You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This specification also defines the following terms:
115
115
116
-
Organizational Entity:
116
+
**Organizational Entity**:
117
117
: A Federation Entity represented by a legal entity, specifically referring to public or private organizations (excluding natural persons) recognized through a unique identifier. For the purposes of this specification, an Organizational Entity is also referred to as an Organization.
118
118
119
-
Personal Device:
119
+
**Personal Device**:
120
120
: Any electronic device that is primarily used by an individual. This includes smartphones, tablets, laptops, personal computers, smart watches, and other wearable technologies. Personal Devices are owned and managed by End-Users as individuals, rather than by Organizations, or by End-Users on behalf of an Organization.
121
121
122
-
Wallet Provider:
122
+
**Wallet Provider**:
123
123
: An Organizational Entity responsible for the development, publication, and management of a Wallet Solution.
124
124
125
-
Wallet Instance:
125
+
**Wallet Instance**:
126
126
: Instance of a Wallet Solution belonging to and controlled by a person, be this natural or legal. It enables the request, storage, presentation, and management of Digital Credentials. It can be installed (instantiated) in a Personal Device or in a Remote Service.
127
127
128
-
Wallet Solution:
128
+
**Wallet Solution**:
129
129
: The Wallet Solution is a product offered by a Wallet Provider to enable End-Users to securely manage and use their Digital Credentials. It is delivered by the Wallet Provider in the form of mobile app or cloud service or another form of software application. It may also utilize services and web services for the exchange of data between its Wallet Provider and the Wallet Instances.
130
130
131
-
Authentic Source:
131
+
**Authentic Source**:
132
132
: A protected Resource Server, not necessarily an OAuth 2.0 Resource Server, utilized by the Credential Issuer to retrieve the data necessary for issuing a Credential related to a subject.
133
133
134
-
Credential Verifier:
134
+
**Credential Verifier**:
135
135
: Entity that requests and verifies Digital Credentials presented by a Holder.
136
136
137
-
Credential Verifier Instance:
137
+
**Credential Verifier Instance**:
138
138
: A software application that allows an individual to request to an Holder and receive from that Holder a Digital Credential, sometimes in a proximity flow, and then verify the received Digital Credential.
139
139
140
140
## Trust Models and Trust Frameworks
@@ -222,15 +222,15 @@ There are many ways to technically implement Wallet Instances to manage Digital
222
222
223
223
Below a non-exhaustive list of the different Wallet Instance types.
224
224
225
-
Mobile Wallet Native Application
225
+
**Mobile Wallet Native Application**
226
226
: Also known as Mobile Wallet only, is an application that runs natively on a Personal Device under the sole control of an End-User and provided through a platform vendor specific app-store, on behalf of the Wallet Solution. In some cases the End-User as natural person uses the Mobile Wallet representing a legal person.
227
227
228
-
Web Wallet Native Application
228
+
**Web Wallet Native Application**
229
229
: Also known as Cloud Wallet or Web Wallet only, is a Wallet that uses native web technologies for its components, such as UI components. Cloud Wallets are typically suited for Organizational Entities that requires automated Digital Credential operations (request, issuance, store, presentation, revocations) in unsupervised flows, therefore without any human control. Web Wallets are divided into two additional subtypes:
230
230
- **Custodial Web Wallet**: Cloud Wallets that have dependency on a cloud infrastructure, not necessarily hosted by the Wallet Provider, are typically classified as Custodial Web Wallets; in this case, the cryptographic keys used and the Digital Credentials are stored in the cloud infrastructure.
231
231
- **Non-Custodial Web Wallet**: A Web Wallet where the cryptographic keys are stored and managed on a media in possession by the End-User and the Digital Credentials can only be used by the End-User, e.g. using a FIDO enabled security hardware token, no matter whether the Credentials are stored locally in a Personal Device or in cloud storage.
232
232
233
-
Progressive Web Application Wallet (PWAW)
233
+
**Progressive Web Application Wallet** (PWAW)
234
234
: PWAW is a web application that looks like a native app. It can be installed on a Personal Device and not necessarily using the operative system specific app-store. The advantage with a PWAW is that it gives the End-User the same experience as a Mobile Native Wallet Application while also offering the benefits of a web application. PWAW can be Custodial or Non-Custodial.
235
235
236
236
## Establishing Trust with the Holder
@@ -276,6 +276,7 @@ This section defines the Entity Types used by Organizational Entities in their E
276
276
| Authorization Server |`federation_entity`, `oauth_authorization_server`|[@!OpenID4VCI], [@!RFC8414]|
277
277
| Credential Issuer |`federation_entity`, `openid_credential_issuer`, `oauth_authorization_server`|[@!OpenID4VCI], this specification |
278
278
| Credential Verifier |`federation_entity`, `openid_credential_verifier`|[@!OpenID.Federation], [@!OpenID4VP], this specification |
279
+
279
280
**Table 1**: Map of the Federation Entity Types and corresponding metadata types for the Wallet architectures.
0 commit comments