Docs Italia beta

Public documents, made digital.

The Italian EUDI Wallet implementation profile version: latest documentation
Project: Progetto demo
Administration: Organizzazione demo
About this document
Source
Actions

Normative Language and Conventions

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

Defined Terms

The terms User, Trust Service, Trust Model, Trusted List, Trust Framework, Attribute, Electronic Attestations of Attributes Provider or Trust Service Provider (TSP), Person Identification Data (PID), Revocation List, Qualified Electronic Attestations of Attributes Provider or Qualified Trust Service Provider (QTSP), Electronic Attestation of Attributes (EAA), are defined in the EIDAS-ARF.

Below are the description of acronyms and definitions which are useful for further insights into topics that complement the it-wallet and the interacting components.

Claim

Description

Accreditation Body

An entity accredited by the Federation Authority, responsible for managing the process of verification and certification of accreditation requirements for ecosystem roles.

Digital Identity Provider

An entity, recognized and accredited by the State, responsible for identifying citizens for the issuance of an Electronic Identity Certificate.

Digital Credential

An signed Credential whose integrity can be cryptographically verified using the public keys of its Issuer. It is also known as Credential.

Federation Authority

A public governance entity that issues guidelines and technical rules, and administers - directly or through its intermediary - Trusted Lists, services, and accreditation processes, the status of participants, and their eligibility evaluation. It also performs oversight functions.

Wallet Instance

An instance of the Wallet Solution, installed on a personal mobile device and controlled by a specific User who is its sole owner. It is the application that enables citizens to fully and autonomously manage their digital identity and EAAs.

Wallet Provider

All public and/or private entities, conforming to a technical profile and accredited by the Federation Authority, that provide citizens with an IT Wallet Instance.

Wallet Attestation

Verifiable Attestation, issued by the Wallet Provider, that proves the security compliace of the Wallet Instance.

Wallet Secure Cryptographic Device

Hardware-backed secure environment for creating, storing, and/or managing cryptographic keys and data. A WSCD MAY implement an association proof in different ways. This largely depends on the implementation of the WSCD for example: remote HSM, external smart card, internal UICC, internal native cryptographic hardware, such as the iOS Secure Enclave or the Android Hardware Backed Keystore or StrongBox

Credential Status Attestation

Verifiable Attestation proving that a related Digital Credential is not revoked.

Device Integrity Service

A service provided by device manufacturers that verifies the integrity and authenticity of the app instance (Wallet Instance), as well as certifying the secure storage of private keys generated by the device within its dedicated hardware. It's important to note that the terminology used to describe this service varies among manufacturers.

Cryptographic Hardware Keys

During the app initialization, the Wallet Instance generates a pair of keys, one public and one private, which remain valid for the entire duration of the Wallet Instance's life. Functioning as a Master Key for the personal device, these Cryptographic Hardware Keys are confined to the OS domain and are not designed for signing arbitrary payloads. Their primary role is to provide a unique identification for each Wallet Instance.

Cryptographic Hardware Key Tag

A unique identifier created by the operating system for the Cryptographic Hardware Keys, utilized to gain access to the private key stored in the hardware.

Key Attestation

An attestation from the device's OEM that enhances your confidence in the keys used in your Wallet Instance being securely stored within the device's hardware-backed keystore.

Qualified Electronic Attestation of Attributes (QEAA)

A digitally verifiable attestation in electronic form, issued by a QTSP, that substantiates a person's possession of attributes.

Qualified Electronic Signature Provider

The Electronic Trust Service Provider responsible for the issuing of Qualified Electronic Signature certificates to the User.

Relying Party

A natural or legal person that implements an authentication system requiring electronic attribute attestation submissions as an authentication mechanism.

Verifier

See Relying Party.

Trust Attestation

Electronic attestation of an entity's compliance with the national regulatory framework, which is cryptographically verifiable and cannot be repudiated over time by the entity that issued it. A Trust Attestation is always related to a particular Trust Framework.

Trust Layer

An architectural component that enables IT Wallet system participants to establish trust, in terms of reliability and compliance of all participants with the regulatory framework governing the digital identity system.

Trust Model

System defining how the participants of the ecosystem establish and maintain trust in their interactions. The Trust Model outlines the rules and the procedures for the entities (like users, systems, or applications) should validate each other's identities, authenticate, and establish the level of trust before exchanging information.

Level of Assurance

The degree of confidence in the vetting process used to establish the identity of the User and the degree of confidence that the User who presents the credential is the same User to whom the Digital Credential was issued.

Holder Key Binding

Ability of the Holder to prove legitimate possession of the private part, related to the public part attested by a Trusted Third Party.

Acronyms

Acronym

Description

OID4VP

OpenID for Verifiable Presentation

PID

Person Identification Data

VC

Verifiable Credential

VP

Verifiable Presentation

API

Application Programming Interface

LoA

Level of Assurance

AAL

Authenticator Assurance Level as defined in https://csrc.nist.gov/glossary/term/authenticator_assurance_level

WSCD

Wallet Secure Cryptographic Device