12.1. Normative References¶

Below the normative references and respective acronyms included in these Technical Specifications:

[CAD]

Legislative Decree No. 82 of March 7, 2005, as amended, containing the 'Digital Administration Code'.

[REF_ACCESSIBILITY]

Accessibility Guidelines for IT Tools as per Article 11 of Law 4/2004. Directive (EU) 2019/882 of the European Parliament and of the Council of 17 April 2019 on the accessibility requirements for products and services.

[GL_DESIGN]

Design Guidelines for websites and digital services provided by public administrations, pursuant to Article 53, paragraph 1-ter of Legislative Decree No. 82 of March 7, 2005, as amended.

12.2. Defined Terms and Acronyms¶

This section aligns the IT-Wallet System's terminology with the definitions provided in ARF 1.10 (see ARF Annex 1). For each term, the IT-Wallet definition is compared and mapped to the ARF definition, with notes on any differences or clarifications.

The terms User, Trust Service, Trust Model, Trusted List, Trust Framework, Attribute, Electronic Attestations of Attributes Provider or Trust Service Provider (TSP), Person Identification Data (PID), Revocation List, Qualified Electronic Attestations of Attributes Provider or Qualified Trust Service Provider (QTSP), Electronic Attestation of Attributes (EAA), are defined in the EIDAS-ARF.

Below is the description of acronyms and definitions which are useful for further insights into topics that complement the IT-Wallet System and the interacting components.

Access Certificate¶: Certificate authenticating and validating the (Wallet-) Relying Party. Aligned with ARF 1.10.
Accreditation Process¶: Process performed by the National Accreditation Body to accredit CABs, resulting in an accreditation certificate. Not present in ARF 1.10; specific to IT-Wallet.
Attributes¶
User Attribute¶
User Claim¶: A set of characteristics, qualities, rights, or permissions of a person or object, or a single piece of such information. Aligned with ARF 1.10.
Authentic Source¶: Public or private entity responsible for a repository/system considered a primary source for Attributes or PID. Aligned with ARF 1.10.
Authentication¶: Electronic process confirming the identity of a person or the origin/integrity of data. Aligned with ARF 1.10.
Certificate Signing Request (CSR)¶: Request sent to a CA containing the public key and identifying information for a digital certificate. Not present in ARF 1.10.
Certification Process¶: Process by Conformity Assessment Bodies to certify the Wallet Solution, including periodic technical assessments. Not present in ARF 1.10; specific to IT-Wallet.
Conformity Assessment Body (CAB)¶: Accredited body competent to assess/certify Wallet Solutions or trust service providers. Aligned with ARF 1.10.
Credential Issuer¶
Issuer¶: Organizational Entity providing Digital Credentials to Users (may be PID Provider or (Q)EAA Provider). ARF 1.10 uses similar terms; IT-Wallet merges PID and (Q)EAA Providers under this term.
Credential Status Assertion¶
Status Assertion¶: Signed document proving a Digital Credential's current validity status. Not present in ARF 1.10; specific to IT-Wallet.
Critical Assets¶: Assets (e.g., cryptographic keys) whose loss would seriously impact the Wallet Unit. Aligned with ARF 1.10.
Cryptographic Hardware Key Tag¶: Unique identifier for Cryptographic Hardware Keys, used to access the private key in hardware. Not present in ARF 1.10.
Cryptographic Hardware Keys¶: Key pair generated by the Wallet Instance, valid for its lifetime. Not present in ARF 1.10.
Device Integrity Service¶: Service by device manufacturers to verify app integrity and secure key storage. Not present in ARF 1.10.
Digital Credential¶
Credential¶: Signed set of Attributes in a specific format (e.g., mDoc-CBOR, SD-JWT VC), may be PID or (Q)EAA. ARF 1.10 restricts to mDoc-CBOR and SD-JWT VC; IT-Wallet notes the definition should be format-neutral.
Digital Credential Catalogue¶: Electronic catalog containing information about the formats and schemes of Digital Credentials, the data contained and the Authentic Sources. The Catalog contains additional information that allows for the establishment of the authenticity and reliability of the information contained therein. Not present in ARF 1.10; specific to IT-Wallet.
Electronic Attestation of Attributes (EAA)¶: Digitally verifiable attestation in electronic form, substantiating possession of attributes. Aligned with ARF 1.10.
Electronic Attestation of Attributes issued by or on behalf of a public sector body (Pub-EAA)¶
Public Electronic Attestation of Attributes¶: Electronic Attestation of Attributes that contains Attributes deriving from a public Authentic Source. Aligned with ARF 1.10.
Electronic Attestation of Attributes Provider¶
Electionic Attestation Provider¶: Organizational Entity providing EAAs. Aligned with ARF 1.10.
Electronic Attestation of Public Interest¶
Credential of Public Interest¶: Electronic Attestation of Attributes that contains Attributes intended to certify the release, by the State or other public administrations, of authorizations, certifications, qualifications, identity and recognition documents, receipts of revenue, or to assume a fiduciary value and protection of public faith afterwards their issuance or the entries made on them and, in general, when they are considered security documents pursuant to Article 2, paragraph 10-bis, Law 13 July 1966, no. 559. Not present in ARF 1.10; specific to IT-Wallet.
Federation Authority¶: Public governance entity issuing guidelines, rules, and managing trust lists and participant status. Not present in ARF 1.10.
Holder¶: Person or entity that receives, manages, and presents Digital Credentials via the Wallet Instance. Not present in ARF 1.10; specific to IT-Wallet.
Holder Key Binding¶: Ability of the Holder to prove possession of the private key attested by a Trusted Third Party. Not present in ARF 1.10.
Identity and Access Management (IAM)¶: Framework for managing digital identities and access to information. Not present in ARF 1.10.
Intermediate Entity¶
Intermediary¶: Intermediate Entity as defined in OID-FED Section 1.2, for example in IT-Wallet it could be a Relying Party intermediary that offers and manages, on behalf of Relying Party, the Technical Solutions for the remote or proximity verification of Electronic Attestations. Aligned with ARF 1.10.
IT-Wallet System¶: Set of Technical Solutions implementing the Italian Digital Wallet System. Not present in ARF 1.10; specific to IT-Wallet.
IT-Wallet System Register¶: Register of entities participating in the IT-Wallet System. Not present in ARF 1.10; specific to IT-Wallet.
Key Attestation¶: Attestation from device OEM about secure key storage in hardware-backed keystore. Not present in ARF 1.10.
Level of Assurance¶: Degree of confidence in identity vetting and credential presentation. Not present in ARF 1.10.
Metadata¶: Digital artifact with information about an Organizational Entity (endpoints, public keys, etc.). Not present in ARF 1.10.
National Accreditation Bodies (NAB)¶: Body performing accreditation under authority from a Member State. Aligned with ARF 1.10.
National Identity Provider¶: Preexisting identity systems (e.g. CIE) notified to eIDAS. Not present in ARF 1.10.
Notification Process¶: Process for transferring information to the EC and inclusion in the Trusted List. Aligned with ARF 1.10.
Organizational Entity¶: Legal person (organization or public entity) recognized to operate a role in the IT-Wallet ecosystem. Not present in ARF 1.10; specific to IT-Wallet.
Person Identification Data (PID)¶: Electronic Attestation that allows the subject to whom the Personal Identification Data refers to be authenticated. Aligned with ARF 1.10.
Personal Identification Data¶: A set of data which allow to establish the identity of a natural or legal person, or of a natural person representing another natural or legal person, to be established. Aligned with ARF 1.10.
PID Provider¶: Credential Issuer responsible for issuing/revoking PID, ensuring cryptographic binding to Wallet Unit. Aligned with ARF 1.10.
Policy Language¶: Formal language for defining security, privacy, and identity management policies. Not present in ARF 1.10; specific to IT-Wallet.
Primary Actors¶: Entities implementing Technical Solutions for the IT-Wallet System. Not present in ARF 1.10; specific to IT-Wallet.
Pseudonym¶: Alternative identifier for privacy/anonymity, allowing authentication/authorization. Aligned with ARF 1.10.
Qualified Electronic Attestation of Attributes (QEAA)¶: Digitally verifiable attestation issued by a QTSP, substantiating possession of attributes. Aligned with ARF 1.10.
Qualified Electronic Attestation of Attributes Provider¶: Organizational Entity providing QEAAs. Aligned with ARF 1.10.
Qualified Electronic Signature Provider¶: Trust Service Provider issuing Qualified Electronic Signature certificates. Aligned with ARF 1.10.
Registration Authority¶
Registrar¶: Party responsible for registering Organizational Entities by issuing Trust Assertions. Aligned with ARF 1.10.
Registration Certificate¶: Data object indicating the attributes the Relying Party has registered to request from Users. Aligned with ARF 1.10.
Registration Process¶: Process for verifying eligibility and compliance of Organizational Entities. Aligned with ARF 1.10.
Relying Party¶: Entity relying on electronic identification or Trust Service from a Wallet Instance. Aligned with ARF 1.10.
Relying Party Backend¶: Remote infrastructure with server-side components managed by a Relying Party Solution provider. Not present in ARF 1.10; specific to IT-Wallet.
Relying Party Instance¶
Verifier App¶: Specific deployment of a Relying Party application or device. Aligned with ARF 1.10.
Relying Party Solution¶: Product (software/hardware/cloud) enabling Credential presentations in various contexts. Not present in ARF 1.10; specific to IT-Wallet.
Selective Disclosure¶: Functionality enabling the User to submit a subset of Digital Credentials Data. Aligned with ARF 1.10.
Self-Sovereign Identity (SSI)¶: Approach giving individuals control over their digital identity information. Not present in ARF 1.10.
Supervision Process¶: Process by a Supervisory Body to review and ensure proper functioning of the Wallet Provider and others. Not present in ARF 1.10; specific to IT-Wallet.
Technical Solutions¶: Hardware/software systems and services implemented by Wallet Solution Providers, PID Provider, etc. Not present in ARF 1.10; specific to IT-Wallet.
Technical Specifications¶: Specifications providing technical architecture, implementation framework, and design requirements. Aligned with ARF 1.10.
Trust¶: Confidence in the security, reliability, and integrity of entities and their actions. Not present in ARF 1.10.
Trust Attestation¶: Electronic attestation of compliance with the regulatory framework, cryptographically verifiable. Not present in ARF 1.10.
Trust Evaluation¶: Process of verifying trustworthiness of registered Organizational Entities. Not present in ARF 1.10.
Trust Framework¶: Legally enforceable set of rules and agreements for a multi-party system. Not present in ARF 1.10.
Trust Layer¶: Architectural component enabling participants to establish trust. Not present in ARF 1.10.
Trust Model¶: Collection of rules ensuring legitimacy of components/entities in the IT-Wallet ecosystem. Not present in ARF 1.10.
Trust Relationship¶: Reliable relationship between Organizational Entities after Trust Evaluation. Not present in ARF 1.10.
Trusted List¶: Repository of information about authoritative entities and their status. Aligned with ARF 1.10.
User¶: Natural or legal person using trust services or electronic identification means. Aligned with ARF 1.10.
Verifier¶
Credential Verifier¶: A person or entity using a Relying Party Instance. Not present in ARF 1.10; specific to IT-Wallet.
Wallet Instance¶: Application installed on a User's device, part of the Wallet Unit, providing user interfaces. Aligned with ARF 1.10.
Wallet Provider¶: Organizational Entity responsible for management and provisioning of a Wallet Solution. Aligned with ARF 1.10.
Wallet Provider Backend¶: Technical infrastructure and server-side components managed by a Wallet Provider. Aligned with ARF 1.10.
Wallet Secure Cryptographic Application (WSCA)¶: Application managing Critical Assets using cryptographic functions provided by the WSCD. Aligned with ARF 1.10.
Wallet Secure Cryptographic Device (WSCD)¶: Tamper-resistant device providing an environment for the WSCA to protect Critical Assets. Aligned with ARF 1.10.
Wallet Solution¶: Set of Technical Solutions for the proper functioning of IT-Wallet Instances. Aligned with ARF 1.10.
Wallet Unit¶: Unique configuration of a Wallet Solution for an individual User, including security features. Aligned with ARF 1.10.
Wallet Unit Attestation¶
Wallet Attestation¶
Wallet Instance Attestation¶: Data object issued by a Wallet Provider describing the components of the Wallet Unit. Aligned with ARF 1.10.

Note

For any term not present in ARF 1.10, the IT-Wallet definition is provided as authoritative for the Italian context.

Below are the main defined terms and definitions related to User Experience aspects:

Authentication Button¶: The Engagement Button that enables the User to access the Authentication process and use the services provided by Verifiers.
Brand Identity¶: Collection of visual, verbal, and strategic elements that a service, a product or an entity uses to present itself to the User and to distinguish itself from others.
Call To Action¶: A clear and direct suggestion that encourages users to take a specific action. It can be a button, a link, or another element guiding the user toward a particular goal.
Catalog¶: Section of the Wallet Instance that displays the list of all the available Digital Credentials that can be obtained through the IT-Wallet Instance, and from which it is possible to start the issuing process.
Detailed View¶: Extended display mode of the Digital Credentials, showing all the Attributes included.
Discovery Page¶: It's the page of the Touchpoint of the Relying Party where the User lands to access their authenticated area, and it has the goal to show the User all the Authentication methods available.
Engagement Button¶: Interactive element of the Interface that allows the User to trigger a process (e.g. to Authenticate, to request the issuance of a Digital Credential, etc.).
Interaction Model¶: A set of characteristics that define how the User interacts with the Interface of one or multiple Touchpoints in order to complete a task or operation and achieve a specific goal.
Interface¶: The set of graphic, typographical and interactive elements through which the User interacts with the Touchpoint(s) responsible for the delivery of a product or service, in compliance with [GL_DESIGN].
Preview View¶: Compact visualization mode of the Digital Credential that allows it to be recognized and distinguished in a list of Electronic Attestations thanks to the presence of minimum data or elements.
Service Model¶: Set of interactions between actors and touchpoints necessary for service delivery and fruition.
Touchpoint¶: Point of contact (digital and not) between the User and the product or service.
Trust Mark¶: A graphic element that gives evidence of the participation of the Primary Actors in the IT-Wallet System and thus guarantees adherence to its standards.
User Experience¶: The set of people's perceptions and reactions resulting from the use and/or expectation of use of a product, system or service. Aligned with ISO 9241-210:2010.
Visual Identity¶: Coherent set of graphic and typographic elements that visually represent a product or service and make it distinguishable and recognizable.

12.2.1. Acronyms¶

Below are the main acronyms used in the document:

Acronym	Description
AAL	Authenticator Assurance Level as defined in https://csrc.nist.gov/glossary/term/authenticator_assurance_level
ANPR	Anagrafe Nazionale della Popolazione Residente (Italian National Registry of the Resident Population)
API	Application Programming Interface
CAB	Conformity Assessment Body
CIE	Carta di Identità Elettronica (National Electronic Identity Card)
EAA	Electronic Attestation of Attributes
IAM	Identity and Access Management
LoA	Level of Assurance
NAB	National Accreditation Body
OID4VP	OpenID for Verifiable Presentation
PDND	Piattaforma Digitale Nazionale Dati (National Digital Data Platform)
PID	Person Identification Data
PII	Personally Identifiable Information
QEAA	Qualified Electronic Attestation of Attributes
Pub-EAA	Electronic Attestation of Attributes issued by or on behalf of a public sector body
SSI	Self Sovereign Identity
VC	Verifiable Credential
VP	Verifiable Presentation
WSCA	Wallet Secure Cryptographic Application
WSCD	Wallet Secure Cryptographic Device