity and reliability of the information contained therein. Not present in ARF 1.10; specific to IT-Wallet.

Electronic Attestation of Attributes (EAA)

Digitally verifiable attestation in electronic form, substantiating possession of attributes. Aligned with ARF 1.10.

Electronic Attestation of Attributes issued by or on behalf of a public sector body (Pub-EAA)
Public Electronic Attestation of Attributes

Electronic Attestation of Attributes that contains Attributes deriving from a public Authentic Source. Aligned with ARF 1.10.

Electronic Attestation of Attributes Provider
Electionic Attestation Provider

Organizational Entity providing EAAs. Aligned with ARF 1.10.

Electronic Attestation of Public Interest
Credential of Public Interest

Electronic Attestation of Attributes that contains Attributes intended to certify the release, by the State or other public administrations, of authorizations, certifications, qualifications, identity and recognition documents, receipts of revenue, or to assume a fiduciary value and protection of public faith afterwards their issuance or the entries made on them and, in general, when they are considered security documents pursuant to Article 2, paragraph 10-bis, Law 13 July 1966, no. 559. Not present in ARF 1.10; specific to IT-Wallet.

Federation Authority

Public governance entity issuing guidelines, rules, and managing trust lists and participant status. Not present in ARF 1.10.

Holder

Person or entity that receives, manages, and presents Digital Credentials via the Wallet Instance. Not present in ARF 1.10; specific to IT-Wallet.

Holder Key Binding

Ability of the Holder to prove possession of the private key attested by a Trusted Third Party. Not present in ARF 1.10.

Identity and Access Management (IAM)

Framework for managing digital identities and access to information. Not present in ARF 1.10.

Intermediate Entity
Intermediary

Intermediate Entity as defined in OID-FED Section 1.2, for example in IT-Wallet it could be a Relying Party intermediary that offers and manages, on behalf of Relying Party, the Technical Solutions for the remote or proximity verification of Electronic Attestations. Aligned with ARF 1.10.

IT-Wallet System

Set of Technical Solutions implementing the Italian Digital Wallet System. Not present in ARF 1.10; specific to IT-Wallet.

IT-Wallet System Register

Register of entities participating in the IT-Wallet System. Not present in ARF 1.10; specific to IT-Wallet.

Key Attestation

Attestation from device OEM about secure key storage in hardware-backed keystore. Not present in ARF 1.10.

Level of Assurance

Degree of confidence in identity vetting and credential presentation. Not present in ARF 1.10.

Metadata

Digital artifact with information about an Organizational Entity (endpoints, public keys, etc.). Not present in ARF 1.10.

National Accreditation Bodies (NAB)

Body performing accreditation under authority from a Member State. Aligned with ARF 1.10.

National Identity Provider

Preexisting identity systems (e.g. CIE) notified to eIDAS. Not present in ARF 1.10.

Notification Process

Process for transferring information to the EC and inclusion in the Trusted List. Aligned with ARF 1.10.

Organizational Entity

Legal person (organization or public entity) recognized to operate a role in the IT-Wallet ecosystem. Not present in ARF 1.10; specific to IT-Wallet.

Person Identification Data (PID)

Electronic Attestation that allows the subject to whom the Personal Identification Data refers to be authenticated. Aligned with ARF 1.10.

Personal Identification Data

A set of data which allow to establish the identity of a natural or legal person, or of a natural person representing another natural or legal person, to be established. Aligned with ARF 1.10.

PID Provider

Credential Issuer responsible for issuing/revoking PID, ensuring cryptographic binding to Wallet Unit. Aligned with ARF 1.10.

Policy Language

Formal language for defining security, privacy, and identity management policies. Not present in ARF 1.10; specific to IT-Wallet.

Primary Actors

Entities implementing Technical Solutions for the IT-Wallet System. Not present in ARF 1.10; specific to IT-Wallet.

Pseudonym

Alternative identifier for privacy/anonymity, allowing authentication/authorization. Aligned with ARF 1.10.

Qualified Electronic Attestation of Attributes (QEAA)

Digitally verifiable attestation issued by a QTSP, substantiating possession of attributes. Aligned with ARF 1.10.

Qualified Electronic Attestation of Attributes Provider

Organizational Entity providing QEAAs. Aligned with ARF 1.10.

Qualified Electronic Signature Provider

Trust Service Provider issuing Qualified Electronic Signature certificates. Aligned with ARF 1.10.

Registration Authority
Registrar

Party responsible for registering Organizational Entities by issuing Trust Assertions. Aligned with ARF 1.10.

Registration Certificate

Data object indicating the attributes the Relying Party has registered to request from Users. Aligned with ARF 1.10.

Registration Process

Process for verifying eligibility and compliance of Organizational Entities. Aligned with ARF 1.10.

Relying Party

Entity relying on electronic identification or Trust Service from a Wallet Instance. Aligned with ARF 1.10.

Relying Party Backend

Remote infrastructure with server-side components managed by a Relying Party Solution provider. Not present in ARF 1.10; specific to IT-Wallet.

Relying Party Instance
Verifier App

Specific deployment of a Relying Party application or device. Aligned with ARF 1.10.

Relying Party Solution

Product (software/hardware/cloud) enabling Credential presentations in various contexts. Not present in ARF 1.10; specific to IT-Wallet.

Selective Disclosure

Functionality enabling the User to submit a subset of Digital Credentials Data. Aligned with ARF 1.10.

Self-Sovereign Identity (SSI)

Approach giving individuals control over their digital identity information. Not present in ARF 1.10.

Supervision Process

Process by a Supervisory Body to review and ensure proper functioning of the Wallet Provider and others. Not present in ARF 1.10; specific to IT-Wallet.

Technical Solutions

Hardware/software systems and services implemented by Wallet Solution Providers, PID Provider, etc. Not present in ARF 1.10; specific to IT-Wallet.

Technical Specifications

Specifications providing technical architecture, implementation framework, and design requirements. Aligned with ARF 1.10.

Trust

Confidence in the security, reliability, and integrity of entities and their actions. Not present in ARF 1.10.

Trust Attestation

Electronic attestation of compliance with the regulatory framework, cryptographically verifiable. Not present in ARF 1.10.

Trust Evaluation

Process of verifying trustworthiness of registered Organizational Entities. Not present in ARF 1.10.

Trust Framework

Legally enforceable set of rules and agreements for a multi-party system. Not present in ARF 1.10.

Trust Layer

Architectural component enabling participants to establish trust. Not present in ARF 1.10.

Trust Model

Collection of rules ensuring legitimacy of components/entities in the IT-Wallet ecosystem. Not present in ARF 1.10.

Trust Relationship

Reliable relationship between Organizational Entities after Trust Evaluation. Not present in ARF 1.10.

Trusted List

Repository of information about authoritative entities and their status. Aligned with ARF 1.10.

User

Natural or legal person using trust services or electronic identification means. Aligned with ARF 1.10.

Verifier
Credential Verifier

A person or entity using a Relying Party Instance. Not present in ARF 1.10; specific to IT-Wallet.

Wallet Instance

Application installed on a User's device, part of the Wallet Unit, providing user interfaces. Aligned with ARF 1.10.

Wallet Provider

Organizational Entity responsible for management and provisioning of a Wallet Solution. Aligned with ARF 1.10.

Wallet Provider Backend

Technical infrastructure and server-side components managed by a Wallet Provider. Aligned with ARF 1.10.

Wallet Secure Cryptographic Application (WSCA)

Application managing Critical Assets using cryptographic functions provided by the WSCD. Aligned with ARF 1.10.

Wallet Secure Cryptographic Device (WSCD)

Tamper-resistant device providing an environment for the WSCA to protect Critical Assets. Aligned with ARF 1.10.

Wallet Solution

Set of Technical Solutions for the proper functioning of IT-Wallet Instances. Aligned with ARF 1.10.

Wallet Unit

Unique configuration of a Wallet Solution for an individual User, including security features. Aligned with ARF 1.10.

Wallet Unit Attestation
Wallet Attestation
Wallet Instance Attestation

Data object issued by a Wallet Provider describing the components of the Wallet Unit. Aligned with ARF 1.10.

Note

For any term not present in ARF 1.10, the IT-Wallet definition is provided as authoritative for the Italian context.

Below are the main defined terms and definitions related to User Experience aspects:

Authentication Button

The Engagement Button that enables the User to access the Authentication process and use the services provided by Verifiers.

Brand Identity

Collection of visual, verbal, and strategic elements that a service, a product or an entity uses to present itself to the User and to distinguish itself from others.

Call To Action

A clear and direct suggestion that encourages users to take a specific action. It can be a button, a link, or another element guiding the user toward a particular goal.

Catalog

Section of the Wallet Instance that displays the list of all the available Digital Credentials that can be obtained through the IT-Wallet Instance, and from which it is possible to start the issuing process.

Detailed View

Extended display mode of the Digital Credentials, showing all the Attributes included.

Discovery Page

It's the page of the Touchpoint of the Relying Party where the User lands to access their authenticated area, and it has the goal to show the User all the Authentication methods available.

Engagement Button

Interactive element of the Interface that allows the User to trigger a process (e.g. to Authenticate, to request the issuance of a Digital Credential, etc.).

Interaction Model

A set of characteristics that define how the User interacts with the Interface of one or multiple Touchpoints in order to complete a task or operation and achieve a specific goal.

Interface

The set of graphic, typographical and interactive elements through which the User interacts with the Touchpoint(s) responsible for the delivery of a product or service, in compliance with [GL_DESIGN].

Preview View

Compact visualization mode of the Digital Credential that allows it to be recognized and distinguished in a list of Electronic Attestations thanks to the presence of minimum data or elements.

Service Model

Set of interactions between actors and touchpoints necessary for service delivery and fruition.

Touchpoint

Point of contact (digital and not) between the User and the product or service.

Trust Mark

A graphic element that gives evidence of the participation of the Primary Actors in the IT-Wallet System and thus guarantees adherence to its standards.

User Experience

The set of people's perceptions and reactions resulting from the use and/or expectation of use of a product, system or service. Aligned with ISO 9241-210:2010.

Visual Identity

Coherent set of graphic and typographic elements that visually represent a product or service and make it distinguishable and recognizable.

12.2.1. Acronyms

Below are the main acronyms used in the document:

Acronym

Description

AAL

Authenticator Assurance Level as defined in https://csrc.nist.gov/glossary/term/authenticator_assurance_level

ANPR

Anagrafe Nazionale della Popolazione Residente (Italian National Registry of the Resident Population)

API

Application Programming Interface

CAB

Conformity Assessment Body

CIE

Carta di Identità Elettronica (National Electronic Identity Card)

EAA

Electronic Attestation of Attributes

IAM

Identity and Access Management

LoA

Level of Assurance

NAB

National Accreditation Body

OID4VP

OpenID for Verifiable Presentation

PDND

Piattaforma Digitale Nazionale Dati (National Digital Data Platform)

PID

Person Identification Data

PII

Personally Identifiable Information

QEAA

Qualified Electronic Attestation of Attributes

Pub-EAA

Electronic Attestation of Attributes issued by or on behalf of a public sector body

SSI

Self Sovereign Identity

VC

Verifiable Credential

VP

Verifiable Presentation

WSCA

Wallet Secure Cryptographic Application

WSCD

Wallet Secure Cryptographic Device