2. Normative References

Below the normative references and respective acronyms included in these Technical Specifications:

[CAD]

Legislative Decree No. 82 of March 7, 2005, as amended, containing the 'Digital Administration Code'.

[REF_ACCESSIBILITY]

Accessibility Guidelines for IT Tools as per Article 11 of Law 4/2004. Directive (EU) 2019/882 of the European Parliament and of the Council of 17 April 2019 on the accessibility requirements for products and services.

[GL_DESIGN]

Design Guidelines for websites and digital services provided by public administrations, pursuant to Article 53, paragraph 1-ter of Legislative Decree No. 82 of March 7, 2005, as amended.

3. Defined Terms and Acronyms

The terms User, Trust Service, Trust Model, Trusted List, Trust Framework, Attribute, Electronic Attestations of Attributes Provider or Trust Service Provider (TSP), Person Identification Data (PID), Revocation List, Qualified Electronic Attestations of Attributes Provider or Qualified Trust Service Provider (QTSP), Electronic Attestation of Attributes (EAA), are defined in the EIDAS-ARF.

Below is the description of acronyms and definitions which are useful for further insights into topics that complement the IT-Wallet System and the interacting components.

4. Defined Terms and Acronyms

This section aligns the IT-Wallet System's terminology with the definitions provided in ARF 1.10 (see ARF Annex 1). For each term, the IT-Wallet definition is compared and mapped to the ARF definition, with notes on any differences or clarifications.

Access Certificate

Certificate authenticating and validating the (Wallet-) Relying Party. Aligned with ARF 1.10.

Accreditation Process

Process performed by the National Accreditation Body to accredit CABs, resulting in an accreditation certificate. Identical to ARF 1.10.

Attributes
User Attribute
User Claim

A set of characteristics, qualities, rights, or permissions of a person or object, or a single piece of such information. Aligned with ARF 1.10.

Authentic Source

Public or private entity responsible for a repository/system considered a primary source for Attributes or PID. Aligned with ARF 1.10.

Authentication

Electronic process confirming the identity of a person or the origin/integrity of data. Aligned with ARF 1.10.

Certificate Signing Request (CSR)

Request sent to a CA containing the public key and identifying information for a digital certificate. Aligned with ARF 1.10.

Certification Process

Process by Conformity Assessment Bodies to certify the Wallet Solution, including periodic technical assessments. Aligned with ARF 1.10.

Conformity Assessment Body (CAB)

Accredited body competent to assess/certify Wallet Solutions or trust service providers. Aligned with ARF 1.10.

Credential Issuer
Issuer
Attestation Provider

Organizational Entity providing Digital Credentials to Users (may be PID Provider or (Q)EAA Provider). ARF 1.10 uses similar terms; IT-Wallet merges PID and (Q)EAA Providers under this term.

Credential Status Assertion
Status Assertion

Signed document proving a Digital Credential's current validity status. Aligned with ARF 1.10.

Critical Assets

Assets (e.g., cryptographic keys) whose loss would seriously impact the Wallet Unit. Aligned with ARF 1.10.

Cryptographic Hardware Key Tag

Unique identifier for Cryptographic Hardware Keys, used to access the private key in hardware. Aligned with ARF 1.10.

Cryptographic Hardware Keys

Key pair generated by the Wallet Instance, valid for its lifetime. Aligned with ARF 1.10.

Device Integrity Service

Service by device manufacturers to verify app integrity and secure key storage. Aligned with ARF 1.10.

Digital Credential
Credential

Signed set of Attributes in a specific format (e.g., mDoc-CBOR, SD-JWT VC), may be PID or (Q)EAA. ARF 1.10 restricts to mDoc-CBOR and SD-JWT VC; IT-Wallet notes the definition should be format-neutral.

Digital Credential Catalogue

Electronic catalog containing information about the formats and schemes of Digital Credentials, the data contained and the Authentic Sources. The Catalog contains additional information that allows for the establishment of the authenticity and reliability of the information contained therein.

Electronic Attestation of Attributes (EAA)

Digitally verifiable attestation in electronic form, substantiating possession of attributes. Aligned with ARF 1.10.

Electronic Attestation of Attributes Provider

Entity providing EAAs. Aligned with ARF 1.10.

Electronic Attestation of Public Interest
Credential of Public Interest

Electronic Attestation of Attributes that contains Attributes intended to certify the release, by the State or other public administrations, of authorizations, certifications, qualifications, identity and recognition documents, receipts of revenue, or to assume a fiduciary value and protection of public faith afterwards their issuance or the entries made on them and, in general, when they are considered security documents pursuant to Article 2, paragraph 10-bis, Law 13 July 1966, no. 559.

Federation Authority

Public governance entity issuing guidelines, rules, and managing trust lists and participant status. Aligned with ARF 1.10.

Holder

Person or entity that receives, manages, and presents Digital Credentials via the Wallet Instance. Aligned with ARF 1.10.

Holder Key Binding
Cryptographic Binding

Ability of the Holder to prove possession of the private key attested by a Trusted Third Party. Aligned with ARF 1.10.

Identity and Access Management (IAM)

Framework for managing digital identities and access to information. Aligned with ARF 1.10.

Intermediate Entity
Intermediate

Intermediate Entity as defined in OID-FED Section 1.2, for example in IT-Wallet it could be a Relying Party intermediary that offers and manages, on behalf of Relying Party, the Technical Solutions for the remote or proximity verification of Electronic Attestations.

IT-Wallet System

Set of Technical Solutions implementing the Italian Digital Wallet System. Not present in ARF 1.10; specific to IT-Wallet.

IT-Wallet System Register

Register of entities participating in the IT-Wallet System. Not present in ARF 1.10; specific to IT-Wallet.

Key Attestation

Attestation from device OEM about secure key storage in hardware-backed keystore. Aligned with ARF 1.10.

Level of Assurance
  • Degree of confidence in identity vetting and credential presentation.

  • Aligned with ARF 1.10.

Metadata

Digital artifact with information about an Organizational Entity (endpoints, public keys, etc.). Aligned with ARF 1.10.

National Accreditation Bodies (NAB)

Body performing accreditation under authority from a Member State. Aligned with ARF 1.10.

National Identity Provider

Preexisting identity systems (e.g., SPID, CIE) notified to eIDAS. Aligned with ARF 1.10.

Notification Process

Process for transferring information to the EC and inclusion in the Trusted List. Aligned with ARF 1.10.

Organizational Entity

Legal person (organization or public entity) recognized to operate a role in the IT-Wallet ecosystem. Aligned with ARF 1.10.

Person Identification Data (PID)

Electronic Attestation that allows the subject to whom the Personal Identification Data refers to be authenticated. Aligned with ARF 1.10.

Personal Identification Data

A set of data which allow to establish the identity of a natural or legal person, or of a natural person representing another natural or legal person, to be established. Aligned with ARF 1.10.

PID Provider

Credential Issuer responsible for issuing/revoking PID, ensuring cryptographic binding to Wallet Unit. Aligned with ARF 1.10.

Policy Language

Formal language for defining security, privacy, and identity management policies. Aligned with ARF 1.10.

Primary Actors

Entities implementing Technical Solutions for the IT-Wallet System. Not present in ARF 1.10; specific to IT-Wallet.

Pseudonym

Alternative identifier for privacy/anonymity, allowing authentication/authorization. Aligned with ARF 1.10.

Public Electronic Attestation of Attributes (Pub-EAA)

Electronic Attestation of Attributes that contains Attributes deriving from a public Authentic Source. Aligned with ARF 1.10.

Qualified Electronic Attestation of Attributes (QEAA)

Digitally verifiable attestation issued by a QTSP, substantiating possession of attributes. Aligned with ARF 1.10.

Qualified Electronic Attestation of Attributes Provider

Entity providing QEAAs. Aligned with ARF 1.10.

Qualified Electronic Signature Provider

Trust Service Provider issuing Qualified Electronic Signature certificates. Aligned with ARF 1.10.

Registration Authority
Registrar

Party responsible for registering Organizational Entities by issuing Trust Assertions. Aligned with ARF 1.10.

Registration Certificate

Data object indicating the attributes the Relying Party has registered to request from Users. Aligned with ARF 1.10.

Registration Process

Process for verifying eligibility and compliance of Organizational Entities. Aligned with ARF 1.10.

Relying Party

Entity relying on electronic identification or Trust Service from a Wallet Instance. Aligned with ARF 1.10.

Relying Party Backend

Remote infrastructure with server-side components managed by a Relying Party Solution provider. Aligned with ARF 1.10.

Relying Party Instance
Verifier App

Specific deployment of a Relying Party application or device. Aligned with ARF 1.10.

Relying Party Solution

Product (software/hardware/cloud) enabling Credential presentations in various contexts. Aligned with ARF 1.10.

Selective Disclosure

Functionality enabling the User to submit a subset of Digital Credentials Data. Aligned with ARF 1.10.

Self-Sovereign Identity (SSI)

Approach giving individuals control over their digital identity information. Aligned with ARF 1.10.

Supervision Process

Process by a Supervisory Body to review and ensure proper functioning of the Wallet Provider and others. Aligned with ARF 1.10.

Technical Solutions

Hardware/software systems and services implemented by Wallet Solution Providers, PID Provider, etc. Aligned with ARF 1.10.

Technical Specifications

Specifications providing technical architecture, implementation framework, and design requirements. Aligned with ARF 1.10.

Trust

Confidence in the security, reliability, and integrity of entities and their actions. Aligned with ARF 1.10.

Trust Attestation

Electronic attestation of compliance with the regulatory framework, cryptographically verifiable. Aligned with ARF 1.10.

Trust Evaluation

Process of verifying trustworthiness of registered Organizational Entities. Aligned with ARF 1.10.

Trust Framework

Legally enforceable set of rules and agreements for a multi-party system. Aligned with ARF 1.10.

Trust Layer

Architectural component enabling participants to establish trust. Aligned with ARF 1.10.

Trust Model

Collection of rules ensuring legitimacy of components/entities in the IT-Wallet ecosystem. Aligned with ARF 1.10.

Trust Relationship

Reliable relationship between Organizational Entities after Trust Evaluation. Aligned with ARF 1.10.

Trusted List

Repository of information about authoritative entities and their status. Aligned with ARF 1.10.

User

Natural or legal person using trust services or electronic identification means. Aligned with ARF 1.10.

Verifier

Also known as Credential Verifier; a person or entity using a Relying Party Instance. Aligned with ARF 1.10.

Wallet Instance

Application installed on a User's device, part of the Wallet Unit, providing user interfaces. Aligned with ARF 1.10.

Wallet Provider

Organizational Entity responsible for management and provisioning of a Wallet Solution. Aligned with ARF 1.10.

Wallet Provider Backend

Technical infrastructure and server-side components managed by a Wallet Provider. Aligned with ARF 1.10.

Wallet Secure Cryptographic Application (WSCA)

Application managing Critical Assets using cryptographic functions provided by the WSCD. Aligned with ARF 1.10.

Wallet Secure Cryptographic Device (WSCD)

Tamper-resistant device providing an environment for the WSCA to protect Critical Assets. Aligned with ARF 1.10.

Wallet Solution

Set of Technical Solutions for the proper functioning of IT-Wallet Instances. Aligned with ARF 1.10.

Wallet Unit

Unique configuration of a Wallet Solution for an individual User, including security features. Aligned with ARF 1.10.

Wallet Unit Attestation
Wallet Attestation
Wallet Instance Attestation

Data object issued by a Wallet Provider describing the components of the Wallet Unit. Aligned with ARF 1.10.

Note

For any term not present in ARF 1.10, the IT-Wallet definition is provided as authoritative for the Italian context.

Below are the main defined terms and definitions related to User Experience aspects:

Authentication Button

The Engagement Button that enables the User to access the Authentication process and use the services provided by Verifiers.

Brand Identity

Collection of visual, verbal, and strategic elements that a service, a product or an entity uses to present itself to the User and to distinguish itself from others.

Call To Action

A clear and direct suggestion that encourages users to take a specific action. It can be a button, a link, or another element guiding the user toward a particular goal.

Catalog

Section of the Wallet Instance that displays the list of all the available Digital Credentials that can be obtained through the IT-Wallet Instance, and from which it is possible to start the issuing process.

Detailed View

Extended display mode of the Digital Credentials, showing all the Attributes included.

Discovery Page

It's the page of the Touchpoint of the Relying Party where the User lands to access their authenticated area, and it has the goal to show the User all the Authentication methods available.

Engagement Button

Interactive element of the Interface that allows the User to trigger a process (e.g. to Authenticate, to request the issuance of a Digital Credential, etc.).

Interaction Model

A set of characteristics that define how the User interacts with the Interface of one or multiple Touchpoints in order to complete a task or operation and achieve a specific goal.

Interface

The set of graphic, typographical and interactive elements through which the User interacts with the Touchpoint(s) responsible for the delivery of a product or service, in compliance with [GL_DESIGN].

Preview View

Compact visualization mode of the Digital Credential that allows it to be recognized and distinguished in a list of Electronic Attestations thanks to the presence of minimum data or elements.

Service Model

Set of interactions between actors and touchpoints necessary for service delivery and fruition.

Touchpoint

Point of contact (digital and not) between the User and the product or service.

Trust Mark

A graphic element that gives evidence of the participation of the Primary Actors in the IT-Wallet System and thus guarantees adherence to its standards.

User Experience

The set of people's perceptions and reactions resulting from the use and/or expectation of use of a product, system or service. Aligned with ISO 9241-210:2010.

Visual Identity

Coherent set of graphic and typographic elements that visually represent a product or service and make it distinguishable and recognizable.

4.1. Acronyms

Below are the main acronyms used in the document:

Acronym

Description

AAL

Authenticator Assurance Level as defined in https://csrc.nist.gov/glossary/term/authenticator_assurance_level

ANPR

Italian National Registry of the Resident Population

API

Application Programming Interface

CIE

National Electronic Identity Card

IAM

Identity and Access Management

LoA

Level of Assurance

OID4VP

OpenID for Verifiable Presentation

PID

Person Identification Data

PII

Personally Identifiable Information

SPID

Italian Public Digital Identity System

SSI

Self Sovereign Identity

VC

Verifiable Credential

VP

Verifiable Presentation

WSCA

Wallet Secure Cryptographic Application

WSCD

Wallet Secure Cryptographic Device

5. Normative Language and Conventions

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.