A

Authentication

The process in which one party convinces another party that it has the properties it claims to have. Part of access control, this process typically precedes authorisation.

Authorisation

The process of assigning rights or permissions to an entity. Part of access control, this process typically follows authentication.

B

Blockchain

A distributed, immutable ledger that maintains an ever-growing chronological sequence of blocks containing transaction data.

Bloom Filter

A bloom filter is a space-efficient data structure that provides approximate answers to queries about a large dataset. A Certificate Revocation List can implement a bloom filter for membership testing to verify whether the associated verifiable credential has been revoked.

C

Certificate Revocation List (CRL)

A type of credential status verifiable credential consisting of a simple list of revoked or suspended credentials.

Credential Status Secret

A type of verifiable credential that is shared with a verifiable credential holder and used to compute a Credential Status Token, a time-based password that can be used by verifiers to validate the status of the referenced verifiable credential.

Credential Status Token

A type of verifiable credential consisting of a time-based password derived from a Credential Status Secret. This password can be used by verifiers to validate the status of the referenced verifiable credential.

Credential Status Verifiable Credential

A type of verifiable credential that contains information pertaining to the status of the associated verifiable credential.

Cryptography

The use of mathematical techniques to ensure security-related properties such as data confidentiality, data integrity and data authentication.

D

Domain-specific Verifiable Credential

A ** Verifiable Credential (VC) that is issued by a Trusted Issuer (TI) for a particular ambit, which contains claims that are relevant to that context-specific domain (e.g. university diploma).

Decentralised Identifier (DID)

A URL-based identifier consisting of a string of letters and numbers that identifies a subject, such as a natural person or legal entity, without revealing any meaningful information about them. These identifiers are most often used with Verifiable Credentials and associated with subjects in such a way that the verifiable credential can be easily ported from one repository to another without the need to reissue the credential.

DID Document

A document that contains information related to a specific decentralised identifier, such as the associated repository and public-key information.

DID Registry

An EBSI core service that enables the registration, management and resolution of EBSI Decentralised Identifiers (DIDs) of the did:ebsi DID method. This registry contains metadata about Legal Entities (i.e. DIDs and public keys).

Digital Wallet

A type of online storage that lets you securely keep track of your digital assets and information, like digital certificates and digital identity information.

Diploma

In this context, a Diploma is to be understood as a type of Credential (see definition of a "Verifiable Credential"). It contains educational information about a student signed by at least one educational institution.

Distributed Ledger

A data structure replicated over multiple entities in a peer-to-peer network, whereby a consensus mechanism guarantees the consistency of the different copies of this data structure, without the need for a central authority.

Domain-specific Verifiable Credential

A Verifiable Credential issued by a Trusted Issuer for a specific purpose, containing claims relevant to that purpose or a particular domain (e.g., a university diploma).

Dynamic Status List

A variant of a Certificate Revocation List where the entries are periodically updated. The issuer will compute a time-dependent token, re-populate the list and publish it in the form of a credential status verifiable credential.

E

EBSI Conformant Wallet

A type of digital wallet that has successfully passed the EBSI Wallet Conformance Test, proving that the wallet meets EBSI standards for performance and functionality. Different wallets offer various functionalities, and the type of wallet can be chosen depending on the specific needs, such as storing, issuing or verifying Verifiable Credentials within the EBSI VC Framework.

EBSI Node

A virtual machine running Rocky Linux, configured using an operating system image provided by the EBSI DevOps team that includes the necessary information and software required for node deployment. There are two roles a node can fulfil:

1. Validator Node - Ensures network consensus, validates transactions and blocks, and takes turns generating the next block.

2. Regular Node - Participates in the network by replicating the blockchain, accepting blocks generated by Validator Nodes, and executing transactions within those blocks.

EBSI Node Operator

A stakeholder of the EBSI Network and their dedicated devices (i.e. servers) authorised by the EBP to participate and run the EBSI Network as operators of such devices.

eIDAS

Regulation no 910/2014 on electronic identification and trust services for electronic transactions in the internal market. Aims to build trust in the online environment is key to economic and social development and it is addressed by the ESSIF working group together with the legal team.

Encryption

The application of cryptographic techniques to protect data confidentiality. Encryption is a subset of cryptography.

Enrolment

Act of enrolling at a learning institution or in a class/course.

Entity

Either a Natural Person or a Legal Entity (such as a business or governmental unit) with the latter having an identity separate from its individual members. 

European Student Card

A type of credential. In this case, a common digital and graphic identity for all students in Europe to facilitate student mobility and (in the process) recognition of a type of credential. The use of the card enables a student enrolled in an adhering institution to assert his/her rights anywhere and from all providers who have defined a dedicated student service offer.

G

General Data Protection Regulation (GDPR)

The General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas.

H

Hash

The hash is the output of the hash function and is used as a unique fingerprint of electronic content.

Hashing / Hashing function

Hashing is a deterministic method of cryptography that converts any form of data into a unique string of text, called a hash. A given input (a document in our case) will always produce the same hash as long as the input does not change. A hash is designed to act as a one-way function: it is not possible to retrieve the original input data from the hash (thus protecting confidentiality when needed). Verifying that a hash was obtained from a specific document is a trivial and fast operation, which can be automated.

Holder

A role an entity performs by receiving a Verifiable Credential, regardless of ownership, and presenting or using it in various contexts to verify claims or attributes about itself or another entity.

I

Identifier

Any unique Source: (e.g. UUID, DID, etc.) …  used to identify some Entity.

Interoperability

A key factor in making a digital transformation possible. It allows administrative entities to electronically exchange meaningful information in ways that are understood by all parties. 

Issuer

This term refers to a party that creates and issues Verifiable Credentials (e.g. Verifiable IDs or Verifiable Attestations) to Holders.

L

Ledger

Ledgers are places where Issuers can write relevant information, and where relying parties can have access to verify certain elements.

Legal Entity

A party that qualifies as such according to the criteria (laws) of that jurisdiction needs to have a "legal presentation" vis-a-vis other parties and is (ultimately) responsible.

M

Metadata

 A set of attributes related to the document (e.g. name, title, file type, category, language, issuer, date, etc).

N

Natural Person

A party (Citizen, Student, ...) that can have a "legal presentation" vis-a-vis other parties and are (ultimately) responsible. An individual human being, as opposed to a legal person, which may be a private or public organisation.

P

Permissioned

This adjective is used to denote a distributed ledger network with an additional layer of access control.

Permissioned distributed ledger networks are not based on game theory, but on agreements between cooperating parties that know each other.

The permissioned aspect can be restricted to some elements of a distributed ledger, such as governance and the consensus mechanism. Hence, a permissioned distributed ledger may be public and partially open to everyone.

Permissionless

An adjective used for distributed ledger networks where everyone can assume any role without enrolment procedure. Therefore, these distributed ledger networks are based on game-theoretic incentives and assumptions to function properly.

Personal Data

Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which are collected together can lead to the identification of a particular person, also constitute personal data.

Personal data that has been de-identified, encrypted, or pseudonymized but can be used to re-identify a person remains personal data and falls within the scope of the GDPR.

Pseudonymization

The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Source: GDPR, article 4

R

Registry

A role a system might perform by mediating the creation and verification of identifiers, verification material, and other relevant data, such as verifiable credential schemas, revocation registries, and so on, which might be required to use verifiable credentials. 

Root Trusted Accreditation Organisation

A legal entity that serves as the root of the Issuers Trust Model. The root TAO can self-accredit or issue verifiable accreditations to other Trusted Accreditation Organisations. 

S

Self-Sovereign Identity (SSI)

A decentralised digital identity model where individuals have full control over their personal data, managing and sharing it without reliance on a central authority. (add EBSI takes inspiration on ssi concepts for trust frameworks, only for LE).

Short-lived Verifiable Credential

A type of verifiable credential with a short lifespan (e.g., hours or days), or a verifiable credential that can be re-issued on demand.

Smart Contracts

A computer program published on a distributed ledger that automatically executes agreements when predetermined conditions are met.  Due to the consensus mechanism of the ledger, no one should be able to unilaterally affect the correct execution of the smart contract code.

Status List

A type of credential status verifiable credential consisting of a bitstring or flat array used to associate each verifiable credential from a batch with an index. Each index contains a binary value where ‘zero’ indicates a valid status and ‘one’ indicates revocation or suspension of the referenced verifiable credential.

T

Transcript of Records

An official record of a student’s work that shows the courses students have taken and marks achieved.

Trusted Accreditation Organisation (TAO)

An organisation that can accredit another party to issue certain types of Verifiable Credentials.

Trusted Issuer 

A role that an entity, a person, or a thing might perform by creating a verifiable credential, associating it with a specific subject, and transmitting it to a holder. Example issuers include corporations, non-profit organisations, trade associations, governments, and individuals. 

The trustworthiness of ESSIF will stand (or fall) with the trustworthiness of the verifiable credentials, mandates/consents, and/or claims. 

This trustworthiness will be determined by the trustworthiness of the respective issuers and their issued VCs (which can be low, substantial, or high).

Trusted Issuers Registry (TIR)

A registry that contains a list of Legal Entities ("Trusted Issuers") that are authorized to issue certain types of credentials. There may be more than one TIR within a specific education sector, depending on the governance requirements within the sector. In the case of formal and accredited education, in addition to the DIDs of registered Universities, the TIR lists specific Verifiable Credentials (e.g. Diplomas) the respective University is authorized to issue. The TIR is managed by the so-called "TIR Administration".

Trusted Registry

An umbrella term for the Trusted Issuers Registry (TIR) and Trusted Schemas Registry (TSR). These permissioned registries are trust anchors containing information about who is authorised and trusted to issue Verifiable Credentials and the types of credentials they can issue. This ensures a secure and reliable source of information to support verification and maintain trust in EBSI's ecosystem.

Trusted Schemas Registry (TSR)

A domain-specific registry service that contains data schemas (templates) of data objects (e.g., Verifiable Credentials).

U

-

V

Verifiable Accreditation to Accredit

A Verifiable Credential issued by a Root Trusted Accreditation Organisation (RTAO) to grant the Trusted Accreditation Organisation (TAO) the authority to accredit other entities to govern or issue domain-specific Verifiable Credentials. It serves as a foundational building block for the governance of the Trust Chain.

Verifiable Accreditation to Attest

A Verifiable Credential issued by a Trusted Accreditation Organisation (TAO) to grant the Trusted Issuer (TI) the authority to issue domain-specific Verifiable Credentials.

Verifiable Attestation

A type of verifiable credential containing claims about certain attributes of an entity for uses other than identification or authentication.

Verifiable Authorisation to Onboard

A special type of Verifiable Credential used in the onboarding process of a Root TAO. A Root TAO requests and presents this credential to EBSI's Authorisation API in exchange for a short-lived access token.

Verifiable Credential

A digital document format based on the W3C Verifiable Credentials standard. EBSI's Verifiable Credentials profile uses this W3C standard to ensure interoperability and wide adoption. They can represent information found in physical credentials, such as a passport or license, as well as intangible concepts, such ownership of a bank account. They have numerous advantages over physical credentials, most notably being digitally signed, which makes them tamper-resistant and instantantly verifiable.

Verifiable Diploma 

A Verifiable Credential issued by an educational establishment as proof that someone has successfully completed a course of study.

Verifiable Presentation

A tamper-evident presentation that expresses data from one or more Verifiable Credentials and is packaged in such a way that the authorship of the data is verifiable. When Verifiable Credentials are presented directly, they become verifiable presentations. Data formats derived from Verifiable Credentials that are cryptographically verifiable, but do not contain Verifiable Credentials, may also be considered verifiable presentations.

Verifier

A role an entity performs by receiving one or more Verifiable Credentials, optionally inside a verifiable presentation, for verification. For example, an employer verifies the authenticity of a verifiable diploma shared by a student (holder).

W

Wallet Conformance Testing (WCT)

A service intended for third-party wallet application providers to self-assess their digital wallet's compatibility with EBSI's standards and core services APIs. The WCT ensures the interoperability and conformance of wallet applications with EBSI's specifications.