Page tree
Skip to end of metadata
Go to start of metadata

EBSI Glossary

Understand EBSI's concepts and definitions.



A form of licencing that implies permission for an educational organisation to provide a specific programme.


The process of being assigned rights. It is part of access control and typically succeeds the authentication process.



An append-only, sequential, chained distributed ledger, composed of an ever-growing sequence of blocks of transactions.



A special form of a digital “credential" (as specified by the W3C) an entity (Natural Person or Legal Entity ) can assert as evidence of certain attributes/properties (or permits, attestation, authorisation, etc.) of another entity.


An electronic or paper-based representation of the different types of learning acquired by an individual.


The use of mathematical techniques to ensure security-related properties such as data confidentiality, data integrity and data authentication.


Decentralised Identifier (DID)

Decentralised Identifiers (DIDs) are the cornerstone of self-sovereign identity (SSI). DIDs are URL-based identifiers associated with an entity. These identifiers are most often used in a verifiable credential. They are associated with subjects such that a verifiable credential itself can be easily ported from one repository to another without the need to reissue the credential. A decentralised identifier document (DID document) is a document that contains information related to a specific decentralised identifier, such as the associated repository and public-key information.

DID Custodian

A DID custodian would be a party that allows a subject to register its DID (Decentralised IDentifier) at a custodian in order to retrieve its DID (and keys) in case of loss.


In this context, a Diploma is to be understood as a type of Credential (see definition of a "Verifiable Credential"). It contains educational information about a student signed by at least one educational institution.

Diploma Supplement

A type of credential. In this case, the document that accompanies each of the official University diplomas with unified information, personalized for each University or HEI graduate, on the studies undertaken, the results obtained, the professional skills acquired, and the level of their qualification in the national higher education system.

Distributed Ledger

A data structure replicated over multiple entities in a peer-to-peer network, whereby a consensus mechanism guarantees the consistency of the different copies of this data structure, without the need for a central authority.


Any electronic content in any digital format (pdf, XML, JSON-LD, jpg, doc, etc). For technical constraints, size limitations may be applied when such files are stored on the EBSI off-chain storage.


EBSI Ledger (DID Registry)

This registry contains metadata about Natural Persons and Legal Entities (i.e. DIDs, public keys).


Regulation no 910/2014 on electronic identification and trust services for electronic transactions in the internal market. Aims to build trust in the online environment is key to economic and social development and it is addressed by the ESSIF working group together with the legal team.


The application of cryptographic techniques to protect data confidentiality. Encryption is a subpart of cryptography.


Act of enrolling at a learning institution or in a class/course.

Enterprise (EBSI Compliant) Wallet

Service that allows the Legal Entities to interact with the rest of EBSI Services and to self-manage their own data.


Natural Persons and Legal Entities are collectively called Entities.

European Student Card

A type of credential. In this case, a common digital and graphic identity for all students in Europe to facilitate student mobility and (in the process) recognition of a type of credential. The use of the card enables a student enrolled in an adhering institution to assert his/her rights anywhere and from all providers who have defined a dedicated student service offer.


General Data Protection Regulation (GDPR)

The General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas.



The hash is the output of the hash function and is used as a unique fingerprint of electronic content.

Hashing / Hashing function

Hashing is a deterministic method of cryptography that converts any form of data into a unique string of text, called a hash. A given input (a document in our case) will always produce the same hash as long as the input does not change. A hash is designed to act as a one-way function: it is not possible to retrieve the original input data from the hash (thus protecting confidentiality when needed). Verifying that a hash was obtained from a specific document is a trivial and fast operation, which can be automated.


A holder will be defined as the entity that is the receiver of a verifiable credential (not necessarily owned by it) and that can use it.



Any unique Source: (e.g. UUID, DID, etc.) …  used to identify some Entity.


This term refers to a party that creates and issues Verifiable Credentials (e.g. Verifiable IDs or Verifiable Attestations) to Holders.



Ledgers are places where Issuers can write relevant information, and where relying parties can have access to verify certain elements.

Legal Entity

A party that qualifies as such according to the criteria (laws) of that jurisdiction needs to have a "legal presentation" vis-a-vis other parties and is (ultimately) responsible.



 A set of attributes related to the document (e.g. name, title, file type, category, language, issuer, date, etc).


Natural Person

A party (Citizen, Student, ...) that can have a "legal presentation" vis-a-vis other parties and are (ultimately) responsible. An individual human being, as opposed to a legal person, which may be a private or public organisation.



An owner will be defined as the legal owner of a Verifiable Credential or the one that registered a mandate/consent



This adjective is used to denote a distributed ledger network with an additional layer of access control.

Permissioned distributed ledger networks are not based on game theory, but on agreements between cooperating parties that know each other.

The permissioned aspect can be restricted to some elements of a distributed ledger, such as governance and the consensus mechanism. Hence, a permissioned distributed ledger may be public and partially open to everyone.


An adjective used for distributed ledger networks where everyone can assume any role without enrolment procedure. Therefore, these distributed ledger networks are based on game-theoretic incentives and assumptions to function properly.

Personal Data

Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which are collected together can lead to the identification of a particular person, also constitute personal data.

Personal data that has been de-identified, encrypted, or pseudonymized but can be used to re-identify a person remains personal data and falls within the scope of the GDPR.


The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Source: GDPR, article 4


Relying Parties

Relying Parties are Parties which through their actors/agents rely on any verifiable credential they will receive.


A notarization service on the blockchain is essentially a static registry storing immutable reference data that can be used at a later stage as proof of authenticity/integrity of digital artefacts. We refer to "registry" as the application/system that will offer the notarization services.


Self-Sovereign Identity (SSI)

Self-sovereign identity (SSI) is the next step beyond user-centric identity. Both concepts are based on the idea that a user must be central to the administration of his/her digital identity, which requires not only a user’s ability to use an identity across multiple locations but also to have true control over that digital identity, creating user autonomy. To accomplish this, a self-sovereign identity must be transportable; it can’t be locked into a single site or locale.

A self-sovereign identity must also allow users to make claims, which could include personal data or attributes, and can even contain information about the user that was asserted by others. In the creation of a self-sovereign identity, we must be careful to protect the individual, defend them against financial and other losses and support human rights, such as the right to be oneself and to freely associate.

It must be easy for public administration and other organizations to provide services that are legally binding and fully compliant with regulations.

Smart Contracts

In the DLT context, a smart contract (or chain code) is computer code published on a distributed ledger and executed by multiple nodes in the distributed ledger network. Due to the consensus mechanism of the ledger, no one should be able to unilaterally affect the correct execution of the smart contract code.

Storage (off/onchain)

Blockchain is optimized for transaction records so care must be taken when dealing with large data sets such as documents. EBSI provides limited off-chain storage capabilities in order to support the quick startup of Use Case requiring limited storage capacity (focusing on Key-Value storage and limited Size Meta Content storage). Applications will also be free to use other external data stores that are better adapted to their needs.

Anatomy of the component

The Storage API gives applications access to all the available off-chain storage platforms included within EBSI nodes. 

There are three types of off-chain storage planned for EBSI:

  • Distributed Storage (Limited Capacity): The data is replicated across all EBSI nodes in near real-time. Storage API is the unique component that can interact directly with Distributed Storage Repository. For EBSI V2.0 this is the only limited storage capability provided. The Storage infrastructure below is Cassandra that is a decentralized and distributed Data infrastructure, compliant with the EBSI platform foundation principle of using decentralized and distributed architecture.
  • Private Storage (Limited Capacity): This resides within one node for local or state activity and is not replicated to other nodes. This is not planned on EBSI V2.0.
  • External Storage: Which will enable external storage to be recognized as EBSI compliant storage, in the case of government cloud stores for example. This is not planned on EBSI V2.0. If a use case wants to use external Data Storage, they can use it directly at their Business layer, but not through this Storage API.

Support Office (SO)

Provides user support on the overall CEF EBSI service offering. It acts as the Single Point of Contact (SPOC) to address questions, incidents, requests and changes reported by the Users.



An entity that is not a direct partner of EBSI but that can use some of the functions, especially the ones related to the Verification of certain Credentials. Ex: Employer.

Transcript of Records

An official record of a student’s work that shows the courses students have taken and marks achieved.

Trusted Accreditation Organisation (TAO)

Organizations that can accredit another party to issue certain types of VCs.

Trusted Accreditation Organisation Registry (TAOR)

This term refers to a registry that contains information about organizations that can accredit another party to issue certain types of VCs.

Trusted Issuer 

A role that an entity, a person, or a thing might perform by creating a verifiable credential, associating it with a specific subject, and transmitting it to a holder. Example issuers include corporations, non-profit organizations, trade associations, governments, and individuals.

The trustworthiness of ESSIF will stand (or fall) with the trustworthiness of the verifiable credentials, mandates/consents, and/or claims. 

This trustworthiness will be determined by the trustworthiness of the respective issuers and their issued VCs (which can be low, substantial, or high).

Trusted Issuer Registry (TIR)

A registry that contains a list of Legal Entities ("Trusted Issuers") that are authorized to issue certain types of credentials. There may be more than one TIR within a specific education sector, depending on the governance requirements within the sector. In the case of formal and accredited education, in addition to the DIDs of registered Universities, the TIR lists specific Verifiable Credentials (e.g. Diplomas) the respective University is authorized to issue. The TIR is managed by the so-called "TIR Administration".

Trusted Metadata Schema

It is a standardized metadata schema, related to a specific domain and stored in the Trusted Schemas Registry (a core service of EBSI that provides a verifiable and compliant set of data schemas) 

Trusted Registry

This is an umbrella term that includes the EOSR, TAR, TIR, and TSR. In EBSI terms, a registry is a Smart Contract, depending on the specific registry, its purpose is to contain the list of:

  • organizations that are authorized to or can provide authorization to write to the (permission) EBSI Ledger
  • information about Issuers and their accreditations to issue VCs
  • information about organizations that can accredit another party to issue certain types of VCs
  • data schemes (templates) of data objects (e.g. VCs).

Trusted Schemes Registry (TSR)

This term refers to a registry that contains data schemes (templates) of data objects (e.g. VCs).


User (EBSI complaint) Wallet

Service that allows the Natural persons to interact with the rest of EBSI Services and to self-manage their own identity data including export/import and migration capabilities.


Verifiable Authorisation (VA)

A Verifiable Authorisation is a special form of "verifiable credential" that is resulting from the onboarding process, where the corresponding Entity creates an authentication response holding the Verifiable Authorisation meant to be sent to the Authorisation API, in order to exchange it to a short-term access token.

Verifiable Attestation

A verifiable attestation is a special form of a "verifiable credential" that an entity can put forward as evidence of certain attributes/properties or as evidence of a permit/attestation/authorization he/she/it has received.

Verifiable Consent and Mandates

A verifiable consent or mandate is a special form of a "verifiable credential" which allows the “holder” to present itself to a third party with a credential and a mandate (and claims regarding a corresponding subject).

Verifiable Credential

A verifiable credential is a tamper-evident credential that has authorship that can be cryptographically verified. Verifiable credentials can be used to build verifiable presentations, which can also be cryptographically verified. The claims in a credential can be about different subjects.

Verifiable means that the integrity (no alteration) of a Verifiable Credential, as well as the authorship of a Verifiable Credential, can easily be checked using a cryptographic-based standard procedure

Verifiable Diploma 

A Verifiable Attestation which indicates that the owner has certain skills or has achieved certain learning outcomes through formal or non-formal learning context.

Verifiable (Digital) ID

A verifiable ID is a special form of a "verifiable credential"  an entity can put forward as evidence of whom he/she/it is (comparable with a passport, physical IDcarddrivers-license, social security card, member card, etc.)

Verifiable Presentation

A verifiable presentation represents the data passed from an entity to a relying party (often also the verifier).


This term refers to a party who requests/verifies Verifiable Credentials (e.g. Verifiable IDs or Verifiable Attestations), such as to provide a service.


Wallet Conformance Testing (WCT)

The Wallet Conformance Testing service is intended for third-party application providers developing a digital wallet that want to ensure the interoperability and conformance of their wallet(s) with the specifications defined by the European Blockchain Services Infrastructure (EBSI)

  • No labels