ArticlePDF Available

Benchmark of Decentralised Identifier and Identity Terms for Harmonising Blockchain and Distributed Ledger Technology and Identification Standards

Authors:
  • Music won't stop

Abstract

Various decentralised identifier and identity terms have been defined in several blockchain and distributed ledger technology (DLT) and identification standards, leading to non-harmonised definitions. Harmonising decentralised identifier and identity terms allows wider adoption of definitions and avoid inconsistencies. The harmonisation consists in two steps, firstly by benchmarking terms and definitions in published standards and reference documents and secondly by aligning and linking the definitions in terminology or vocabulary sections of standards under development. This article is a proposal for the first step and provides a benchmark of definitions for a set of 36 relevant decentralised identifier and identity terms that are generic to a selection of 16 relevant blockchain and DLT and identification standards (e.g. ISO, ITU-T, W3C) and reference documents (e.g. EBSI, eSSIF-Lab). This proposal is intended to serve as a basis for standards under development in the second step. In particular, standardisation experts are invited to read, compare and even improve the definitions in standards.
Benchmark of Decentralised Identifier and Identity
Terms for Harmonising Blockchain and Distributed
Ledger Technology and Identification Standards
Jerome R. D. Pons,
Music won’t stop,
Paris, France,
jerome.pons@musicwontstop.com
Abstract Various decentralised identifier and identity terms have been
defined in several blockchain and distributed ledger technology (DLT)
and identification standards, leading to non-harmonised definitions.
Harmonising decentralised identifier and identity terms allows wider
adoption of definitions and avoid inconsistencies. The harmonisation
consists in two steps, firstly by benchmarking terms and definitions in
published standards and reference documents and secondly by aligning
and linking the definitions in terminology or vocabulary sections of
standards under development. This article is a proposal for the first step
and provides a benchmark of definitions for a set of 36 relevant
decentralised identifier and identity terms that are generic to a selection
of 16 relevant blockchain and DLT and identification standards (e.g. ISO,
ITU-T, W3C) and reference documents (e.g. EBSI, eSSIF-Lab). This
proposal is intended to serve as a basis for standards under development
in the second step. In particular, standardisation experts are invited to
read, compare and even improve the definitions in standards.
Keywords - Blockchain, Decentralised Identifier, Decentralised Identity,
Distributed Ledger Technology, Identification, Identity Management, Self-
Sovereign Identity
Copyright and related rights Jerome R. D. Pons - This article is
distributed under the terms of the Creative Commons Attribution Non-
Commercial – No Derivated works License (CC BY-NC-ND).
I. INTRODUCTION
Various decentralised identifier and identity terms
have been defined (e.g. claim, identification, identifier,
identity holder, identity management, self-sovereign
identity) in several blockchain and distributed ledger
technology (DLT) and identification standards.
In a previous article, it was proposed that
identification and identifier (not identity) management
concepts are gathered into the “Rights and Identifier
Management / Identification” cross-sector application
domain of blockchain and DLT. This distinction between
application domains, use case purposes and economic
activity sections was “intended to serve as a basis when
specifying blockchain use cases taxonomy” [1] (Table I).
TABLE I. CROSS-SECTOR APPLICATION DOMAINS
Cross-sector Applications Domain
Creative and Productive Collaboration
Intellectual Property Protection / Certification
Disinterme-diation in Distribution / Actions Traceability
Rights and Identifier Management / Identification
Contract Management / Automation
Electronic Payment / Cryptocurrency and Asset Exchange
Source : DiCoDaMo.org
Then, these cross-sector application domains
were proposed, discussed and integrated (with some
modifications) in section 5.4.2 of ISO/TS 23258:2021
“Blockchain and DLT - Taxonomy and Ontology” [2] and
section 5.8 of ISO/TR 3242:2022 “Blockchain and DLT -
Use Cases” [3] standards.
Harmonising terms and abstractions within the
same standardisation body and technical committee (i.e.
ISO/TC 307) is key for the consistency of the resulting
standards. This statement also applies between different
standardisation bodies (e.g. ISO, ITU-T) and
standardisation experts are scouting parallel works to
guarantee this consistency.
However the standardisation of decentralised
identifier and identity terms has led to non-harmonised
definitions. In particular, similar terms refer to the same
concept (e.g. attestation and certificate, custodian and
guardian, principal and subject), the acronym ID is
interchangeably used for “identifier” or “identity” and
many standards refer to “decentralized identity” within
their title whereas they do not define this term within
their terminology or vocabulary sections.
This article introduces a selection of relevant
blockchain and DLT and identification standards and
reference documents (cf. section II), then proposes
hamonisation that consists in 2 steps (cf. section III),
provides a benchmark of decentralised identifier and
identity terms (cf. section IV) and concludes with some
recommendations for implementing the second step (cf.
section V).
II. BLOCKCHAIN AND DLT AND
IDENTIFICATION STANDARDS
The International Standard Organisation (ISO)
initiated the technical committee TC 307 in April 2016
for standardising blockchain and DLT through several
working groups such as WG1 (vocabulary, reference
architecture, taxonomy and ontology), JWG4 (security,
identity, privacy) and WG6 (use cases) [4].
ISO published successively ISO 22739:2020
“Blockchain and DLT Vocabulary” [5], ISO/TS
23258:2021 “Blockchain and DLT Taxonomy and
Ontology”, ISO 23257:2022 “Blockchain and DLT
Reference architecture” [6], ISO/TR 23249:2022
“Blockchain and DLT Overview of existing DLT
systems for identity management” [7], ISO/TR 3242:2022
“Blockchain and DLT - Use Cases” and is still
developing some standards.
December 4th 2022 1
In parallel, the International Telecommunication
Union - Telecommunication (ITU-T) established the
focus group on application of distributed ledger technology
(FG DLT) in May 2017 through several working groups
such as WG1 (terms, definitions, concepts) and WG2
(applications and services). ITU-T published ITU-T
X.1403 “Security guidelines for using distributed ledger
technology for decentralized identity management” in 2020
[8] and ITU-T X.1252 “Baseline identity management
terms and definitions” in 2021 [9].
Other organisations also published some
blockchain and DLT and identification standards and
reference documents. In particular the GSM Association
(GSMA) published an “Identity Glossary” [10] and the
World Wide Web Consortium (W3C) published
successively W3C VC “Verifiable Credentials Data Model
1.1 - Expressing verifiable information on the Web” [11]
and W3C DID “Decentralized Identifiers (DIDs) V1.0 -
Core architecture, data model, and representations” [12]
standards in 2022.
Current benchmark is taking into consideration a
selection of 16 relevant blockchain and DLT and
identification standards and reference documents, whose
glossary, terminology or vocabulary sections are publicly
accessible:
- ISO 22739:2020 “Blockchain and DLT — Vocabulary”;
- ISO/TR 23249:2022 “Blockchain and DLT – Overview of
existing DLT systems for identity management”;
- “EBSI Glossary” [13];
- “eSSIF-Lab Glossary” [14];
- “Blockchain et identification numérique (BCID)” by
French Ministry of Interior [15];
- “Your Identity is Yours” by Universities of Aston and
Cardiff [16];
- “Decentralized Identifiers (DIDs) (W3C DID)”;
- “Verifiable Credentials (W3C VC)”;
- “A Taxonomic Approach to Understanding Emerging
Blockchain Identity Management Systems” by NIST [17];
- “Sovrin Glossary” [18];
- ISO/IEC 24760-1:2019 “IT Security and Privacy A
framework for identity management Part 1:
Terminology and concepts” [19];
- ISO/IEC 24760-2:2015(en) “Information technology —
Security techniques — A framework for identity
management — Part 2: Reference architecture and
requirements” [20]
- ITU-T X.1252 “Baseline identity management terms and
definitions”;
- ITU-T X.1403 “Security guidelines for using distributed
ledger technology for decentralized identity management”;
- INATBA Glossary “Decentralised Identity: What’s at
Stake?” [21];
- GSMA Glossary “Identity Glossary”.
Note that UNE 71307-1:2020 “Digital Enabling
Technologies. Decentralised Identity Management Model
based on Blockchain and other DLT. Part 1: Reference
Framework” [22] standard was not selected in the current
benchmark as the terminology section is not publicly
accessible.
III. NECESSARY HARMONISATION OF TERMS
Harmonising decentralised identifier and identity
terms allows wider adoption of definitions and avoid
inconsistencies.
Harmonisation consists in two steps:
- Benchmarking terms and definitions in published
standards and reference documents;
- Aligning and linking the definitions in terminology or
vocabulary sections of standards under development.
Current benchmark is a proposal for the first step
(cf. section IV) and provides some recommendations for
implementing the second step (cf. section V).
IV. BENCHMARK OF DECENTRALISED
IDENTIFIER AND IDENTITY TERMS
This section proposes a list of decentralised
identifier and identity terms extracted from the selection
of relevant blockchain and DLT and identification
standards and reference documents. It also provides a
status for each term: generic or specific (Table II).
TABLE II. BENCHMARK OF DECENTRALISED IDENTIFIER AND
IDENTITY TERMS
Term Sources (part of Glossary, Terminology or
Vocabulary)
Status
Assertion eSSIF-Lab Glossary, GSMA Glossary,
ISO/IEC 24760-1:2019 (Identity Assertion),
ITU-T X.1252
Generic
(1)
Attestation EBSI Glossary (Attestation, Verifiable
Attestation), GSMA Glossary (Certificate),
INATBA Glossary, ITU-T X.1252 (Certificate)
Generic
(2)
Attribute eSSIF-Lab Glossary, GSMA Glossary,
INATBA Glossary, ISO/IEC 24760-1:2019,
ITU-T X.1252
Generic
(3)
Claim GSMA Glossary (Identity Claim (ID claim)),
INATBA Glossary, ITU-T X.1252 (Claim,
Verifiable Claim), ITU-T X.1403, NIST, Univ.
Aston / Cardiff, W3C VC
Generic
(4)
Claimant ITU-T X.1252 Specific
Consent EBSI Glossary (Consent, Verifiable Consents
and Mandates), Univ. Aston / Cardiff
Generic
(5)
Credential EBSI Glossary, eSSIF-Lab Glossary, GSMA
Glossary (Credentials), INATBA Glossary,
ISO/IEC 24760-1:2019, ITU-T X.1252, ITU-T
X.1403, NIST, Univ. Aston / Cardiff, W3C VC
Generic
(6)
Custodian EBSI Glossary (DID Custodian), eSSIF-Lab
Glossary (Dependent, Guardian), NIST
Generic
(7)
Decentralized
Identifier (DID)
INATBA Glossary (DID (decentralised
identifier)), ITU-T X.1252, ITU-T X.1403,
Univ. Aston / Cardiff, W3C DID, W3C VC
Generic
(8)
Decentralized
Identifier
Controller (DID
Controller)
W3C DID Specific
Decentralized
Identifier
Delegate (DID
Delegate)
W3C DID Specific
Decentralized
Identifier
Document (DID
Document)
INATBA Glossary (DID Document), ITU-T
X.1403 (DID Document), Univ. Aston /
Cardiff, W3C DID (DID Document), W3C VC
Generic
(9)
Decentralized
Identifier
Document
Fragment (DID
W3C DID Specific
December 4th 2022 2
Fragment)
Decentralized
Identifier
Document
Method (DID
Method)
W3C DID Specific
Decentralized
Identifier
Document Object
Descriptor (DID
Object
Descriptor)
ITU-T X.1252 Specific
Decentralized
Identifier
Document Path
(DID Path)
W3C DID Specific
Decentralized
Identifier
Document Query
(DID Query)
W3C DID Specific
Decentralized
Identifier
Document
Resolution (DID
Resolution)
W3C DID Specific
Decentralized
Identifier
Document
Resolver (DID
Resolver)
W3C DID Isolated
Decentralized
Identifier
Document
Scheme (DID
Scheme)
W3C DID Specific
Entity EBSI Glossary, eSSIF-Lab Glossary, INATBA
Glossary, ISO/IEC 24760-1:2019, ITU-T
X.1252, ITU-T X.1403, NIST, W3C VC
Generic
(10)
Federated Identity GSMA Glossary, ISO/IEC 24760-1:2019 Generic
(11)
Identification eSSIF-Lab Glossary (Identify), GSMA
Glossary (Biometric identification), ISO/IEC
24760-1:2019, ITU-T X.1252
Generic
(12)
Identifier (ID) eSSIF-Lab Glossary, GSMA Glossary,
INATBA Glossary, ISO/IEC 24760-1:2019,
ITU-T X.1252, NIST
Generic
(13)
Identity (Id) EBSI Glossary ((Digital) Identity), eSSIF-Lab
Glossary (Identity, Partial identity), GSMA
Glossary, INATBA Glossary (Digital Identity,
Identity), ISO/IEC 24760-1:2019 (Identity,
Partial Identity), ITU-T X.1252 (Digital
Identity, Identity, Self-Asserted Identity)
Generic
(14)
Identity Agent eSSIF-Lab Glossary (Agent, Digital Agent, SSI
Agent), ITU-T X.1252 (Agent)
Generic
(15)
Identity
Federation
GSMA Glossary, ISO/IEC 24760-1:2019, ITU-
T X.1252 (Federation), ITU-T X.1403
(Federation)
Generic
(16)
Identity Holder EBSI Glossary (Holder), eSSIF-Lab Glossary
(Holder), INATBA Glossary, ITU-T X.1252
(Holder, Prover), NIST (Holder), Univ. Aston /
Cardiff (Holder), W3C VC (Holder)
Generic
(17)
Identity
Information
ISO/IEC 24760-1:2019 Generic
(18)
Identity Issuer EBSI Glossary (Issuer, Trusted Issuer), eSSIF-
Lab Glossary (Issuer), ISO/IEC 24760-1:2019
(Credential Issuer), ITU-T X.1252 (Issuer),
NIST (Issuer), Univ. Aston / Cardiff (Issuer),
W3C VC (Issuer)
Generic
(19)
Identity
Management
(IdM)
GSMA Glossary (Identity Management
(IDM)), ISO/IEC 24760-1:2019 (Identity
Management, IDM), ITU-T X.1252, W3C DID
(Decentralized Identity Management)
Generic
(20)
Identity
Management
ISO/IEC 24760-1:2019, ISO/IEC 24760-
2:2015, Univ. Aston / Cardiff (Identity
Generic
(21)
System (IdMS) Management (IDM) System)
Identity Mapping GSMA Glossary Specific
Identity Owner EBSI Glossary (Owner), eSSIF-Lab Glossary
(Owner), ITU-T X.1252, NIST (System
Owner)
Generic
(22)
Identity Pattern ITU-T X.1252 Specific
Identity Proof ISO/IEC 24760-1:2019 (Identity Evidence),
ITU-T X.1252 (Proof)
Generic
(23)
Identity Proofing ISO/IEC 24760-1:2019, ITU-T X.1252 Generic
(24)
Identity Provider
(IdP)
GSMA Glossary, ISO/IEC 24760-1:2019
(Identity Information Provider, Identity
Provider, IIP), ISO/IEC 24760-1:2019
(Credential Service Provider, CSP), ITU-T
X.1252 (Identity Provider (IdP), Identity
Service Provider (IdSP)), ITU-T X.1403
(Identity Service Provider (IdSP)), W3C VC
Generic
(25)
Identity Relying
Party (RP)
EBSI Glossary (Relying Parties), ISO/IEC
24760-1:2019 (Relying Party, RP), ITU-T
X.1252 (Relying Party (RP)), NIST (Relying
Party)
Generic
(26)
Identity Requester ITU-T X.1252 (Requesting Entity (RE)), NIST
(Requester)
Generic
(27)
Identity Token GSMA Glossary Specific
Identity Verifier EBSI Glossary (Verifier), eSSIF-Lab Glossary,
ISO/IEC 24760-1:2019 (Verifier), ITU-T
X.1252 (Verifier), NIST (Verifier), Univ.
Aston / Cardiff (Verifier), W3C VC
Generic
(28)
Identity Wallet EBSI Glossary (Enterprise (EBSI compliant)
Wallet, User (EBSI compliant) Wallet, Web
Wallet Client), eSSIF-Lab Glossary (Wallet),
ITU-T X.1252 (Wallet (Identity Wallet)), ITU-
T X.1403 (Wallet (Identity Wallet)), Univ.
Aston / Cardiff
Generic
(29)
Mandate EBSI Glossary (Consent/Mandate) Generic
(29)
Presentation EBSI Glossary (Verifiable Presentation),
eSSIF-Lab Glossary, NIST, W3C VC
Generic
(30)
Presentation
Request
eSSIF-Lab Glossary Specific
Self-Sovereign
Identity (SSI)
EBSI Glossary, eSSIF-Lab Glossary, INATBA
Glossary, Univ. Aston / Cardiff
Generic
(31)
Self-Sovereignty eSSIF-Lab Glossary Generic
(32)
Subject eSSIF-Lab Glossary (Principal, Subject),
INATBA Glossary, ISO/IEC 24760-1:2019
(Principal, Subject), ISO/IEC 24760-2:2015
(Principal, Subjet), ITU-T X.1252 (Principal),
ITU-T X.1403 (DID Subject), NIST, W3C DID
(DID Subject), W3C VC
Generic
(33)
Verifiable
Credential (VC)
EBSI Glossary (Verifiable Credential,
Verifiable (Digital) ID), W3C DID
Generic
(34)
Verification eSSIF-Lab Glossary (Verify), ISO/IEC 24760-
1:2019, ITU-T X.1252 (Identity Verification,
Verification), W3C VC
Generic
(35)
Verification
Method
W3C DID Specific
Zero-Knowledge
Proof (ZKP)
ITU-T X.1252 (Zero Knowledge Proof (ZKP)),
ITU-T X.1403 (Zero Knowledge Proof (ZKP)),
Univ. Aston / Cardiff
Generic
(36)
Source : DiCoDaMo.org
Next sections provide a benchmark of definitions
for a set of 36 relevant decentralised identifier and
identity terms that are generic to the selection of relevant
blockchain and DLT and identification standards (e.g.
ISO, W3C, ITU-T) and reference documents (e.g. EBSI,
eSSIF-Lab, INATBA). The generic or specific status of
terms is based on the number of references in standards
but not only, especially for some terms that are not yet
covered by standards (e.g. self-sovereignty).
December 4th 2022 3
1. Assertion
Source Assertion
BCID Assertion
Enoncé ou déclaration portant sur un attribut d’identité qualifié
juridiquement de « donnée personnelle », pouvant se présenter
sous la forme d’un document authentique, considéré comme «
vrai ». L’assertion accompagnée d’une (ou de plusieurs)
preuve(s) permettant sa vérification est dite « vérifiable ». La
validité d’une assertion peut être vérifiée sur une blockchain.
[DeepL] Assertion
A statement or declaration concerning an identity attribute
legally qualified as "personal data", which may be in the form
of an authentic document, considered to be "true". The assertion
accompanied by one (or more) proof(s) allowing its verification
is said to be "verifiable". The validity of an assertion can be
verified on a blockchain.
eSSIF-Lab
Glossary
Assertion
a declaration/statement, made by a specific party, that
something is the case.
GSMA
Glossary
Assertion
A statement by an actor towards a concerned party concerning
the Identity of another actor. Usually this statement is made by
an Identity Provider (IdP) towards a Service Provider
regarding the validity of an ID Claim made by a User.
ISO/IEC
24760-1:2019
3.3.8 identity assertion
statement by an identity information authority (3.3.3) used by a
relying party (3.3.7) for authentication (3.3.1)
Note 1 to entry: An identity assertion can be the cryptographic
proof of a successful authentication, created with algorithms
and keys agreed between parties, e.g. in an identity federation.
ITU-T
X.1252
6.7 assertion: A statement made by an entity without
accompanying evidence of its validity.
NOTE – The terms assertion and claim [noun] are agreed to be
very similar.
2. Attestation
Source Attestation
BCID Attestation
Justificatif « fait pour valoir ce que de droit », délivré par un
organisme habilité authentifiant des informations et ayant
valeur de preuve. La vérification de cette preuve peut être
effectuée en s’appuyant sur la blockchain.
[DeepL] Certificate
A certificate "made to be valid", issued by an authorised body
authenticating information and having evidential value. The
verification of this proof can be carried out using the
blockchain.
EBSI
Glossary
Verifiable Attestation
A verifiable attestation is a special form of a "verifiable
credential" that an entity can put forward as evidence of certain
attributes/properties or as evidence of a
permit/attestation/authorization he/she/it has received.
GSMA
Glossary
Certificate
A data structure that can be validated and that contains one or
more identifiers and various contexts. It is an apparition of a
credential.
INATBA
Glossary
Attestation
An attestation is the confirmation of a claim through evidence
or verification
ITU-T
X.1252
6.18 certificate: A set of security-relevant data issued by a
security authority or a trusted third party, that, together with
security information, is used to provide the integrity and data
origin authentication services for the data.
NOTE – Based on a definition of "security certificate" in [b-
ITU-T X.810].
3. Attribute
Source Attribute
BCID Attributs d’identité
Elément caractéristique d’une personne, qualifié juridiquement
de « donnée personnelle » ou de « donnée à caractère personnel
», susceptible d’être utilisé pour authentifier cette personne (au
sens, soit de confirmer son identité, soit de la faire reconnaitre
comme détentrice d’un droit). Sont par exemple considérés
comme attributs d’identité le nom de naissance, la couleur des
yeux, l’âge, l’adresse de résidence ou l’obtention d’un diplôme.
Certains attributs comme la date et le lieu de naissance sont
invariants, tandis que d’autres tels que la taille ou l’adresse de
résidence varient au cours du temps. Dans le cadre de la
protection de la privacy (protection de la vie privée et des
données personnelles), l’utilisation d’attributs d’identité est
particulièrement encadrée. Les attributs d’identité sont
conservés par l’utilisateur et ne sont jamais enregistrés en clair
sur la blockchain.
[DeepL] Identity attributes
A characteristic element of a person, legally qualified as
"personal data" or "personal data", which can be used to
authenticate that person (in the sense of either confirming his or
her identity or having him or her recognised as the holder of a
right). Examples of identity attributes are birth name, eye
colour, age, home address or graduation. Some attributes, such
as date and place of birth, are invariant, while some attributes,
such as date and place of birth, are invariant, while others, such
as height or residential address, vary over time. In the context of
privacy protection (protection of privacy and personal data), the
use of identity attributes is particularly regulated. Identity
attributes are retained by the user and are never stored in clear
text on the blockchain.
eSSIF-Lab
Glossary
Attribute
Data, that represents a characteristic that a party (the owner of
the attribute) has attributed to an entity.
GSMA
Glossary
Attribute
A description of a characteristic of an identity. Examples
include: hair colour, age, presence status, location. Note that an
attribute may be uniquely identifying the identity in which case
it is an identifier.
Also see: Identifier, Identity.
INATBA
Glossary
Attribute
An identity trait, property, or quality of an entity
ISO/IEC
24760-1:2019
3.1.3 attribute
characteristic or property of an entity (3.1.1)
EXAMPLE:
An entity type, address information, telephone number, a
privilege, a MAC address, a domain name are possible
attributes.
ITU-T
X.1252
6.10 attribute: Information bound to an entity that specifies a
characteristic of the entity.
Sovrin
Glossary
Attribute
An Identity trait, property, or quality of an Entity. A small set of
Attributes of a Sovrin Entity, including its Public Key(s) and
Service Endpoint(s), may be recorded on the Sovrin Ledger
(specifically the Sovrin Domain Ledger). A private Attribute of a
Sovrin Entity may be asserted by a Claim in a Credential.
December 4th 2022 4
4. Claim
Source Claim
Univ. Aston /
Cardiff
A claim is an assertion made relating to any entity.
GSMA
Glossary
Identity Claim (ID claim)
A claim made by an actor stating its identity. Without
validation, no assumptions can be made regarding the actor’s
identity. An Identity Claim is usually made by a User towards a
Service Provider.
INATBA
Glossary
Claim
A statement or assertion that one DID subject, such as a person
or organisation, makes about itself or another DID subject. The
claim will relate to one or more attributes about a DID Subject
ITU-T
X.1252
6.19 claim: [noun] Digital assertion about identity attributes
made by an entity about itself or another entity. [...]
NOTE – The terms assertion and claim [noun] are agreed to be
very similar.
6.95 verifiable claim: A claim that includes a proof from the
issuer. Typically this proof is in the form of a digital signature.
A verifiable claim may be verified by a public key associated
with the issuer's decentralized identifier.
NOTE – Based on [b-W3C-VC].
NIST Claim: A characteristic or statement about a subject made by
an issuer as part of a credential.
Sovrin
Glossary
Claim
An assertion about an Attribute of a Subject. Examples of a
Claim include date of birth, height, government ID number, or
postal address—all of which are possible Attributes of an
Individual. A Credential is comprised of a set of Claims. (Note:
In the first version of the Sovrin Trust Framework, this term was
used the same way it was used in the early W3C Verifiable
Claims Working Group specifications—as a synonym for what is
now a Credential. That usage is now deprecated.)
W3C VC Claim
An assertion made about a subject.
5. Consent
Source Consent
Univ. Aston /
Cardiff
In an SSI system, a holder (normally an identity owner), holds
the identity and its associated personal data and has full control
over it, therefore, any exchange or collection of personal data is
only possible on a lawful basis when the identity owner provides
their consent. When a holder has been delegated, the authority
to manage the personal data of someone else (i.e., an entity/data
subject other than the holder), then the authorised holder has
the necessary legal rights to consent to any exchange or
collection of personal data on behalf of an entity/data subject to
ensure their interests and confidentiality are protected.
EBSI
Glossary
Consent
The third-party permission to do something, especially given by
someone in authority.
Consent / Mandate
A special form of a digital “credential" (as specified by the
W3C) an entity (Natural Person or Legal Entity ) can assert as
evidence of certain attributes/properties (or permits, attestation,
authorisation, etc.) of another entity.
Verifiable Consents and Mandates
A verifiable consent or mandate is a special form of a
"verifiable credential" which allows the “holder” to present
itself to a third party with a credential and a mandate (and
claims regarding a corresponding subject).
6. Credential
Source Credential
Univ. Aston /
Cardiff
A credential is a group of claims used by any entity to prove
their identity.
EBSI
Glossary
Credential
An electronic or paper-based representation of the different
types of learning acquired by an individual.
eSSIF-Lab
Glossary
Credential
data, representing a set of assertions (claims, statements),
authored and signed by, or on behalf of, a specific party.
GSMA
Glossary
Credentials
Actor-specific information that is transferred stored and
processed in order to authenticate an actor or authorize a
transaction. Credentials may be of three different types:
– “Something you know” (e.g. a password)
– “Something you have” (e.g. a bank card,)
– “Something you are” (e.g. an iris reading, a MAC address)
INATBA
Glossary
Credential
A set of one or more claims about a subject
ISO/IEC
24760-1:2019
3.3.5 credential
representation of an identity (3.1.2) for use in authentication
(3.3.1)
Note 1 to entry: As described in 5.4, customary embodiments of
a credential are very diverse. To accommodate this wide range,
the definition adopted in this document is very generic.
Note 2 to entry: A credential is typically made to facilitate data
authentication of the identity information pertaining to the
identity it represents. Data authentication is typically used in
authorization.
Note 3 to entry: The identity information represented by a
credential can, for example, be printed on human-readable
media, or stored within a physical token. Typically, such
information can be presented in a manner designed to reinforce
its perceived validity.
Note 4 to entry: A credential can be a username, username with
a password, a PIN, a smartcard, a token, a fingerprint, a
passport, etc.
ITU-T
X.1252
6.24 credential: A set of data presented as evidence of a
claimed identity and/or entitlements.
NOTE – [b-ISO/IEC 29115] is a similar text to [b-ITU-T
X.1254] and contains the same definition of credential that was
developed by the groups involved.
ITU-T
X.1403
3.1.2 credential [ITU-T X.1252]: A set of data presented as
evidence of a claimed identity and/or entitlements.
NIST Credential: A set of one or more claims made by an issuer. A
credential is associated with an identifier.
Sovrin
Glossary
Credential
A digital assertion containing a set of Claims made by an Entity
about itself or another Entity. Credentials are a subset of
Identity Data. A Credential is based on a Credential Definition.
The Entity described by the Claims is called the Subject of the
Credential. The Entity creating the Credential is called the
Issuer. The Entity holding the issued Credential is called the
Holder. If the Credential supports Zero Knowledge Proofs, the
Holder is also called the Prover. The Entity to whom a
Credential is presented is generally called the Relying Party,
and specifically called the Verifier if the Credential is a
Verifiable Credential. Once issued, a Credential is typically
stored by an Agent. [...] Examples of Credentials include
college transcripts, driver licenses, health insurance cards, and
building permits.
Self-Issued Credential
A Credential whose Holder is the Issuer of the Credential.
W3C VC Credential
A set of one or more claims made by an issuer. [...] The claims
in a credential can be about different subjects.
December 4th 2022 5
7. Custodian
Source Custodian
EBSI
Glossary
A DID custodian would be a party that allows a subject to
register its DID (Decentralised IDentifier) at a custodian in
order to retrieve its DID (and keys) in case of loss.
eSSIF-Lab
Glossary
Dependent
an entity for the caring for and/or
protecting/guarding/defending of which a guardianship
arrangement has been established.
Guardian
a party that has been assigned rights and duties in a
Guardianship Arrangement for the purpose of caring for and/or
protecting/guarding/defending the entity that is the dependent in
that Guardianship Arrangement.
NIST Custodian: An entity acting on behalf of another entity with
respect to their identifiers and/or credentials.
Sovrin
Glossary
Guardian
An Identity Owner who administers Identity Data, Wallets,
and/or Agents on behalf of a Dependent. A Guardian is
different than a Delegate—in Delegation, the Identity Owner
still retains control of one or more Wallets. With Guardianship,
an Identity Owner is wholly dependent on the Guardian to
manage the Identity Owner’s Wallet. [...]
8. Decentralized Identifier (DID)
Note that United States English form (i.e.
decentralized) is preferred to Great Britain English one (i.e.
decentralised) in ITU-T and W3C standards.
Source Decentralized Identifier (DID)
Univ. Aston /
Cardiff
The DID is a permanent, universally unique identifier and
cannot be taken away from its owner who owns the associated
private key, which is completely different from other ephemeral
identifiers such as a mobile number, IP address and domain
name. Only public DIDs alongside some other public
credentials selected by DID owners could be stored on the
distributed ledger/blockchain (or off-ledger/off-blockchain) in
the form a DID document. This does not include private DIDs
and identity related personal and confidential data and
therefore, these are not stored on the blockchain alternatively it
is maintained on the storage (e.g., digital wallet) of an identity
owner or agent.
BCID Identifiant décentralisé (DID)
Identifiant généré par l’utilisateur et utilisé pour s’authentifier
en ligne afin d’accéder à un service distant. Dans le cas d’une
blockchain, l’identifiant décentralisé peut être l’adresse de
compte de l’émetteur.
[DeepL] Decentralised identifier (DID)
A user-generated identifier used to authenticate online to access
a remote service. In the case of a blockchain, the decentralised
identifier may be the issuer's account address.
EBSI
Glossary
Decentralised Identifier (DID)
Decentralised Identifiers (DIDs) are the cornerstone of self-
sovereign identity (SSI). DIDs are URL-based identifiers
associated with an entity. These identifiers are most often used
in a verifiable credential. They are associated with subjects
such that a verifiable credential itself can be easily ported from
one repository to another without the need to reissue the
credential. [...]
INATBA
Glossary
DID (decentralised identifier)
A type of identifier intended for verifiable digital identity that is
"self-sovereign", i.e., fully under the control of the identity
owner and not dependent on a centralised registry, identity
provider or certificate authority
ITU-T
X.1252
6.26 decentralized identifier (DID): A globally unique
identifier that does not require a centralized registration
authority because it is registered with distributed ledger
technology or other form of decentralized network. A DID is
associated with exactly one DID object descriptor.
NOTE – See [b-W3C-DIDs].
ITU-T 3.2.1 decentralized identifier (DID): A globally unique
X.1403 identifier that does not require a centralized registration
authority because it is registered with distributed ledger
technology (DLT) or other form of decentralized systems.
NOTE – Based on definition from [b-W3C-2].
Sovrin
Glossary
Decentralized Identifier (DID)
A globally unique identifier developed specifically for
decentralized systems as defined by the W3C DID specification.
DIDs enable interoperable decentralized Self-Sovereign
Identity management. A DID is associated with exactly one DID
Document. [...]
W3C DID Decentralized identifier (DID)
A globally unique persistent identifier that does not require a
centralized registration authority and is often generated and/or
registered cryptographically. The generic format of a DID is
defined in 3.1 DID Syntax. A specific DID scheme is defined in
a DID method specification. Many—but not all—DID methods
make use of distributed ledger technology (DLT) or some other
form of decentralized network.
W3C VC Decentralized identifier
A portable URL-based identifier, also known as a DID,
associated with an entity. These identifiers are most often used
in a verifiable credential and are associated with subjects such
that a verifiable credential itself can be easily ported from one
repository to another without the need to reissue the credential.
An example of a DID is did:example:123456abcdef.
9. Decentralized Identifier Document (DID Document)
Source Decentralized Identifier Document (DID Document)
Univ. Aston /
Cardiff
The DID document is normally governed by the identity owner
through holding its associated private key.
EBSI
Glossary
Decentralised Identifier (DID)
[...] A decentralised identifier document (DID document) is a
document that contains information related to a specific
decentralised identifier, such as the associated repository and
public-key information.
INATBA
Glossary
DID Document
Contains a set of key descriptions, which are machine-readable
descriptions of the Identity Owners public keys, and a set of
service endpoints, which are resource pointers necessary to
initiate trusted interactions with the Identity Owner
ITU-T
X.1403
3.1.3 DID document [b-W3C-2]: A set of data describing the
DID subject, including mechanisms, such as public keys and
pseudonymous biometrics, that the DID subject can use to
authenticate itself and prove their association with the DID.
Sovrin
Glossary
DID Document
The machine-readable document to which a DID points as
defined by the W3C DID specification. A DID document
describes the Public Keys, Service Endpoints, and other
metadata associated with a DID. A DID Document is
associated with exactly one DID.
W3C DID DID document
A set of data describing the DID subject, including mechanisms,
such as cryptographic public keys, that the DID subject or a
DID delegate can use to authenticate itself and prove its
association with the DID. A DID document might have one or
more different representations as defined in 6. Representations
or in the W3C DID Specification Registries [DID-SPEC-
REGISTRIES].
W3C VC Decentralized identifier document
Also referred to as a DID document, this is a document that is
accessible using a verifiable data registry and contains
information related to a specific decentralized identifier, such
as the associated repository and public key information.
December 4th 2022 6
10. Entity
Source Entity
EBSI
Glossary
Entity
Natural Persons and Legal Entities are collectively called
Entities.
eSSIF-Lab
Glossary
Entity
someone or something that is known to exist.
INATBA
Glossary
Entity
A resource of any kind that can be uniquely and independently
identified, ranging from individuals to legal persons such as
businesses and public institutions as well as IoT devices and
machines
ISO
22739:2020
3.34 entity
item inside or outside an information and communication
technology system, such as a person, an organization, a device, a
subsystem, or a group of such items that has recognizably distinct
existence
ISO/IEC
24760-1:2019
3.1.1 entity
item relevant for the purpose of operation of a domain (3.2.3)
that has recognizably distinct existence
Note 1 to entry: An entity can have a physical or a logical
embodiment.
EXAMPLE:
A person, an organization, a device, a group of such items, a
human subscriber to a telecom service, a SIM card, a passport, a
network interface card, a software application, a service or a
website.
ITU-T
X.1252
6.34 entity: Something that has separate and distinct existence
and that can be identified in context.
NOTE 1 – An entity can have a physical or logical embodiment.
NOTE 2 – An entity can be a physical person, an animal, a
juridical person, an organization, an active or passive thing, a
device, a software application, a service, etc., or a group of these
entities. In the context of telecommunications, examples of
entities include access points, subscribers, users, network
elements, networks, software applications, services and devices,
and interfaces.
ITU-T
X.1403
3.1.4 entity [ITU-T X.1252]: Something that has separate and
distinct existence and that can be identified in a context.
NIST Entity: A person, organization, or thing.
Sovrin
Glossary
Entity
As used in IETF RFC 3986, Uniform Resource Identifier (URI), a
resource of any kind that can be uniquely and independently
identified. An Entity identified by a Sovrin DID is a Sovrin
Entity.
W3C VC Entity
A thing with distinct and independent existence, such as a person,
organization, or device that performs one or more roles in the
ecosystem.
11. Federated Identity
Source Federated Identity
GSMA
Glossary
Federated Identity
When the identity information representations belonging or
relating to the same actor, belonging to different IdPs are linked
or bind together.
ISO/IEC
24760-1:2019
3.5.1 federated identity
identity (3.1.2) for use in multiple domains (3.2.3)
Note 1 to entry: Some or all of the domains where a federated
identity can be used can be formally joined as an identity
federation. Identity information providers of domains in the
federation can jointly manage a federated identity.
Note 2 to entry: The federated identity can be persistent or be a
temporary one.
12. Identification
Note that identification is part of “Rights and
Identifier Management / Identification” cross-sector
application domain of blockchain and DLT as presented
in [1]: In security management, the identification
process verifies the existence of the identifier, the
authentication process verifies the password associated
with the identifier, whereas the authorisation process
verifies that the identified and authenticated entity has
granted sufficient rights for accessing a product, a
resource, a service or a venue. The integrity protection
process verifies that data has not been modified, that a
product has not been counterfeited or that a natural
person is really the person he / she pretends to be (e.g. by
means of fingerprint or eye scan).“
Source Identification
BCID Identification
Opération consistant à identifier une personne, c’est-à-dire,
dans le langage courant, à la nommer à l’aide de ses nom et
prénoms usuels. Selon la loi française, l’identité se prouve par
tous moyens, et la détention d’une carte nationale d’identité
(CNI) n’est pas obligatoire. Pour autant, dans la pratique, cette
identification est réalisée avec une certitude suffisante par la
production de deux titres, le passeport ou la carte d’identité
(cette dernière, bientôt électronique). Mais dans de nombreux
contextes jugés moins sensibles, la production de n’importe quel
titre administratif avec photo peut suffire. L’ordonnance du 4
novembre 2017 prévoit de mettre sur le même plan que la CNI
et le passeport un « moyen d’identification électronique », mais
en l’absence de décret d’application, cette faculté ne fait pas
partie du droit positif à ce jour. Les deux défis posés par
l’identification sont, d’une part, celui de l’univocité de
l’identification, un individu renvoyant à une identité et une
seule, et vice versa (sujet qui incite à l’utilisation de la
biométrie, et surtout de l’identité génétique), et, d’autre part, la
protection de l’individu contre les identifications intempestives
(lesquelles, à l’inverse, prescrivent d’encadrer scrupuleusement
l’utilisation de la biométrie et de la génétique). [...]
[DeepL] Identification
The process of identifying a person, i.e., in everyday language,
naming him or her using his or her usual first and last names.
According to French law, identity can be proven by any means,
and the possession of a national identity card (CNI) is not
mandatory. However, in practice, this identification is achieved
with sufficient certainty by the production of two documents, the
passport or the identity card (the latter will soon be electronic).
But in many contexts deemed less sensitive, the production of
any administrative document with a photo may suffice. The
ordinance of November 4, 2017, provides for putting an
"electronic means of identification" on the same level as the
CNI and passport, but in the absence of an implementing
decree, this option is not part of the positive law to date. The
two challenges posed by identification are, on the one hand,
that of the univocity of identification, an individual referring to
one identity and one identity only, and vice versa (a subject that
encourages the use of biometrics, and especially genetic
identity), and, on the other hand, the protection of the individual
against untimely identifications (which, conversely, prescribes
scrupulous supervision of the use of biometrics and genetics).
[...]
eSSIF-Lab
Glossary
Identify
an act, by or on behalf of a party, that results in the selection of
either
- a single partial identity that the party owns, given some
(observed or received) data, or
- a single entity from a given set of entities that is the subject of
a specified partial identity that the party owns.
GSMA
Glossary
Biometric identification
The automatic identification of living individuals by using their
physiological and behavioral characteristics
December 4th 2022 7
ISO/IEC
24760-1:2019
3.2.1 identification
process of recognizing an entity (3.1.1) in a particular domain
(3.2.3) as distinct from other entities
Note 1 to entry: The process of identification applies
verification to claimed or observed attributes.
Note 2 to entry: Identification typically is part of the
interactions between an entity and the services in a domain and
to access resources. Identification can occur multiple times
while the entity is known in the domain.
ITU-T
X.1252
6.38 identification [b-ISO/IEC 24760-1]: Process of
recognizing an entity in a particular domain as distinct from
other entities.
13. Identifier (ID)
Source Identifier (ID)
EBSI
Glossary
Identifier
Any unique Source: (e.g. UUID, DID, etc.) … used to identify
some Entity.
eSSIF-Lab
Glossary
Identifier
a character string that is being used for the identification of
some entity (yet may refer to 0, 1, or more entities, depending
on the context within which it is being used).
GSMA
Glossary
Identifier
An attribute that is unique within a defined scope. Examples
are: MSISDN, email address, account number.
Also see: Attribute, Identity.
INATBA
Glossary
Identifier
Something that enables an individual, entity, process or thing to
be discovered and identified in a given context. The Decentra-
lised Identifier or DID is the building block of SSI. [...]
ISO/IEC
24760-1:2019
3.1.4 identifier
attribute or set of attributes (3.1.3) that uniquely characterizes
an identity (3.1.2) in a domain (3.2.3)
Note 1 to entry: An identifier can be a specifically created
attribute with a value assigned to be unique within the domain.
EXAMPLE:
A name of a club with a club-membership number, a health
insurance card number together with a name of the insurance
company, an email address, or a Universal Unique Identifier
(UUID) can all be used as identifiers. In a voter’s register, the
combination of attributes name, address and date of birth is
sufficient to unambiguously distinguish a voter.
ITU-T
X.1252
6.39 identifier (ID) [b-ITU-T E.101]: A series of digits,
characters and symbols used to identify uniquely a subscriber, a
user, a network element, a function, a network entity, a service
or an application. Identifiers can be used for registration or
authorization. They can be either public to all networks or
private to a specific network (private IDs are normally not
disclosed to third parties).
NOTE – An identifier can be a specifically created attribute
with a value assigned to be unique within the domain.
NIST Identifier: A blockchain address or other pseudonym that is
associated with an entity.
Sovrin
Glossary
Identifier
A text string or other atomic data structure used to provide a
base level of Identity for an Entity in a specific context. In Self-
Sovereign Identity systems, Decentralized Identifiers (DIDs)
are the standard Identifier.
14. Identity (Id)
Source Identity (Id)
BCID Identité numérique
Cette expression n’est pas attestée dans les textes juridiques ; le
règlement européen eIDAS, lui préfère « identification
électronique » et le décret du 1er aout 2018 pris pour
l’application de la loi informatique et liberté utilise l’expression
« données d’identité numériques ». Le grand succès de cette
expression dans la vie quotidienne ne doit pas nous dissimuler
qu’il n’existe pas d’identité numérique à proprement parler,
mais seulement la faculté de transcrire des éléments d’identité
sur un support numérique, lequel permet de remonter à
l’identité juridique. En dépit de sa consécration par l’usage, il
serait plus précis d’employer l’expression « moyens
d’identification électroniques sécurisés » pour désigner les
différents supports numérisés utilisés pour s’identifier en ligne
ou dans le monde physique (lors de franchissement de frontières
par exemple). De ces moyens d’identification électroniques
sécurisés peuvent être dérivés des identifiants décentralisés
(DID). L’expression « identité numérique » est indifféremment
utilisée pour des personnes physiques ou morales.
[DeepL] Digital identity
This expression is not attested to in the legal texts; the European
eIDAS regulation prefers "electronic identification" and the
decree of August 1st 2018 taken for the application of the Data
Protection Act uses the expression "digital identity data". The
great success of this expression in everyday life should not hide
the fact that there is no digital identity as such, but only the
ability to transcribe elements of identity onto a digital medium,
which makes it possible to trace the legal identity. Despite the
fact that the term has been established by usage, it would be
more precise to use the expression "secure electronic means of
identification" to refer to the various digital media used to
identify oneself online or in the physical world (when crossing
borders, for example). Decentralised identifiers (DIDs) can be
derived from these secure electronic means of identification. The
term "digital identity" is used for both natural and legal
persons.
EBSI
Glossary
(Digital) Identity
Every Entity must have one or more identities (with which it
represents itself).
eSSIF-Lab
Glossary
Identity
the combined knowledge about that entity of all parties, i.e. the
union of all partial identities of which a specific entity is the
subject.
Partial identity
all knowledge that a specific party (= the owner of the partial
identity) has about that entity (= the 'subject' of the partial
identity).
GSMA
Glossary
Identity
The collective aspect of the set of characteristics by which an
actor is uniquely recognizable or known. The set of behavioural
or personal characteristics by which an actor (e.g. individual or
group) is recognizable. An identity is described by its attributes,
some of which may be identifiers.
Also see: Attribute, Identifier.
INATBA
Glossary
Digital identity
Defined as the data points that identify something (whether an
individual, entity, process or thing) in digital form
Identity
A set of attributes that allows a subject to be sufficiently
distinguished/uniquely describes a subject within a given
context
ISO/IEC
24760-1:2019
3.1.2 identity / partial identity
set of attributes (3.1.3) related to an entity (3.1.1)
Note 1 to entry: An entity can have more than one identity.
Note 2 to entry: Several entities can have the same identity.
Note 3 to entry: ITU-T X1252[13] specifies the distinguishing
use of an identity. In this document, the term identifier implies
this aspect.
ITU-T
X.1252
6.29 digital identity: A digital representation of the information
known about a resource, a specific individual, group or
organization.
6.40 identity: A representation of an entity in the form of one or
more attributes that allow the entity or entities to be sufficiently
distinguished within a context. For identity management
purposes, the term identity is understood as contextual identity
(subset of attributes), i.e., the variety of attributes is limited by a
framework with defined boundary conditions (the context) in
which the entity exists and interacts.
NOTE – Each entity is represented by one holistic identity that
comprises all possible information elements characterizing such
entity (the attributes). However, this holistic identity is a
theoretical issue and eludes any description and practical usage
because the number of all possible attributes is indefinite.
6.85 self-asserted identity: An identity that an entity declares to
December 4th 2022 8
be its own.
Sovrin
Glossary
Identity
Information that enables a specific Entity to be distinguished
from all others in a specific context. Identity may apply to any
type of Entity, including Individuals, Organizations, and Things.
Note that Legal Identity is only one form of Identity. Many
technologies can provide Identity capabilities; the Sovrin
Governance Framework defines one such system.
W3C VC Identity
The means for keeping track of entities across contexts. Digital
identities enable tracking and customization of entity
interactions across digital contexts, typically using identifiers
and attributes. Unintended distribution or use of identity
information can compromise privacy. Collection and use of
such information should follow the principle of data
minimization.
15. Identity Agent
Source Identity Agent
ESSIF-Lab
Glossary
Agent
an actor that is executing an action on behalf of a party (called
the principal of that actor).
Digital Agent
an agent in the digital world (e.g. a running app, or a web-
server that is executing an action for a specific party (its
principal).
SSI Agent
a digital agent that provides one or more of the ssi
functionalities (issuer, holder, verifier, wallet) to its principal.
ITU-T
X.1252
6.3 agent: An entity that acts on behalf of another entity.
16. Identity Federation
Source Identity Federation
GSMA
Glossary
Identity Federation
The process of setting up a cross-domain relationship and the act
of requesting, passing and using user-related information across
different administrative domains. In this context, federated
identity standards define what amounts to an “abstraction layer”
over the legacy identity and security environments of these
diverse domains. Each domain maps its own local identity and
security interfaces and formats to the agreed upon identity
federation standards which are to be used externally, without the
need to divulge sensitive subscriber data.
ISO/IEC
24760-1:2019
3.5.2 identity federation
agreement between two or more domains (3.2.3) specifying how
identity information (3.2.4) will be exchanged and managed for
cross-domain identification (3.2.1) purposes
Note 1 to entry: Establishing an identity federation typically
includes an agreement on the use of common protocols and
procedures for privacy control, data protection and auditing. The
federation agreement can specify the use of standardized data
formats and cryptographic techniques.
Note 2 to entry: The federation agreement can be the basis for
identity authorities in each of the domains of applicability to
mutually recognize credentials for authorization.
ITU-T
X.1252
6.36 federation [b-ITU-T Y.2720]: Establishing a relationship
between two or more entities or an association comprising any
number of service providers and identity providers.
ITU-T
X.1403
3.1.5 federation [ITU-T X.1252]: An association of users, service
providers, and identity service providers.
17. Identity Holder
Source Identity Holder
Univ. Aston /
Cardiff
A holder receives credentials from an issuer, retains it and
when it is required, it shares credentials with a verifier.
EBSI
Glossary
Holder
A holder will be defined as the entity that is the receiver of a
verifiable credential (not necessarily owned by it) and that can
use it.
eSSIF-Lab
Glossary
Holder
the capability to handle presentation requests from a peer
agent, produce the requested data (a presentation) according to
its principal's holder-policy, and send that in response to the
request.
INATBA
Glossary
Identity Holder
An individual or organisation that controls the private keys
associated with a given DID. While all types of entities,
including natural persons, processes, organisations, smart
agents, and things (e.g., IoT devices, machines, etc.) may have
DIDs that identify them, the private keys associated with a DID
will still be controlled by an individual or organisation (who
will also be legally liable for it)
ITU-T
X.1252
6.37 holder: An entity that has been issued a claim by an issuer.
If the claim supports zero-knowledge proofs, the holder is also
the prover.
6.70 prover: Entity that issues a proof from a claim. The prover
is also the holder of the claim.
NIST Holder: A custodian holding a credential on behalf of an entity.
Sovrin
Glossary
Holder
A role played by an Entity when it is issued a Credential by an
Issuer. The Holder may or may not be the Subject of the
Credential. (There are many use cases in which the Holder is
not the Subject, e.g., a birth certificate where the Subject is a
baby and both the mother and father may be Holders. Another
case is a Credential Registry.) If the Credential supports Zero
Knowledge Proofs, the Holder is also the Prover. Based on the
definition provided by the W3C Ver ifiable Claims Working
Group. [...]
Prover
A role played by an Entity when it generates a Zero Knowledge
Proof from a Credential. The Prover is also the Holder of the
Credential. [...]
W3C VC Holder
A role an entity might perform by possessing one or more
verifiable credentials and generating presentations from them.
A holder is usually, but not always, a subject of the verifiable
credentials they are holding. Holders store their credentials in
credential repositories.
18. Identity Information
Source Identity Information
ISO/IEC
24760-1:2019
3.2.4 identity information
set of values of attributes (3.1.3) optionally with any associated
metadata in an identity (3.1.2)
Note 1 to entry: In an information and communication
technology system an identity is present as identity information.
December 4th 2022 9
19. Identity Issuer
Source Identity Issuer
Univ. Aston /
Cardiff
The ecosystem of a self-sovereign identity […] has three main
roles : Issuer, Holder and Verifier. An issuer creates and issues
credentials to a holder.
EBSI
Glossary
Issuer
This term refers to a party that creates and issues Verifiable
Credentials (e.g. Verifiable IDs or Verifiable Attestations) to
Holders.
Trusted Issuer
A role that an entity, a person, or a thing might perform by
creating a verifiable credential, associating it with a specific
subject, and transmitting it to a holder. Example issuers include
corporations, non-profit organisations, trade associations,
governments, and individuals. The trustworthiness of ESSIF will
stand (or fall) with the trustworthiness of the verifiable
credentials, mandates/consents, and/or claims. This
trustworthiness will be determined by the trustworthiness of the
respective issuers and their issued VCs (which can be low,
substantial, or high).
eSSIF-Lab
Glossary
Issuer
the capability to construct credentials from data objects,
according to the content of its principal's issuer-Policy
(specifically regarding the way in which the credential is to be
digitally signed), and pass it to the wallet-component of its
principal allowing it to be issued.
ISO/IEC
24760-1:2019
3.4.10 credential issuer
entity (3.1.1) responsible for provisioning of a credential (3.3.5)
to a principal (3.1.7) in a specific domain (3.2.3)
Note 1 to entry: A credential (3.3.5) provisioned by a credential
issuer can have a physical form, e.g. a membership (smart)
card.
Note 2 to entry: The issuance of a credential (3.3.5) for a
principal (3.1.7) can be recorded as an attribute (3.1.3) for the
principal, e.g. by recording the unique number of the token
issued.
Note 3 to entry: A credential (3.3.5) provisioned by an issuer
can be a username and password. A credential in the form of a
smart card or similar security device, can be configured to
validate a password off-line.
ITU-T
X.1252
6.53 issuer: The entity that issues a claim.
NIST Issuer: An entity that issues a credential about a subject on
behalf of a requester.
Sovrin
Glossary
Issuer
The Entity that issues a Credential to a Holder. Based on the
definition provided by the W3C Ver ifiable Claims Working
Group. [...]
W3C VC Issuer
A role an entity can perform by asserting claims about one or
more subjects, creating a verifiable credential from these
claims, and transmitting the verifiable credential to a holder.
20. Identity Management (IdM)
Note that identifier (not identity) management is
part of “Rights and Identifier Management / Identification”
cross-sector application domain of blockchain and DLT as
presented in [1]: “In identifier management, identifiers can
be allocated to a product, a resource, a service, an event
but also to a legal entity or a natural person (in that case,
identifiers depict the identity) based on an identifier owner
declaration. Then, identifiers can be monetised and shared
by an identifier provider.”
Source Identity Management (IdM)
GSMA
Glossary
Identity Management (IDM)
A set of processes, technologies and services in order to manage
principals’ identities (creation, maintenance and termination of
principal accounts), secure access to the operator’s resources
(data and services) and protect principals private data.
ISO/IEC
24760-1:2019
3.4.1 identity management / IDM
processes and policies involved in managing the lifecycle and
value, type and optional metadata of attributes (3.1.3) in
identities (3.1.2) known in a particular domain (3.2.3)
Note 1 to entry: In general identity management is involved in
interactions between parties where identity information (3.2.4)
is processed.
Note 2 to entry: Processes and policies in identity management
support the functions of an identity information authority
(3.3.3) where applicable, in particular to handle the interaction
between an entity for which an identity is managed and the
identity information authority.
ITU-T
X.1252
6.43 identity management (IdM): A set of functions and
capabilities (e.g., administration, management and
maintenance, discovery, communication exchanges, correlation
and binding, policy enforcement, authentication and assertions)
used for: assurance of identity information (e.g., identifiers,
credentials, attributes); assurance of the identity of an entity;
and support of business and security applications.
NOTE – Based on [b-ITU-T Y.2720].
W3C DID Decentralized identity management
Identity management that is based on the use of decentralized
identifiers. Decentralized identity management extends
authority for identifier generation, registration, and assignment
beyond traditional roots of trust such as X.500 directory
services, the Domain Name System, and most national ID
systems.
21. Identity Management System (IdMS)
Source Identity Management System (IdMS)
Univ. Aston /
Cardiff
Several Identity Management (IDM) systems were developed
and employed to manage digital identity effectively, however, a
significant issue with the majority of the IDM systems is that an
identity owner never had control of their identity and its
associated data. Self-Sovereign Identity (SSI) IDM has
recently been developed to solve this issue, by providing users
with sovereign ownership of their identity and full control of
their personal data.
ISO/IEC
24760-1:2019
3.4.8 identity management system
mechanism comprising of policies, procedures, technology and
other resources for maintaining identity information (3.2.4)
including associated metadata
Note 1 to entry: An identity management system is typically
used for identification (3.2.1) or authentication (3.3.1) of
entities. It can be deployed to support other automated
decisions based on identity information for an entity recognized
in the domain for the identity management system.
[SOURCE:ISO/IEC 24760-2:2015, 3.3, modified — “of
application” has been deleted after “domain” in Note 1 to
entry.]
ISO/IEC
24760-2:2015
3.3 identity management system
mechanism comprising policies, procedures, technology, and
other resources for maintaining identity information including
metadata
Note 1 to entry: An identity management is typically used for
identification or authentication of entities. It can be deployed to
support other automated decisions based on identity
information for an entity recognized in the domain of
application for the identity management system.
December 4th 2022 10
22. Identity Owner
Source Identity Owner
EBSI
Glossary
Owner
An owner will be defined as the legal owner of a Verifiable
Credential or the one that registered a mandate/consent
eSSIF-Lab
Glossary
Owner
the role that a party performs when it is exercizing its legal,
rightful or natural title to control that entity.
ITU-T
X.1252
6.44 identity owner: An entity who can be held responsible. An
identity owner must be either an individual or an organization.
Mutually exclusive from thing.
NIST System Owner: An entity that owns a given identity
management system.
Sovrin
Glossary
Controller
An Identity Owner that is responsible for control of another
Entity—specifically the Private Keys needed to take actions on
behalf of that Entity. For example, a Thing Controller has a
Controller relationship with a Thing. It is one of three types of
identity control relationships
Identity Owner
This term refers to the subclassifications of Sovrin Entity that
may be held legally accountable. Identity Owners includes
Individuals and Organizations but do not include Things. The
actual legal accountability of an Identity Owner for any
particular action depends on many contextual factors including
the laws of the applicable Jurisdiction, Guardianship, and so
forth. An Identity Owner may play any of the Sovrin
Infrastructure Roles.
23. Identity Proof
Source Identity Proof
ISO/IEC
24760-1:2019
3.4.4 identity evidence / evidence of identity
information that can support validating identity information
(3.2.4)
Note 1 to entry: Identity evidence is the presented and gathered
information related to an entity that provides the attributes
needed for a successful identification or authentication at a
specific (high) level of assurance.
ITU-T
X.1252
6.69 proof: Cryptographic verification of a claim. A digital
signature is a simple form of proof. A cryptographic hash is also
a form of proof. Proofs are one of two types: transparent or zero
knowledge. Transparent proofs reveal all the information in a
claim. Zero-knowledge proofs enable selective disclosure of the
information in a claim.
24. Identity Proofing
Source Identity Proofing
ISO/IEC
24760-1:2019
3.4.2 identity proofing / initial entity authentication
verification (3.2.2) based on identity evidence (3.4.4) aimed at
achieving a specific level of assurance
Note 1 to entry: Identity proofing is typically performed as part
of enrolment. Identity evidence can also be needed during
maintenance of registered identity information, e.g. recovery of
a user account.
Note 2 to entry: Typically identity proofing involves a
verification of provided identity information and can include
uniqueness checks, possibly based on biometric techniques.
Note 3 to entry: Verification for identity proofing is usually
based on an enrolment policy that includes specification of the
verification criteria of the identity evidence to be provided by
the entity.
Note 4 to entry: The verified identity information (3.2.4)
obtained when performing identity proofing can be included in
the registration and can serve to facilitate future identification
of the entity.
ITU-T
X.1252
6.46 identity proofing [b-ISO/IEC 29115]: Process by which the
registration authority (RA) captures and verifies sufficient
information to identify an entity to a specified or understood
level of assurance.
25. Identity Provider (IdP)
Source Identity Provider (IdP)
BCID Fournisseur d’identité
Organisme public ou privé fournissant un moyen
d’authentification et sa garantie aux utilisateurs pour l’accès à
des biens ou des services sur Internet.
[DeepL] Identity Provider
A public or private organisation that provides authentication
and its guarantee to users for accessing goods or services on
the Internet.
GSMA
Glossary
Identity Provider (IdP)
A provider that manages identity information including
providing that information to other actors, on behalf of users
and also provides statement of authentication to other actors.
ISO/IEC
24760-1:2019
3.4.11 credential service provider / CSP
trusted entity (3.1.1) related to a particular domain (3.2.3)
responsible for management of credentials (3.3.5) issued in that
domain
Note 1 to entry: It is possible that a CSP acts as credential
issuer (3.4.10).
3.3.4 identity information provider / identity provider / IIP
entity (3.1.1) that makes available identity information (3.2.4)
Note 1 to entry: Typical operations performed by an identity
information provider are to create and maintain identity
information for entities known in a particular domain. An
identity information provider and an identity information
authority can be the same entity.
ITU-T
X.1252
6.47 identity provider (IdP)
NOTE – See identity service provider (IdSP).
6.49 identity service provider (IdSP): An entity that verifies,
maintains, manages, and may create and assign identity
information of other entities.
ITU-T
X.1403
3.1.6 identity service provider (IdSP) [ITU-T X.1252]: An entity
that verifies, maintains, manages, and may create and assign
identity information of other entities.
W3C VC Identity provider
An identity provider, sometimes abbreviated as IdP, is a system
for creating, maintaining, and managing identity information
for holders, while providing authentication services to relying
party applications within a federation or distributed network. In
this case the holder is always the subject. Even if the verifiable
credentials are bearer credentials, it is assumed the verifiable
credentials remain with the subject, and if they are not, they
were stolen by an attacker. This specification does not use this
term unless comparing or mapping the concepts in this
document to other specifications. This specification decouples
the identity provider concept into two distinct concepts: the
issuer and the holder.
26. Identity Relying Party (RP)
Source Identity Relying Party (RP)
EBSI
Glossary
Relying Parties
Relying Parties are Parties which through their actors/agents
rely on any verifiable credential they will receive.
ISO/IEC
24760-1:2019
3.3.7 relying party / RP
entity (3.1.1) that relies on the verification (3.2.2) of identity
information (3.2.4) for a particular entity
Note 1 to entry: A relying party is exposed to risk caused by
incorrect identity information. Typically, it has a trust
relationship with one or more identity information authorities.
ITU-T
X.1252
6.76 relying party (RP): An entity that relies on an identity
representation or claim by a requesting or asserting entity
within some request context.
NOTE – Based on [b-ITU-T Y.2720].
NIST Relying Party: An entity that receives information about a
subject from a verifier.
Sovrin
Glossary
Relying Party
An Entity that consumes Identity Data and accepts some Level
of Assurance from another Entity for some purpose. Verifiers
are one type of Relying Party.
December 4th 2022 11
27. Identity Requester
Source Identity Requester
ITU-T
X.1252
6.78 requesting entity (RE): An entity making an identity
representation or claim to a relying party within some request
context.
NIST Requester: An entity that makes a request to an issuer to issue a
credential about a subject.
28. Identity Verifier
Source Identity Verifier
Univ. Aston /
Cardiff
A verifier receives and verifies credentials presented by a
holder.
BCID Vérificateur
Organisme public ou privé habilité à vérifier la validité, la
véracité, l’intégrité et l’authenticité des attributs d’identité,
assertions vérifiables et/ou des documents sources présentés
par un utilisateur pour accéder à un service en ligne.
[DeepL] Verifier
A public or private body that is empowered to verify the validity,
truthfulness, integrity and authenticity of identity attributes,
verifiable assertions and/or source documents submitted by a
user to access an online service.
EBSI
Glossary
Verifier
This term refers to a party who requests/verifies Verifiable
Credentials (e.g. Verifiable IDs or Verifiable Attestations), such
as to provide a service.
eSSIF-Lab
Glossary
Verifier
the capability to request peer agents to present (provide) data
from credentials (of a specified kind, issued by specified
parties), and to verify such responses (check structure,
signatures, dates), according to its principal's verifier policy.
ISO/IEC
24760-1:2019
3.3.6 verifier
entity (3.1.1) that performs verification (3.2.2)
Note 1 to entry: A verifier can be the same as, or act on behalf
of, the entity that controls identification of entities for a
particular domain.
ITU-T
X.1252
6.97 verifier [b-ISO/IEC 24760-1]: Entity that performs
verification.
NIST Verifier: An entity that verifies the validity of a presentation on
behalf of a relying party.
Sovrin
Glossary
Verifier
An Entity who requests a Credential or Proof from a Holder
and verifies it in order to make a trust decision about a Sovrin
Entity. Based on the definition provided by the W3C Verifiable
Claims Working Group. [...]
W3C VC Verifier
A role an entity performs by receiving one or more verifiable
credentials, optionally inside a verifiable presentation for
processing. Other specifications might refer to this concept as a
relying party.
29. Identity Wallet
Source Identity Wallet
Univ. Aston /
Cardiff
Only public DIDs alongside some other public credentials
selected by DID owners could be stored on the distributed
ledger/blockchain (or off-ledger/off-blockchain) in the form a
DID document. This does not include private DIDs and identity
related personal and confidential data and therefore, these are
not stored on the blockchain alternatively it is maintained on the
storage (e.g., digital wallet) of an identity owner or agent.
EBSI
Glossary
Enterprise (EBSI compliant) Wallet
Service that allows the Legal Entities to interact with the rest of
EBSI Services and to self-manage their own data.
User (EBSI compliant) Wallet
Service that allows the Natural persons to interact with the rest
of EBSI Services and to self-manage their own identity data
including export/import and migration capabilities.
Web Wallet Client
At its core, a “Wallet” is a data store. However, a wallet can
also include a service that allows a Natural Person to interact
with EBSI Services and to manage their own data. There can be
different types / technical implementations of “Wallets”, such as
web-based wallets or mobile wallets
eSSIF-Lab
Glossary
Wallet
the capability to securely store data as requested by colleague
agents, and to provide stored data to colleague agents or peer
agents, all in compliance with the rules of its principal's wallet
policy.
ITU-T
X.1252
6.98 wallet (identity wallet): An application that primarily
allows a user to hold identifiers and credentials by storing the
corresponding private keys on the user device.
ITU-T
X.1403
3.2.6 wallet (identity wallet): An application that primarily
allows a user to hold identifiers and credentials by storing the
corresponding private keys on the user device.
30. Presentation
Source Presentation
EBSI
Glossary
Verifiable Presentations
A verifiable presentation represents the data passed from an
entity to a relying party (often also the verifier).
eSSIF-Lab
Glossary
Presentation
a (signed) digital message that a holder component may send to
a verifier component that contains data derived from one or
more verifiable credentials (that (a colleague component of) the
holder component has received from issuer components of one
or more parties), as a response to a specific presentation
request of a Verifier component.
NIST Presentation: Information derived from one or more credentials
that a subject discloses to a verifier to communicate some
quality about a subject.
W3C VC Presentation
Data derived from one or more verifiable credentials, issued by
one or more issuers, that is shared with a specific verifier. A
verifiable presentation is a tamper-evident presentation
encoded in such a way that authorship of the data can be trusted
after a process of cryptographic verification. Certain types of
verifiable presentations might contain data that is synthesized
from, but do not contain, the original verifiable credentials (for
example, zero-knowledge proofs).
December 4th 2022 12
31. Self-Sovereign Identity (SSI)
Source Self-Sovereign Identity (SSI)
Univ. Aston /
Cardiff
Self-Sovereign Identity (SSI) is a sovereign, enduring and
portable identity for any person, organization, or body, that
allows its owner to access all relevant digital services by
utilising verifiable credentials linked to the identity in a privacy
preserving manner
EBSI
Glossary
Self-Sovereign Identity (SSI)
Self-sovereign identity (SSI) is the next step beyond user-
centric identity. Both concepts are based on the idea that a user
must be central to the administration of his/her digital identity,
which requires not only a user’s ability to use an identity across
multiple locations but also to have true control over that digital
identity, creating user autonomy. To accomplish this, a self-
sovereign identity must be transportable; it can’t be locked into
a single site or locale. A self-sovereign identity must also allow
users to make claims, which could include personal data or
attributes, and can even contain information about the user that
was asserted by others. In the creation of a self-sovereign
identity, we must be careful to protect the individual, defend
them against financial and other losses and support human
rights, such as the right to be oneself and to freely associate. It
must be easy for public administration and other organisations
to provide services that are legally binding and fully compliant
with regulations.
eSSIF-Lab
Glossary
Self-Sovereign Identity (SSI)
Self-Sovereign Identity (SSI) is a term that has many different
interpretations, and that we use to refer to concepts/ideas,
architectures, processes and technologies that aim to support
(autonomous) parties as they negotiate and execute electronic
transactions with one another.
INATBA
Glossary
Self-Sovereign Identity
A model of digital identity where individuals and entities alike
are uniquely in full control over central aspects of their digital
identity, including their underlying encryption keys, creation,
registration, and use of their decentralised identifiers or DIDs,
and control over how their credentials and related personal
data is shared and used
Sovrin
Glossay
Self-Sovereign Identity
An identity system architecture based on the core principle that
Identity Owners have the right to permanently control one or
more Identifiers together with the usage of the associated
Identity Data. [...]
32. Self-Sovereingty
Source Self-Sovereignty
eSSIF-Lab
Glossary
Self-Sovereignty
the characteristic of every party that it is autonomous in
managing and operating its own knowledge, particularly in
making decisions and deciding how to decide.
33. Subject
Source Subject
eSSIF-Lab
Glossary
Principal
the party for whom, or on behalf of whom, the actor is executing
an action (this actor is then called an agent of that party).
Subject
the (single) entity to which a given set of coherent data
relates/pertains. Examples of such sets include attributes,
Claims/Assertions, files/dossiers, (verifiable) credentials,
(partial) identities, etc.
INATBA
Glossary
Subject
Refers to the subject of a given claim or credential
ISO/IEC
24760-1:2019
3.1.7 principal / subject
entity (3.1.1) of which identity information is stored and
managed by an identity management system (3.4.8)
Note 1 to entry: Typically, in a context of privacy protection or
where a principal is seen as having agency a principal refers to
a person.
[SOURCE:ISO/IEC 24760-2:2015, 3.4, modified —The word
"pertains" has been clarified and Note 1 to entry has been
reworded.]
ISO/IEC
24760-2:2015
3.4 principal / subject
entity to which identity information in an identity management
system (3.3) pertains
Note 1 to entry: In the context of privacy protection
requirements, a principal refers to a person.
ITU-T
X.1252
6.65 principal: An entity whose identity can be authenticated.
NOTE – This entry appears in [b-ITU-T X.811], [b-ITU-T
Y.2702] and [b-ITU-T Y.2720]
ITU-T
X.1403
3.2.2 DID subject: The entity the DID document is about. That
is, the entity identified by the DID and described by the DID
document.
NOTE – Based on definition from [b-W3C-2].
NIST Subject: An entity that receives one or more credentials from an
issuer.
Sovrin
Glossay
Data Subject
As defined by the EU General Data Protection Regulation
(GDPR), any person whose Personal Data is being collected,
held, or processed. In the Sovrin Governance Framework, a
Data Subject is referred to as an Individual.
DID Subject
The Entity identified by a DID.
Subject
The Entity whose Identifiers are asserted by DIDs and whose
Attributes are asserted by Credentials. Aligns with the
definitions provided by the W3C Credentials Community Group
and W3C Verifiable Claims Working Group. [...]
W3C DID DID subject
The entity identified by a DID and described by a DID
document. Anything can be a DID subject: person, group,
organization, physical thing, digital thing, logical thing, etc.
W3C VC Subject
A thing about which claims are made.
34. Verifiable Credential (VC)
Source Verifiable Crendential (VC)
Univ. Aston /
Cardiff
A Verifiable Credential (VC) is verifiable through a signature
or evidence supplied by an issuer who has either issued the VC
or can confirm its correctness. A VC is used to represent similar
information on the Web to that of a physical credential in the
real world. The verifiable credentials should be linked with an
identity through its unique identifier such as a DID.
EBSI
Glossary
Verifiable Credential
A verifiable credential is a tamper-evident credential that has
authorship that can be cryptographically verified. Verifiable
credentials can be used to build verifiable presentations, which
can also be cryptographically verified. The claims in a
credential can be about different subjects. Verifiable means that
the integrity (no alteration) of a Verifiable Credential, as well
as the authorship of a Verifiable Credential, can easily be
checked using a cryptographic-based standard procedure
Verifiable (Digital) ID
A verifiable ID is a special form of a "verifiable credential" an
entity can put forward as evidence of whom he/she/it is
(comparable with a passport, physical IDcard, drivers-license,
social security card, member-card, etc.).
Sovrin
Dictionary
Verifiable Credential
A Credential that includes a Proof from the Issuer. Typically
this proof is in the form of a digital signature. In Sovrin
Infrastructure, a Ver ifiable Credential uses Zero Knowledge
Proofs by default and can usually be verified by the Issuer
Public Key stored in the Credential Definition on the Sovrin
Ledger. Based on the definition provided by the W3C Verifiable
Claims Working Group. [...]
W3C DID Verifiable credential
A standard data model and representation format for
cryptographically-verifiable digital credentials as defined by
the W3C Verifiable Credentials specification [W3C VC]
W3C VC Credential
[...] A verifiable credential is a tamper-evident credential that
has authorship that can be cryptographically verified. Verifiable
December 4th 2022 13
credentials can be used to build verifiable presentations, which
can also be cryptographically verified. [...]
35. Verification
Source Verification
eSSIF-Lab
Glossary
Verify
The act, by or on behalf of a Party, of determining whether that
data is authentic (i.e. originates from the party that authored it),
timely (i.e. has not expired), and conforms to other
specifications that apply to its structure.
ISO/IEC
24760-1:2019
3.2.2 verification
process of establishing that identity information (3.2.4)
associated with a particular entity (3.1.1) is correct
Note 1 to entry: Verification typically involves determining
which attributes are needed to recognize an entity in a domain,
checking that these required attributes are present, that they
have the correct syntax, and exist within a defined validity
period and pertain to the entity.
ITU-T
X.1252
6.50 identity verification: The process of confirming that a
claimed identity is correct by comparing the offered claims of
identity with previously proven information.
6.96 verification [b-ISO/IEC 24760-1]: Process of establishing
that identity information associated with a particular entity is
correct.
NOTE 1 – The process of identification applies verification to
claimed or observed attributes.
NOTE 2 – Verification of (identity) information may encompass
examination with respect to validity, correct source, original,
(unaltered), correctness, binding to the entity, etc.
NOTE 3 – Information is correct at the time of verification.
W3C VC Verification
The evaluation of whether a verifiable credential or verifiable
presentation is an authentic and timely statement of the issuer
or presenter, respectively. This includes checking that: the
credential (or presentation) conforms to the specification; the
proof method is satisfied; and, if present, the status check
succeeds. Verification of a credential does not imply evaluation
of the truth of claims encoded in the credential.
36. Zero-Knowledge Proof (ZKP)
Source Zero-Knowledge Proof (ZKP)
Univ. Aston /
Cardiff
The user can share an entire credential, part of a credential
(known as claim), or Zero-Knowledge Proofs (ZKP) acquired
from a credential
BCID Zero Knowledge Proof (preuve à divulgation nulle de
connaissance)
Méthode cryptographique permettant de fournir une preuve
vérifiable de détention d’une donnée sans la révéler.
[DeepL] Zero Knowledge Proof
A cryptographic method for providing verifiable proof of
ownership of data without revealing it.
ITU-T
X.1252
6.99 zero knowledge proof (ZKP): A proof that uses special
cryptography and a master secret to permit selective disclosure
of information in a set of claims. A ZKP proves that some or all
of the data in a set of claims is true without revealing any
additional information, including the identity of the prover.
NOTE 1 – The notion of "selective disclosure" means a wide
range of choice for disclosure. For example, ZKPs can be used
to prove numerous claims about confidential data such as: (1)
adulthood, without revealing the birth date; (2) solvency (not
being bankrupt), without showing the portfolio composition; (3)
ownership of an asset, without revealing or linking to past
transactions.
NOTE 2 – Based on [b-ITU-T X.1403].
ITU-T
X.1403
3.2.7 zero knowledge proof: A proof that uses special
cryptography and a master secret to permit selective disclosure
of information in a set of claims. A zero knowledge proof
proves that some or all of the data in a set of claims is true
without revealing any additional information, including the
identity of the prover.
NIST Zero-Knowledge Proof
A cryptographic scheme where a prover is able to convince a
verifier that a statement is true, without providing any more
information than that single bit (that is, that the statement is
true rather than false).
Sovrin
Glossary
Zero Knowledge Proof
A Proof that uses special cryptography and a Link Secret to
support Selective Disclosure of information about a set of
Claims from a set of Credentials. A Zero Knowledge Proof
provides cryptographic proof about some or all of the data in a
set of Credentials without revealing the actual data or any
additional information, including the Identity of the Prover.
V. CONCLUSION
This article introduced a selection of 16 relevant
blockchain and DLT and identification standards and
reference documents (cf. section II), then proposed
harmonisation that consists in 2 steps (cf. section III),
firstly by benchmarking terms and definitions for a set of
36 relevant decentralised identifier and identity terms that
are generic to the selection of 16 relevant blockchain and
DLT and identification standards and reference
documents (cf. section IV).
Secondly harmonisation consists in aligning and
linking the definitions in terminology or vocabulary
sections of standards under development. This proposal is
intended to serve as a basis for standards under
development in the second step. In particular,
standardisation experts are invited to read, compare and
even improve the definitions in standards.
The harmonisation is proposed to take place in
the following working groups for blockchain and DLT
and identification standards under development (new
ones or revisions) for example and not restricted to:
- ISO/TC307/WG6 for ISO CD/TR 6039 “Blockchain
and DLT Identifiers of subjects and objects for the
design of blockchain systems” [23];
- ISO/TC307/WG1 for ISO/DIS 22739 “Blockchain and
DLT — Vocabulary [24];
- ISO/TC307/JWG4 for ISO/WD 7603 “Decentralized
Identity standard for the identification of subjects and
objects” [25];
- CEN-CENELEC/JTC19/WG1 for CEN/CLC TS
“Decentralised Identity Management Model based on
Blockchain and other DLT Part 1: Generic Reference
Framework” [26].
December 4th 2022 14
REFERENCES
[1] J. Pons “Blockchain Use Cases Taxonomy : Necessary Distinction
between Application Domains, Use Case Purposes and Economic Activity
Sections”, ResearchGate, December 31st 2019,
https://www.researchgate.net/publication/338253482_Blockchain_Use_C
ases_Taxonomy_Necessary_Distinction_between_Application_Domains_
Use_Case_Purposes_and_Economic_Activity_Sections (accessed
December 3rd 2022)
[2] ISO/TS ISO/TS 23258:2021 “Blockchain and distributed ledger
technologies Taxonomy and Ontology”, ISO, November 2021,
https://www.iso.org/obp/ui/#iso:std:iso:ts:23258:ed-1:v1:en (accessed
December 3rd 2022)
[3] ISO/TR 3242:2022 “Blockchain and distributed ledger technologies
Use cases”, ISO, October 2022,
https://www.iso.org/obp/ui/#iso:std:iso:tr:3242:ed-1:v1:en (accessed
December 3rd 2022)
[4] ISO/TC 307 Blockchain and distributed ledger technologies, ISO,
https://www.iso.org/committee/6266604.html (accessed December 3rd
2022)
[5] ISO 22739:2020 “Blockchain and distributed ledger technologies
Vocabulary”, ISO, July 2020,
https://www.iso.org/obp/ui/#iso:std:iso:22739:ed-1:v1:en (accessed
December 3rd 2022)
[6] ISO 23257:2022 “Blockchain and distributed ledger technologies
Reference architecture”, ISO, February 2022,
https://www.iso.org/obp/ui/#iso:std:iso:23257:ed-1:v1:en (accessed
December 3rd 2022)
[7] ISO/TR 23249:2022 “Blockchain and distributed ledger technologies
Overview of existing DLT systems for identity management”, ISO,
May 2022, https://www.iso.org/obp/ui/#iso:std:iso:tr:23249:ed-1:v1:en
(accessed December 3rd 2022)
[8] ITU-T X.1403 “Security guidelines for using distributed ledger
technology for decentralized identity management”, ITU-T, September
2020, https://www.itu.int/rec/T-REC-X.1403 (accessed December 3rd
2022)
[9] ITU-T X.1252 “Baseline identity management terms and definitions”,
ITU-T, April 2021, https://www.itu.int/rec/T-REC-X.1252/en (accessed
December 3rd 2022)
[10] GSMA Glossary “Identity Glossary”, GSMA, as of December 3rd
2022, https://www.gsma.com/identity/glossary (accessed December 3rd
2022)
[11] “Verifiable Credentials Data Model 1.1 - Expressing verifiable
information on the Web (W3C VC)”, W3C, March 3rd 2022,
https://www.w3.org/TR/vc-data-model/ (accessed December 3rd 2022)
[12] “Decentralized Identifiers (DIDs) V1.0 - Core architecture, data
model, and representations (W3C DID)”, W3C, July 19th 2022,
https://www.w3.org/TR/did-core/ (accessed December 3rd 2022)
[13] “EBSI Glossary”, European commission, as of August 28th 2022,
https://ec.europa.eu/digital-building-blocks/wikis/display/EBSI/Glossary
(accessed August 28th 2022)
[14] “eSSIF-Lab Glossary”, eSSIF-Lab, as of August 28th 2022,
https://essif-lab.pages.grnet.gr/framework/docs/essifLab-glossary
(accessed August 28th 2022)
[15] “Blockchain et identification numérique (BCID)”, French Ministry of
Interior, May 25th 2021, https://www.interieur.gouv.fr/actualites/actu-du-
ministere/technologie-blockchain-revolution-pour-lidentification
(accessed December 3rd 2022)
[16] N. Naik, P. Jenkins, “Your Identity is Yours: Take Back Control of
Your Identity Using GDPR Compatible Self-Sovereign Identity”,
Universities of Aston and Cardiff, UK, February 16th 2021,
https://research.aston.ac.uk/en/publications/your-identity-is-yours-take-
back-control-of-your-identity-using-g (accessed December 3rd 2022)
[17] “A Taxonomic Approach to Understanding Emerging Blockchain
Identity Management Systems”, NIST, January 14th 2020,
https://csrc.nist.gov/publications/detail/white-paper/2020/01/14/a-
taxonomic-approach-to-understanding-emerging-blockchain-idms/final
(accessed December 3rd 2022)
[18] “Sovrin Glossary”, Sovrin, V3, December 4th 2019,
https://sovrin.org/library/glossary/ (accessed December 3rd 2022)
[19] ISO/IEC 24760-1:2019 “IT Security and Privacy — A framework for
identity management Part 1: Terminology and concepts”, ISO/IEC,
May 2019, https://www.iso.org/obp/ui/#iso:std:iso-iec:24760:-1:ed-
2:v1:en (accessed December 3rd 2022)
[20] ISO/IEC 24760-2:2015 “Information technology — Security
techniques — A framework for identity management — Part 2:
Reference architecture and requirements”, ISO/IEC, June 2015,
https://www.iso.org/obp/ui/en/#iso:std:iso-iec:24760:-2:ed-
1:v1:en:term:3.4 (accessed December 3rd 2022)
[21] INATBA Glossary “Decentralised Identity: What’s at Stake?”,
INATBA, November 2020,
https://inatba.org/wp-content/uploads/2020/11/2020-11-INATBA-
Decentralised-Identity-001.pdf (accessed December 3rd 2022)
[22] UNE 71307-1:2020 “Digital Enabling Technologies. Decentralised
Identity Management Model based on Blockchain and other Distributed
Ledgers Technologies. Part 1: Reference Framework”, UNE, December
9th 2020,
https://www.en.une.org/encuentra-tu-norma/busca-tu-norma/norma?
c=N0064986 (accessed December 3rd 2022)
[23] ISO/CD TR 6039 “Blockchain and distributed ledger technologies
Identifiers of subjects and objects for the design of blockchain
systems”, ISO/TC307/WG6, https://www.iso.org/standard/81978.html
(accessed December 3rd 2022)
[24] ISO/DIS 22739 “Blockchain and distributed ledger technologies
Vocabulary”, ISO/TC307/WG1,
https://committee.iso.org/standard/82208.html (accessed December 3rd
2022)
[25] ISO/WD 7603 “Decentralized Identity standard for the
identification of subjects and objects”, ISO/TC307/JWG4,
https://www.iso.org/standard/82842.html (accessed December 3rd 2022)
[26] CEN/CLC TS “Decentralised Identity Management Model based
on Blockchain and other Distributed Ledgers Technologies. Part 1:
Generic Reference Framework”, CEN-CENELEC/JTC19/WG1,
https://standards.cencenelec.eu/dyn/www/f?
p=205:22:0::::FSP_ORG_ID,FSP_LANG_ID:2702172,25&cs=16E2AD
C46E2536C73D74C407A6FE4B3FD (accessed December 3rd 2022)
Jerome R. D. Pons is an engineer born in
Rennes, France, in 1977. He graduated from
University of Rennes I and Telecom
ParisTech and started his career in 2001 at
Orange, successively as 3GPP
standardisation manager, Orange Media
Player project manager (Music Podcasts,
Musique Max and Musique Hits), WebTV
marketing project manager (OCS) and then
InterOperability Testing programme
manager.
Entrepreneur, he founded Music won’t
stop in 2011, a live music production business that diversified in 2013
by developing a consulting activity focused on digital technology and
strategy in media and entertainment activity sectors.
Specialist of the stakes related to the digital transformation,
he published many articles and studies (INA, Annales des Mines,
AFDEL / TECH IN France, Techniques de l’Ingénieur) related to
culture funding, value sharing, metadata-based rights management and
intellectual property protection.
Expert in data modelling, he is designing a Digital Content
Data Model (DiCoDaMo), common to three ecosystems (culture,
computing and consumer electronics, telecommunications), including
nine media and entertainment activity sectors and natively integrating
blockchain technology, as well as some Digital Content Data
Management Tools (DiCoDaMaTo).
Specialist of blockchain technology, he devoted himself to
blockchain standardisation since 2016, drives the “architecture and
modelling” working group at the French Standardisation Body
(AFNOR) and participates to several study groups and working groups
(terminology, reference architecture, taxonomy, ontology, use cases,
smart contracts, governance and interoperability) within ISO/TC 307
and CEN-CENELEC/JTC 19.
Since 2018, he develops consulting and vocational training
activities at Music won’t stop, focused on blockchain-based service
development within media and entertainment activity sectors, teaches
blockchain technology to master degree students at Telecom Paris, while
managing Orange Expert Programme at Orange.
December 4th 2022 15
Article
Full-text available
This article explores the blockchain and distributed ledger technology (DLT) application to sustainable development. Recent innovations in blockchain and DLT architectures have significantly improved scalability, reduced the environmental footprint, and maintained the sovereignty of their communities of developers, challenging the arguments that these technologies are inherently unsustainable. New architectures are now mature and viable for a widespread blockchain and DLT application in particular to sustainable development. Their inherent characteristics such as decentralisation, transparency, traceability, trust creation and contract automation, are particularly well-suited to support the United Nations Sustainable Development Goals (UN SDGs). This article provides a comprehensive overview of blockchain and DLT, examines early and new architectures, analyses their use cases to support sustainable development goals, and details implementations in standards and regulations, particularly within the European context.
Article
Full-text available
Blockchain use cases are described by several standardisation bodies, manufacturers, solution providers, consulting companies, economic organisations and researchers, leading to proteiform and non-harmonised documentation. Analysing this documentation is an important step when developing standards especially for extracting the essence and common understanding of the state of the art. This article generalises specific use cases so that they apply to more than one activity sector, by distinguishing cross-sector application domains, cross-sector use case purposes and economic activity sections. This distinction is brought through a three-layer mapping recommendation which is integrated to a generic blockchain use case description and refined with activity sector specificities. This proposal is intended to serve as a basis when specifying blockchain use cases taxonomy.
Decentralised Identity: What's at Stake?
  • Inatba Glossary
INATBA Glossary "Decentralised Identity: What's at Stake?", INATBA, November 2020, https://inatba.org/wp-content/uploads/2020/11/2020-11-INATBA-Decentralised-Identity-001.pdf (accessed December 3 rd 2022)