A

Accreditation

A form of licencing that implies permission for an educational organisation to provide a specific programme.

Authorisation

The process of being assigned rights. It is part of access control and typically succeeds the authentication process.

B

Blockchain

An append-only, sequential, chained distributed ledger, composed of an ever-growing sequence of blocks of transactions.

C

Consent/Mandate

A special form of a digital “credential" (as specified by the W3C) an entity (Natural Person or Legal Entity ) can assert as evidence of certain attributes/properties (or permits, attestation, authorisation, etc.) of another entity.

Cryptography

The use of mathematical techniques to ensure security-related properties such as data confidentiality, data integrity and data authentication.

D

Domain-specific Verifiable Credential

A ** Verifiable Credential (VC) that is issued by a Trusted Issuer (TI) for a particular ambit, which contains claims that are relevant to that context-specific domain (e.g. university diploma).

Decentralised Identifier (DID)

Decentralised Identifiers (DIDs) are the cornerstone of self-sovereign identity (SSI). DIDs are URL-based identifiers associated with an entity. These identifiers are most often used in a verifiable credential. They are associated with subjects such that a verifiable credential itself can be easily ported from one repository to another without the need to reissue the credential. A decentralised identifier document (DID document) is a document that contains information related to a specific decentralised identifier, such as the associated repository and public-key information.

DID Custodian

A DID custodian would be a party that allows a subject to register its DID (Decentralised IDentifier) at a custodian in order to retrieve its DID (and keys) in case of loss.

Diploma

In this context, a Diploma is to be understood as a type of Credential (see definition of a "Verifiable Credential"). It contains educational information about a student signed by at least one educational institution.

Distributed Ledger

A data structure replicated over multiple entities in a peer-to-peer network, whereby a consensus mechanism guarantees the consistency of the different copies of this data structure, without the need for a central authority.

E

EBSI Ledger (DID Registry)

This registry contains metadata about Natural Persons and Legal Entities (i.e. DIDs, public keys).

eIDAS

Regulation no 910/2014 on electronic identification and trust services for electronic transactions in the internal market. Aims to build trust in the online environment is key to economic and social development and it is addressed by the ESSIF working group together with the legal team.

Enrolment

Act of enrolling at a learning institution or in a class/course.

Entity

Natural Persons and Legal Entities are collectively called Entities.

European Student Card

A type of credential. In this case, a common digital and graphic identity for all students in Europe to facilitate student mobility and (in the process) recognition of a type of credential. The use of the card enables a student enrolled in an adhering institution to assert his/her rights anywhere and from all providers who have defined a dedicated student service offer.

G

General Data Protection Regulation (GDPR)

The General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas.

H

Hash

The hash is the output of the hash function and is used as a unique fingerprint of electronic content.

Hashing / Hashing function

Hashing is a deterministic method of cryptography that converts any form of data into a unique string of text, called a hash. A given input (a document in our case) will always produce the same hash as long as the input does not change. A hash is designed to act as a one-way function: it is not possible to retrieve the original input data from the hash (thus protecting confidentiality when needed). Verifying that a hash was obtained from a specific document is a trivial and fast operation, which can be automated.

Holder

A holder will be defined as the entity that is the receiver of a verifiable credential (not necessarily owned by it) and that can use it.

I

Identifier

Any unique Source: (e.g. UUID, DID, etc.) …  used to identify some Entity.

Issuer

This term refers to a party that creates and issues Verifiable Credentials (e.g. Verifiable IDs or Verifiable Attestations) to Holders.

L

Ledger

Ledgers are places where Issuers can write relevant information, and where relying parties can have access to verify certain elements.

Legal Entity

A party that qualifies as such according to the criteria (laws) of that jurisdiction needs to have a "legal presentation" vis-a-vis other parties and is (ultimately) responsible.

M

Metadata

 A set of attributes related to the document (e.g. name, title, file type, category, language, issuer, date, etc).

N

Natural Person

A party (Citizen, Student, ...) that can have a "legal presentation" vis-a-vis other parties and are (ultimately) responsible. An individual human being, as opposed to a legal person, which may be a private or public organisation.

P

Permissioned

This adjective is used to denote a distributed ledger network with an additional layer of access control.

Permissioned distributed ledger networks are not based on game theory, but on agreements between cooperating parties that know each other.

The permissioned aspect can be restricted to some elements of a distributed ledger, such as governance and the consensus mechanism. Hence, a permissioned distributed ledger may be public and partially open to everyone.

Permissionless

An adjective used for distributed ledger networks where everyone can assume any role without enrolment procedure. Therefore, these distributed ledger networks are based on game-theoretic incentives and assumptions to function properly.

Personal Data

Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which are collected together can lead to the identification of a particular person, also constitute personal data.

Personal data that has been de-identified, encrypted, or pseudonymized but can be used to re-identify a person remains personal data and falls within the scope of the GDPR.

Pseudonymization

The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Source: GDPR, article 4

R

Registry

A notarization service on the blockchain is essentially a static registry storing immutable reference data that can be used at a later stage as proof of authenticity/integrity of digital artefacts. We refer to "registry" as the application/system that will offer the notarization services.

S

Self-Sovereign Identity (SSI)

Self-sovereign identity (SSI) is the next step beyond user-centric identity. Both concepts are based on the idea that a user must be central to the administration of his/her digital identity, which requires not only a user’s ability to use an identity across multiple locations but also to have true control over that digital identity, creating user autonomy. To accomplish this, a self-sovereign identity must be transportable; it can’t be locked into a single site or locale.

A self-sovereign identity must also allow users to make claims, which could include personal data or attributes, and can even contain information about the user that was asserted by others. In the creation of a self-sovereign identity, we must be careful to protect the individual, defend them against financial and other losses and support human rights, such as the right to be oneself and to freely associate.

It must be easy for public administration and other organizations to provide services that are legally binding and fully compliant with regulations.

Smart Contracts

In the DLT context, a smart contract (or chain code) is computer code published on a distributed ledger and executed by multiple nodes in the distributed ledger network. Due to the consensus mechanism of the ledger, no one should be able to unilaterally affect the correct execution of the smart contract code.

Storage (off/onchain)

Blockchain is optimized for transaction records so care must be taken when dealing with large data sets such as documents. EBSI provides limited off-chain storage capabilities in order to support the quick startup of Use Case requiring limited storage capacity (focusing on Key-Value storage and limited Size Meta Content storage). Applications will also be free to use other external data stores that are better adapted to their needs.

Anatomy of the component

The Storage API gives applications access to all the available off-chain storage platforms included within EBSI nodes. 

There are three types of off-chain storage planned for EBSI:

• Distributed Storage (Limited Capacity): The data is replicated across all EBSI nodes in near real-time. Storage API is the unique component that can interact directly with Distributed Storage Repository. For EBSI V2.0 this is the only limited storage capability provided. The Storage infrastructure below is Cassandra that is a decentralized and distributed Data infrastructure, compliant with the EBSI platform foundation principle of using decentralized and distributed architecture.
• Private Storage (Limited Capacity): This resides within one node for local or state activity and is not replicated to other nodes. This is not planned on EBSI V2.0.
• External Storage: Which will enable external storage to be recognized as EBSI compliant storage, in the case of government cloud stores for example. This is not planned on EBSI V2.0. If a use case wants to use external Data Storage, they can use it directly at their Business layer, but not through this Storage API.

T

Transcript of Records

An official record of a student’s work that shows the courses students have taken and marks achieved.

Trusted Accreditation Organisation (TAO)

Organizations that can accredit another party to issue certain types of VCs.

Trusted Accreditation Organisation Registry (TAOR)

This term refers to a registry that contains information about organizations that can accredit another party to issue certain types of VCs.

Trusted Issuer 

A role that an entity, a person, or a thing might perform by creating a verifiable credential, associating it with a specific subject, and transmitting it to a holder. Example issuers include corporations, non-profit organizations, trade associations, governments, and individuals.

The trustworthiness of ESSIF will stand (or fall) with the trustworthiness of the verifiable credentials, mandates/consents, and/or claims. 

This trustworthiness will be determined by the trustworthiness of the respective issuers and their issued VCs (which can be low, substantial, or high).

Trusted Issuer Registry (TIR)

A registry that contains a list of Legal Entities ("Trusted Issuers") that are authorized to issue certain types of credentials. There may be more than one TIR within a specific education sector, depending on the governance requirements within the sector. In the case of formal and accredited education, in addition to the DIDs of registered Universities, the TIR lists specific Verifiable Credentials (e.g. Diplomas) the respective University is authorized to issue. The TIR is managed by the so-called "TIR Administration".

Trusted Registry

This is an umbrella term that includes the EOSR, TAR, TIR, and TSR. In EBSI terms, a registry is a Smart Contract, depending on the specific registry, its purpose is to contain the list of:

• organizations that are authorized to or can provide authorization to write to the (permission) EBSI Ledger
• information about Issuers and their accreditations to issue VCs
• information about organizations that can accredit another party to issue certain types of VCs
• data schemes (templates) of data objects (e.g. VCs).

Trusted Schemes Registry (TSR)

This term refers to a registry that contains data schemes (templates) of data objects (e.g. VCs).

U

User (EBSI complaint) Wallet

Service that allows the Natural persons to interact with the rest of EBSI Services and to self-manage their own identity data including export/import and migration capabilities.

V

Verifiable Accreditation to Accredit

A Verifiable Credential issued by a Root Trusted Accreditation Organisation (RTAO) to grant the Trusted Accreditation Organisation (TAO) the authority to accredit other entities to govern or issue domain-specific Verifiable Credentials. It serves as a foundational building block for the governance of the Trust Chain.

Verifiable Accreditation to Attest

A Verifiable Credential issued by a Trusted Accreditation Organisation (TAO) to grant the Trusted Issuer (TI) the authority to issue domain-specific Verifiable Credentials.

Verifiable Authorisation (VA)

A Verifiable Authorisation is a special form of "verifiable credential" that is resulting from the onboarding process, where the corresponding Entity creates an authentication response holding the Verifiable Authorisation meant to be sent to the Authorisation API, in order to exchange it to a short-term access token.

Verifiable Credential

A verifiable credential is a tamper-evident credential that has authorship that can be cryptographically verified. Verifiable credentials can be used to build verifiable presentations, which can also be cryptographically verified. The claims in a credential can be about different subjects.

Verifiable means that the integrity (no alteration) of a Verifiable Credential, as well as the authorship of a Verifiable Credential, can easily be checked using a cryptographic-based standard procedure

Verifiable Diploma 

A Verifiable Attestation which indicates that the owner has certain skills or has achieved certain learning outcomes through formal or non-formal learning context.

Verifiable Presentation

A verifiable presentation represents the data passed from an entity to a relying party (often also the verifier).

Verifier

This term refers to a party who requests/verifies Verifiable Credentials (e.g. Verifiable IDs or Verifiable Attestations), such as to provide a service.

W

Wallet Conformance Testing (WCT)

The Wallet Conformance Testing service is intended for third-party application providers developing a digital wallet that want to ensure the interoperability and conformance of their wallet(s) with the specifications defined by the European Blockchain Services Infrastructure (EBSI)