Skip to content

Glossary

This glossary centralizes key terms used across the APTITUDE RFCs.

Roles

Term Definition References
(Wallet-) Relying Party Natural or legal person intending to rely on Wallet Units for digital interactions.
Access Certificate Authority Provider mandated by a Member State to issue wallet-relying party access certificates.
Attestation Provider Collective term for QEAA, PuB-EAA, or EAA providers.
Authorisation Server OAuth 2.0 / OpenID component responsible for authenticating the Holder and issuing tokens authorising access to protected endpoints.
Credential Issuer Entity that decides to issue Verifiable Credentials and operates, or is associated with, the issuance service.
Holder Natural person or legal representative controlling the Wallet and authorising credential issuance or presentation.
Holder (W2W) User presenting attributes from their Wallet Unit to another Wallet Unit.
PID Provider Entity issuing and revoking Person Identification Data (PID) and binding it to a Wallet Unit.
Relying Application User-facing application, service, or workflow in which credential verification is performed.
Verifier Entity requesting verifiable presentations, validating the response, and making an authorisation or business decision based on the outcome.
Verifier (W2W) User requesting attributes from another Wallet Unit.
Verifier Backend Server-side component that creates presentation requests, receives presentation responses, validates them, and returns the result to the relying application.
Wallet Provider Natural or legal person that provides Wallet Solutions.
Wallet User Person who controls a Wallet Unit.

Components

Term Definition References
EUDI Wallet European Digital Identity Wallet used in APTITUDE pilots.
Keystore Hardware-backed repository for generating, storing, and using non-critical cryptographic assets.
Qualified Trust Service Provider (QTSP) A qualified trust services provider authorised, among other things, to issue QEAA under eIDAS/eIDAS2.
Wallet Instance Application installed and configured on a User's device/environment to interact with the Wallet Unit.
Wallet Instance Attestation (WIA) Client attestation material presented by a Wallet Instance at the PAR and Token endpoints to authenticate the Wallet during issuance flows.
Wallet Secure Cryptographic Application (WSCA) Application managing critical assets using the functions of a WSCD.
Wallet Secure Cryptographic Device (WSCD) Tamper-resistant device providing the secure environment and crypto functions used by a WSCA.
Wallet Solution Combination of software, hardware, services, settings, and configurations, including Wallet Instances, WSCA(s), and WSCD(s).
Wallet Unit Unique configuration of a Wallet Solution provided to a Wallet User.
Wallet Unit Attestation (WUA) Data object describing Wallet Unit components or enabling their authentication/validation.

Credentials

Term Definition References
Administrative validity period Dates during which attributes in an attestation remain valid as represented inside it.
Attestation Collective term for QEAA, PuB-EAA, or non-qualified EAA.
Attestation Revocation List List-based mechanism for communicating revoked PIDs or attestations.
Attestation Rulebook Document describing attestation type, namespaces, and related features.
Attestation Status List Mechanism publishing status (valid/invalid) for relevant PIDs or attestations.
Attestation type Identifier for a type of attestation, unique within the EUDI Wallet ecosystem.
CBOR (Concise Binary Object Representation) The binary serialisation format used for mdoc transfers.
CDDL (Concise Data Definition Language) The language to define CBOR structures (e.g., tstr, uint, bstr, tdate).
EU-mVRC (European Union mobile Vehicle Registration Certificate) The mobile (digital) vehicle registration certificate as an attestation in the EUDI Wallet; a profile of mVC under ISO/IEC 7367‑2.
Electronic Attestation of Attributes (EAA) Electronic attestation that allows attributes to be authenticated.
HAIP (High Assurance Interoperability Profile) OpenID4VC profile aimed at higher assurance interoperability.
IACA The issuing authority/CA used in the mDL/mVRC trust infrastructure under ISO (may be shared with mDL or set up separately).
IANA JWT Claims (Internet Assigned Numbers Authority JSON Web Token Claims) IANA registry of standard JWT claim names.
MSO (Mobile Security Object) A security object carrying metadata and the issuer’s signature over data elements in mdoc/mDL/mVRC.
Namespace Specification of attribute identifiers, syntax, and semantics for an attestation.
OID4VCI (OpenID for Verifiable Credentials Issuance) OID4VCI is an open standard that defines a secure API for issuing Verifiable Credentials (VCs) to a user's digital wallet.
OID4VP (OpenID for Verifiable Presentation) OID4VP is a standard that defines how a user presents Verifiable Credentials from their wallet to a verifier.
Person Identification Data (PID) Data set that enables the establishment of a person's identity.
Proximity flow Short‑range presentation protocol (NFC/BLE/Wi‑Fi Aware) per ISO/IEC 18013‑5/‑7.
Pseudonym Data uniquely representing a User without revealing their attributes by itself.
Public Electronic Attestation of Attributes (PuB-EAA) An attestation issued by a public sector body responsible for an authentic source of data (outside the qualified trust service regime).
Qualified Electronic Attestation of Attributes (QEAA) EAA issued by a Qualified Trust Service Provider in line with Annex V.
Remote flow Remote presentation protocol (same‑device or cross‑device).
SD‑JWT VC (Selective Disclosure Java Web Token Verifiable Credential) A verifiable credential format based on Selective Disclosure JWT; one of the formats supported in EUDI for some attestations.
Selective Disclosure Capability for a User to present only a subset of attributes from a PID or attestation.
Technical validity period Metadata dates/times during which the attestation is valid; typically shorter than the administrative period.
Trust anchor The root of trust (certificates/chain) required to verify an attestation’s signature.
W3C VCDM v2.0 (W3C Verifiable Credentials Data Model v2.0) A family of specifications for VC data models.
Wallet-relying party access certificate Certificate authenticating and validating a (wallet-) relying party.
Wallet-relying party registration certificate Data object indicating the attributes a Relying Party has registered to request.
eCoC (electronic Certificate of Conformity) Manufacturer’s electronic certificate; selected entries are mapped into EU‑mVRC.
mDL (mobile Driving Licence) The mobile driving licence per ISO/IEC 18013‑5/-7; used alongside mVRC and mTR in the EUDI Wallet.
mTR (mobile Technical Report) A mobile roadworthiness/inspection report (companion to mVRC/mDL) per ISO/IEC 7367‑3.
mVC (mobile Vehicle Certificate The family of mobile vehicle certificates defined in ISO/IEC 7367‑2, on which the EU‑mVRC is profiled.
mdoc The generic model and protocols for mobile documents per ISO/IEC 23220‑4.

Protocols

Term Definition References
Credential Offer Data structure created by a Credential Issuer to initiate issuer-initiated issuance, containing grant information and credential configuration references.
DPoP Demonstrating Proof of Possession (RFC 9449). A mechanism that binds access tokens and refresh tokens to a client key pair, preventing token replay by third parties.
Device binding Association of a credential or session with a specific device, establishing that the credential can only be used from the bound device.
Key binding Cryptographic binding of a credential to a specific key pair held by the Wallet, ensuring only the key holder can present that credential.
Nonce A single-use, unpredictable value issued by a server to prevent replay attacks; Wallets must include it verbatim in proofs or responses.
PKCE Proof Key for Code Exchange (RFC 7636). An extension to the OAuth 2.0 authorization code flow that prevents authorization-code interception attacks using a code verifier and code challenge.
Presentation Request A request from a Verifier, conveyed in a Request Object, that specifies which credentials or attributes the Wallet must present, typically using a Presentation Definition (DIF PE).
Proof-of-possession Cryptographic proof demonstrating control of a private key, produced by signing a server-issued challenge; used to bind credentials and tokens to a Wallet key.
Request Object A JWT carrying OAuth 2.0 authorization request parameters as defined in RFC 9101, which may be passed by value or by reference (JAR); used in OID4VP to convey the Verifier's presentation request.