Collection of eIDAS, Identity related terms and abbreviations
The following list gives short overview about the terms and abbreviations within the eIDAS universe. It´s not intended to provide perfect list for experts but short overview to get into the subject or for some of my followers to understand my comments better ;-) The list is not sufficient and living document so any contribution very welcome.
First of all, a detailed list of definitions can be found in eIDAS itself:
https://www.europarl.europa.eu/cmsdata/278103/eIDAS-4th-column-extract.pdf
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2014.257.01.0073.01.ENG
Consolidated version of eIDAS 2.0:
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A02014R0910-20240520
For fast introduction:
2015/1502: Implementing Act under eIDAS 1.0 acc. Art.8 , defines further requirements on certain LoA: https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=CELEX%3A32015R1502
2015/1506: Implementing Act under eIDAS 1.0 acc. Art. 27, defines the signature formats which have to be recognized and proven by public authorities in order to fulfill their obligations for acceptance of QES and QSeal: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX%3A32015D1506
AdES- means a group of formats on digital signatures widely used within eIDAS trust framework by European QTSP; Most of them are referenced by implementing act 2015/1506 eIDAS 1.0 to be recognized by public services. Currently exist:
- CAdES (CMS): ETSI EN 319 122–1/2/3
- XAdES (XML): ETSI EN 319 132–1/2/3
- PAdES (PDF): ETSI EN 319 142–1/2/3
- JAdES (JSON): ETSI TS 119 182–1 (not mentioned in 2015/1506)
see: https://portal.etsi.org/TB-SiteMap/esi/esi-activities
ARF-Architecture and Reference Framework: Defines core requirements on EUDI Wallet, PID and QEAA so formats, interfaces and protocols. Developed by eIDAS Toolbox Group https://digital-strategy.ec.europa.eu/en/library/european-digital-identity-architecture-and-reference-framework-outline
ASiC-Associated Signature Container, means a format for digital signatures using ZIP-based (ISO/IEC 21320:2015) signature container with the option for one document (ASiC-S) or n-documents (ASiC-E); the format standardized in ETSI EN 319 162–1/2/3 was basement for ASiC-AIP container for preservation acc. Art. 34 and 40 eIDAS in BSI TR-03125 for preservation products in Germany
see: https://portal.etsi.org/TB-SiteMap/esi/esi-activities
AutoIdent — Automatic VideoIdent, means identification procedure using audiovisual methods to identify natural entities
CA-Certification Authority, Authority issueing certificates for (qualified) signatures, seals, website certificates or basically issueing certificates based on PKI
CAB-Conformity Assessment Body: Independent 3rd party accredited by National Accredition Body and supervised by National Supervisory Body with the responsiblity to certify EUDI Wallet and (Qualified) Trust Service Providers
CEN-CENELEC: European Standardization body deeply involved in eIDAS related standardization; European standards are mandatory in the sense of standardization and have to be adopted into national standardization framework in Europe
DC4EU-Digital Credentials for Europe, one of the Large Scale Pilots for EU Digital Wallet
https://www.dc4eu.eu/
DG Connect-Directorate General for Communications Networks, Content and Technology “develops and carries out the Commission’s policies on:
- Digital economy and society
- Research and innovation
responsible e.g. for eIDAS 2.0 and the Large Scale Pilots on EUDIW
DG DIGIT Directorate-General for Digital Services “is the Commission department responsible for digital services that support other Commission departments and EU institutions in their daily work and that help public administrations in EU member countries.”, DG DIGIT is e.g. responsible also for EBSI projects
https://commission.europa.eu/about-european-commission/departments-and-executive-agencies/digital-services_en
DID-Decentralized Identifier A portable URL-based identifier, also known as a DID, associated with an entity. These identifiers are most often used in a verifiable credential and are associated with subjects such that a verifiable credential itself can be easily ported from one repository to another without the need to reissue the credential. An example of a DID is did:example:123456abcdef.
https://www.w3.org/TR/vc-data-model-2.0/
DIF- Digital Identity Foundation, means an organization for development of specification in decentralized identity management, which may become input for formal standardization in ISO, ETSI, CEN, IETF
DLT-Distributed Ledger Technology technology that enables the operation and use of distributed ledgers (= ledger that is shared across a set of DLT nodes and synchronized between the DLT nodes using a consensus mechanism), See ISO 22739:2022 for details; eIDAS 2.0 introduce QTSP on Electronic Ledger which means QTSP for DLT.
https://www.iso.org/standard/82208.html
EBSI-European Blockchain Service Infrastructure, means European Blockchain Network provided by Member States https://ec.europa.eu/digital-building-blocks/sites/display/EBSI/Home
EBP-European Blockchain Partnership, means the association of Member States providing EBSI, will be transferred into EDIC as Operating Authority of EBSI
EC, mean European Commission
EDIC, EUROPEUM, a European Digital Infrastructure Consortium (EDIC) under the control of member states is the operating authority o EBSI Network
EDS-Electronic Delivery and Registered Mail service, means a QTSP providing Electronic Delivery and Registered Mail so secure communication and contains “presumption of the integrity of the data, the sending of that data by the identified sender, its receipt by the identified addressee and the accuracy of the date and time of sending and receipt indicated by the qualified electronic registered delivery service” Art. 43 eIDAS
eID: Electronic Identification, means typically the national eID-scheme which is basement for PID; in Germany synonym to German eID Card
eID Scheme: Technical scheme for national eID (e.g. SPID in Italy, ePerso on Germany) to be notified against certain Level of Assurance acc. Art. 8 eIDAS; eIDAS 2.0 allows also certification of private schemes against certain LoA which has to
eIDAS: European regulation on electronic identification and trust services for electronic transactions; exists since 2014, amended by eIDAS 2.0 which will try into force appr. Q1/2024; eIDAS is mandatory in whole EU and EFTA
eIDAS Toolbox Group: Group of Experts from Member States who defined fundamental requirements on EUDI Wallet, PID and QEAA see (https://digital-strategy.ec.europa.eu/en/library/european-digital-identity-architecture-and-reference-framework-outline)
EN-European Norm, means European (Technical) standard
ENISA European Union Agency for Cybersecurity-supports Cybersecurity and related subjects in Europe
ETSI-European Standardization body deeply involved in eIDAS related standardization (especially ETSI ESI reg. Trust Services https://portal.etsi.org/TB-SiteMap/ESI/Trust-Service-Providers); European standards are mandatory in the sense of standardization and have to be adopted into national standardization framework in Europe
see also https://portal.etsi.org/TB-SiteMap/esi/esi-activities
EUDI Wallet/EUDIW: eID Mean und eIDAS 2.0 which contains the PID as well as (qualified) attestations of attributes (e.g. Driver License, diplomas etc.); All Member State have to obligation to issue EUDI Wallet to their citizens and companies. The EUDI Wallet can be issued:
- by Member State
- on behalf of Member State
- private wallet certified by Member State
Decision on issuance model lies in responsiblity of Member State. Any EUDIW has to be certified by Conformity Assessment Body against European Standards developed by eIDAS Toolbox and European Standardization Bodies. EUDI Wallet can be Edge Wallet (mobile) or Cloud Wallet. Technical Requirements are defined in Architecture and Reference Framework (https://digital-strategy.ec.europa.eu/en/library/european-digital-identity-architecture-and-reference-framework-outline); Keep in mind that utilization of EUDIW is voluntary and no discrimination possible for legal or natural entities not using it.
EWC-EU Digital Wallet Consortium, one of the Large Scale Pilots for EU Digital Wallet
https://eudiwalletconsortium.org/
GDPR-General Data Protection Regulation- REGULATIONS REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC
GLEIF, Global Legal Entity Identifier Foundation, established in June 2014 by the Financial Stability Board with the mandate to promote the implementation and use of the Legal Entity Identifier (LEI).
GWG-Geldwaeschegesetz or German Anti Money Laundering Law
HSM-Hardware Security Module, means technical solution for secure creation, management and storage of cryptographic keys (e.g. private keys of digital signatures) and other cryptographic material (e.g. Keys of PID) ; for QTSP issuing certificates for QES/QSeal the utilization of HSM certified against CEN EN 419 241 needed
IDP-Identity Provider, means provider of identification procedure in order to create digital identity e.g. provision eID Client (Germany), VideoIdent, AutoIdent etc. measures; in some case synonomously used for Providers which also manages the identies
ISO-mDL- ISO mobile Driver License, means a n in ISO/IEC 18013 specified format for QEAA on Driver Licenses, one of the formats for QEAA in the ARF
KERI-Key Event Receipt Infrastructure, means a protocol for distributed decentralized PKI useable e.g. for decentralized identities, without the immutability of DLT
LEI-Legal Entitiy Identifier, means unique Identifier for Legal Entities provided by Global Legal Identifier Foundation (GLEIF) under mandate of G20; LEI is issued by dedicate LEI issuers and integrated in eIDAS 1.0
https://www.gleif.org/en?cachepath=de%2F
LoA-Level of Assurance, defines de facto the security level which a certain eID Scheme and -Mean may fulfill; Basic requirements defined in Art. 8 eIDAS; eIDAS knows LoA “high”, “substantial” and “low”
LSP-Large Scale Pilots, means the 4 international consortiums which pilote the EUDI Wallet and related subjects like QEAA on eIDAS 2.0 so:
- Potential: https://www.digital-identity-wallet.eu/
- DC4EU: https://www.dc4eu.eu/
- NOBID: https://www.nobidconsortium.com/
- EWC: https://eudiwalletconsortium.org/
MS: Member State
NOBID, one of the Large Scale Pilots on EU Digital Wallet
https://www.nobidconsortium.com/about/
ODI-Organizational Digital Identity, means a legally compliant eID Scheme for Legal Entities, issued into e.g. EUDI Wallet for Legal entities as required by eIDAS 2.0
OID4VCI, OpenID for Verifiable Credential Issuance means one of the mandatory issuance protocols for the EUDI Wallet
OID4VP, OpenID for Verifiable Presentation, means one of the mandatory protocols for the EUDI Wallet for presentation of PID or QEAA to a QTSP or Relying Party
OWF-Open Wallet Foundation, a “consortium of companies and non-profit organisations collaborating to drive global adoption of open, secure and interoperable digital wallet solutions as well as providing access to expertise and advice through dedicate Government Advisory Council”
https://github.com/openwallet-foundation
PID-Personal identification data, means a set of data wich ensures the unique identification of a natural or legal entity in eIDAS 2.0. It`s typically based on notified eID Scheme (on LoA high) of a certain Member State. Any EU Digital Wallet will contain a PID and will fulfill LoA high
POTENTIAL, one of the Large Scale Pilots on EU Digital Wallet
https://www.digital-identity-wallet.eu/
PKI-Public Key Infrastructure, is a set of hardware, software, policies, processes, and procedures required to create, manage, distribute, use, store, and revoke digital certificates and public-keys
https://cpl.thalesgroup.com/faq/public-key-infrastructure-pki/what-public-key-infrastructure-pki
PSD2-DIRECTIVE (EU) 2015/2366 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC
QArch, means (qualified) trust service provider for archiving acc. Section 10 eIDAS 2.0; the aim of QArch is to preserve the data themselves while QPres focus on preservation of digital signatures and general data using digital signature techniques
QEAA-Qualified Attestations of Attributes, means practically additional credentials related to the identity of a natural or legal entity so e.g. driver license, product passes, diploma, authorizations of machines/objects/cars, travel passes, boarding passes etc., in SSI often called Verifiable Credentials
QES-Qualified Electronic Signature, means an Electronic Signature those certificate was issued by QTSP and fits requirements of Art. 28 ff. eIDAS; any QES has to be recognized as QES in EU and EFTA
QCert-Qualified Certificate, means certificate on QES, QSeal or QWAC
QPres-Qualified Preservation Service, means a (qualified) trust services to keep the provabiltity and trustworthiness of cryptographic signatures, seals and timestamps as long as they are needed (Art. 34 eIDAS)
QSeal-Qualified Electronic Seal, means an Electronic Seal those certificate was issued by QTSP and fits requirements of Art. 35 ff. eIDAS; technically similar to QES but with certificate for legal entity; any QSeal has to be recognized as QES in EU and EFTA
QSCD-Qualified Signature Creation Device, means technical solution which fulfills Annex II eIDAS 1.0 needed to create QES; contains typically HSM
QTS-Qualified Time Stamp, means a timestamp issued by QTSP and fits requirements of Art. 42 eIDAS
QTSP: Qualified Trust Service Provider, means trust service provider who provides one or more qualified trust services for remuneration and is granted the qualified status by the supervisory body (see eIDAS 2.0 Art. 3 Nr. 16); Any QTSP underlie the conditions Section III eIDAS (Art. 13–14 for all (Q)TSP, 20 following acc. to kind of trust service) and has to fulfill conformity assessment by CAB every 2 years; eIDAS 2.0 knows the followin Qualified trust services:
- Creation (qualified) certificates for (qualified) electronic signatures, seals and/or timestamps
- Validation of (qualified) electronic signatures, seals and/or timestamps
- (qualified) Attestations of Attributes
- (qualified) Electronic registered mail/ delivery services
- (qualified) Management secure signature creation devic
- (qualified) Preservation of (qualified) electronic signatures and/or seals
- (qualified) Archiving Services
- (qualified) website certificates
QWAC-Qualified Website Authentication Certificate means a certificate issued by QTSP for uniquely identified legal entity to ensure the authenticity of website or relying party in case of authentication in machine-machine-communication (Art. 45 eIDAS); Regarding the discussions around QWAC see: https://medium.com/@schwalm.steffen/qwac-or-not-qwac-is-that-the-question-80b7a145db9d and https://www.european-signature-dialog.eu/ESD_answer_to_Mozilla_misinformation_campaign.pdf
OWF-Open Wallet Foundation, means a consortium of companies and non-profit organisations collaborating to drive global adoption of open, secure and interoperable digital wallet solutions as well as providing access to expertise and advice through a Government Advisory Council, see:
https://openwallet.foundation/
SAM-Signature Activation Module security element that is implemented into signing services for the purpose of providing remote signing or sealing functionality
https://utimaco.com/service/knowledge-base/digital-signing/what-signature-activation-module
SD-JWT-Selective Disclosure JSON WebToken, one of the possible formats for QEAA within the ARF
https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-04.html#name-combined-format-for-present
SSI-Self-Sovereign Identity, defines a paradigm in identity management where the holder of the identity fully controls the utilization of its identity and identity attributes; SSI requests no special technology
https://www.selfsovereignidentity.it/the-10-principles-of-self-sovereign-identity-ssi/
TR-Technical Report, overview about state of the art in certain subject issued by standardization bodies like ISO, ETSI, CEN-CENELEC
TR-Technische Richtlinie/Technical Guideline, de facto mandatory standard in Germany issued by Federal Office for Information Security (National Cybersecurity Authority)
TR-ESOR/TR-03125, German Technical Guideline and de facto mandatory standard in Germany for products on preservation of cryptographically signed documents which might be used by (qualified) preservation services acc. Art. 34 and 40 eIDAS; in case a products certified against TR-03125 (from version 1.2.2 or higher) is used by QTSP for Preservation, the product related OnSite tests during Conformity Assessment do not apply (if conformity assessment done in Germany). TR-03125 was one main input for ETSI TS 119 511 for QTSP for Preservation acc. Art. 34 and 40 eIDAS
see https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/Standards-und-Zertifizierung/Technische-Richtlinien/TR-nach-Thema-sortiert/tr03125/TR-03125_node.html and https://www.bundesnetzagentur.de/EVD/DE/SharedDocuments/Downloads/Anbieter_Infothek/Assessment-Handbuch_ETSI_119_511.pdf?__blob=publicationFile&v=1
TS-Technical Specification, result of international standardization which is lower than a norm but more technically detailed
TSA-Time Stamp Authority, typically (qualified) trust service providing (qualified) time stamps acc. Art. 42 eIDAS
TSPS-Trust Service Practice Statement, mandatory document for each QTSP which describes the provided (qualified) trust service, core security measures, governance, responsiblities, processes etc. with obligation to be published (see. Section 6.1 of ETSI EN 319 401)
ValS-(Qualified) Validation Service, means a QTSP for validation of (qualified) signatures, seals and timestamps acc. Art. 32 eIDAS
VC-Verifiable Credential, means provable credential for certain claim of identity or identity attributes; firstly related to attributes like driver license etc. now technically used for identity information (PID/QEAA) issued into EUDI Wallet; it`s verifiable because of cryptographic measures used by issuer
VDG- Vertrauensdienstegesetz or German Trust Service Law which underpinns the trust services related subjects of eIDAS (1.0) where eIDAS allows national specifics
vLEI-verifiable Legal Entity Identifier, means unique Identifier for Legal Entities issued as Verifiable Credential by dedicated issuers supervised by GLEIF, will be transferred into eIDAS 2.0; currently used infrastructure: KERI
https://www.gleif.org/en/vlei/introducing-the-verifiable-lei-vlei?cachepath=de%2Fvlei%2Fintroducing-the-verifiable-lei-vlei
W3C VC-W3C-Verifiable Credential Data Model — widely used specification on data model for identity attributes (Verifiable Credentials), is currently recognized in ARF
https://www.w3.org/TR/vc-data-model-2.0/