Definitions from popular regulatory/legal text (Eg: eIDAS) to better understand the terms used in cyber security legal and regulatory documents and standards
Refference: https://ec.europa.eu/digital-building-blocks/sites/display/DIGITAL/Digital+Homepage
| Term | Description |
|---|---|
| Attestation | A signed set of attributes, in either the mdoc format specified in [ISO18013-5] or the SD-JWT format specified in [SD-JWT]. This may be a PID, QEAA or EAA. |
| Attribute | A feature, characteristic or quality of a natural or legal person or of an entity, in electronic form. - eIDAS Regulation amendment proposal |
| Authentic Source | A repository or system, held under the responsibility of a public sector body or private entity, that contains attributes about a natural or legal person and is considered to be the primary source of that information or recognised as authentic in national law. – eIDAS Regulation amendment proposal |
| Electronic Attestation of Attributes (EAAs) | An attestation in electronic form that allows the authentication of attributes - eIDAS Regulation amendment proposal |
| National Accreditation Bodies (NAB)* | A body that performs accreditation with authority derived from a Member State under Regulation (EC) No 765/2008. |
| Person Identification Data (PID) | A set of data enabling the identity of a natural or legal person, or a natural person representing a legal person to be established - eIDAS Regulation. |
| Person Identification Data Provider* | A Member State or other legal entity providing Person Identification Data to Users. |
| Public Key Infrastructure (PKI)* | Systems, software, and communication protocols that are used by EUDI Wallet ecosystem components to distribute, manage, and control public keys. A PKI publishes public keys and establishes trust within an environment by validating and verifying the public keys mapping to an entity. |
| Qualified Electronic Attestations of Attributes (QEAA) | An Electronic Attestation of Attributes, which is issued by a Qualified Trust Service Provider and meets the requirements laid down in Annex V. - eIDAS Regulation amendment proposal |
| Qualified Electronic Attestations of Attributes (QEAA) provider* | (Qualified) Trust Service Provider issuing (Q)EAA. Note: there may be multiple (Q)EAA Providers. |
| Qualified Electronic Signature Creation Device (QSCD) | Software or hardware used to create an electronic signature that meets the requirements laid down in Annex II of the eIDAS Regulation amendment proposal. -eIDAS Regulation and eIDAS Regulation amendment proposal |
| Qualified Trust Service Provider (QTSP) | A Trust Service Provider who provides one or more Qualified Trust Services and is granted the qualified status by the supervisory body. - eIDAS Regulation |
| Relying Party* | A natural or legal person that relies upon an electronic identification or a Trust Service. – eIDAS Regulation In the case of the EUDI Wallet, the Relying Party relies on electronic identification or the Trust Service originating from an EUDI Wallet. |
| Selective Disclosure* | The capability of the EUDI Wallet that enables the User to present a subset of attributes provided by the PID and/or (Q)EAAs. |
| Trust* | Trust is the characteristic that one party, is willing to rely upon a third-party entity to execute a set of actions and/or to make a set of assertions about a set of subjects and/or scopes[^7]. |
| Trust Framework* | A legally enforceable set of operational and technical rules and agreements that govern a multi-party system designed for conducting specific types of transactions among a community of participants and bound by a common set of requirements. |
| Trust model* | Collection of rules that ensure the legitimacy of the components and the entities involved in the EUDI Wallet ecosystem. |
| Trust Service Provider (TSP) | A natural or a legal person who provides one or more Trust Services, either as a qualified or as a non-qualified Trust Service Provider. - eIDAS Regulation |
| Trust Service | An electronic service normally provided against payment which consists of: (a) the creation, verification, and validation of electronic signatures, electronic seals or electronic time stamps, electronic registered delivery services, electronic attestation of attributes and certificates related to those services; (b) the creation, verification and validation of certificates for website authentication; (c) the preservation of electronic signatures, seals or certificates related to those services; (d) the electronic archiving of electronic documents; (e) the management of remote electronic signature and seal creation devices; (f) the recording of electronic data into an electronic ledger. - eIDAS Regulation amendment proposal |
| Trusted List* | Repository of information about authoritative entities in a particular legal or contractual context which provides information about their current and historical status. |
| User* | A natural or legal person using an EUDI Wallet. |
| EUDI Wallet Instance* | Instance of an EUDI Wallet Solution belonging to and which is controlled by a User. |
| Relying Party Instance* | A software module with the capability to interact with a Wallet Instance and to perform Relying Party authentication, that is controlled by a Relying Party. |
| EUDI Wallet Provider* | A public or private organisation, responsible for the operation of an eIDAS-compliant EUDI Wallet Solution that can be instantiated on a User's device, e.g., through installation and initialization. |
| EUDI Wallet Solution* | An EUDI Wallet Solution is the entire product and service provided by an EUDI Wallet Provider, and offered to all Users of that Solution. |
| Wallet Secure Cryptographic Application (WSCA)* | A Wallet Secure Cryptographic Application (WSCA) is software provisioned within the Wallet Secure Cryptographic Device (WSCD). It is tasked with executing all security-sensitive operations such as generating, safeguarding, and handling cryptographic keys and assets. Additionally, it facilitates communication with the Wallet Instance. |
| Wallet Secure Cryptographic Device (WSCD)* | Hardware-backed secure environment for creating, storing, and/or managing cryptographic keys and data. Examples include Secure Elements (SE), Trusted Execution Environments (TEEs), and (remote or local) Hardware Security Module (HSM). |
Table 1: Definitions
* Additional to definitions in Article 3 of the eIDAS Regulation or its amendment proposal.