From bc80ae24f2aa1c1a593b9bf7d17fd1ca8106dcc8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=9C=D0=B0=D0=BA=D1=81=D0=B8=D0=BC=20=D0=A1=D0=BE=D1=85?= =?UTF-8?q?=D0=B0=D1=86=D1=8C=D0=BA=D0=B8=D0=B9?= Date: Sat, 16 Nov 2024 07:11:05 +0200 Subject: [PATCH 1/5] Update EUDI.md --- EUDI.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/EUDI.md b/EUDI.md index 45f09bf..c0004b8 100644 --- a/EUDI.md +++ b/EUDI.md @@ -8,12 +8,12 @@ SYNRC CA server supports EUDI. EUDI is decetralized PKIX with ABAC level control over attributes that is using JSON as encoding and HTTP as transport. * eIDAS Node -- State Certificate Authority -* EUDI Verifier -- Verifiable Presentations -* EUID Wallet (Holder) -- iOS/Android Application -* EUDI Provider (Issuer) -- OpenID for Verifiable Credentials (OpenID4VC) +* EUDI Verifier -- Verifiable Presentations (VP) +* EUID Wallet, Holder -- iOS/Android Application +* EUDI Trusted Service Provider (TSP), Issuer -- OpenID for Verifiable Credentials (OpenID4VC) * Personal Identification Data (PID) Provider -- Diia State Enterprise (MSO mDOC) * Qualified and Non-Qualified Electronic Attestation of Attributes (QEAA) Schema Providers -* Qualifiied Electronic Signature Provider (QP) -- Qualified Certificates (QC) +* Qualifiied Electronic Signature Provider (QSP) -- Qualified Certificates (QC) ### Holder, Issuer, Verifier From 3a544b6ca1568d42e8b7f47e169d6ffb6a7fd783 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=9C=D0=B0=D0=BA=D1=81=D0=B8=D0=BC=20=D0=A1=D0=BE=D1=85?= =?UTF-8?q?=D0=B0=D1=86=D1=8C=D0=BA=D0=B8=D0=B9?= Date: Sat, 16 Nov 2024 07:14:56 +0200 Subject: [PATCH 2/5] Update EUDI.md --- EUDI.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/EUDI.md b/EUDI.md index c0004b8..c180921 100644 --- a/EUDI.md +++ b/EUDI.md @@ -7,12 +7,12 @@ SYNRC CA server supports EUDI. EUDI is decetralized PKIX with ABAC level control over attributes that is using JSON as encoding and HTTP as transport. -* eIDAS Node -- State Certificate Authority -* EUDI Verifier -- Verifiable Presentations (VP) -* EUID Wallet, Holder -- iOS/Android Application +* eIDAS Node (CA) -- State Certificate Authority (SAML/HTTP, PKIX, JSON/HTTP) +* EUDI Verification Service Provider (VSP), Verifier -- Verifiable Presentations (VP) +* EUID Wallet, Holder -- iOS/Android Application * EUDI Trusted Service Provider (TSP), Issuer -- OpenID for Verifiable Credentials (OpenID4VC) * Personal Identification Data (PID) Provider -- Diia State Enterprise (MSO mDOC) -* Qualified and Non-Qualified Electronic Attestation of Attributes (QEAA) Schema Providers +* Qualified and Non-Qualified Electronic Attestation of Attributes (QEAA) Schema Providers (MSO mDOC) * Qualifiied Electronic Signature Provider (QSP) -- Qualified Certificates (QC) ### Holder, Issuer, Verifier From 98b270bf0fad6e5ebb9dcfe5db8e2e85df0487fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=9C=D0=B0=D0=BA=D1=81=D0=B8=D0=BC=20=D0=A1=D0=BE=D1=85?= =?UTF-8?q?=D0=B0=D1=86=D1=8C=D0=BA=D0=B8=D0=B9?= Date: Sat, 16 Nov 2024 07:16:38 +0200 Subject: [PATCH 3/5] Update EUDI.md --- EUDI.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/EUDI.md b/EUDI.md index c180921..9ac15de 100644 --- a/EUDI.md +++ b/EUDI.md @@ -8,9 +8,9 @@ SYNRC CA server supports EUDI. EUDI is decetralized PKIX with ABAC level control over attributes that is using JSON as encoding and HTTP as transport. * eIDAS Node (CA) -- State Certificate Authority (SAML/HTTP, PKIX, JSON/HTTP) -* EUDI Verification Service Provider (VSP), Verifier -- Verifiable Presentations (VP) -* EUID Wallet, Holder -- iOS/Android Application -* EUDI Trusted Service Provider (TSP), Issuer -- OpenID for Verifiable Credentials (OpenID4VC) +* EUDI Verification Service Provider (VSP), Verifier -- Verifiable Presentations (VP, mDOC) +* EUID Wallet, Holder -- iOS/Android Application (PKIX, mDOC, OpenID4VC) +* EUDI Trusted Service Provider (TSP), Issuer -- OpenID for Verifiable Credentials (OpenID4VC, mDOC) * Personal Identification Data (PID) Provider -- Diia State Enterprise (MSO mDOC) * Qualified and Non-Qualified Electronic Attestation of Attributes (QEAA) Schema Providers (MSO mDOC) * Qualifiied Electronic Signature Provider (QSP) -- Qualified Certificates (QC) From b647d8c1f92dcebe7f587cfc52f9df27e0bcd860 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=9C=D0=B0=D0=BA=D1=81=D0=B8=D0=BC=20=D0=A1=D0=BE=D1=85?= =?UTF-8?q?=D0=B0=D1=86=D1=8C=D0=BA=D0=B8=D0=B9?= Date: Sat, 16 Nov 2024 07:18:17 +0200 Subject: [PATCH 4/5] Update EUDI.md --- EUDI.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/EUDI.md b/EUDI.md index 9ac15de..bdd412d 100644 --- a/EUDI.md +++ b/EUDI.md @@ -10,7 +10,7 @@ EUDI is decetralized PKIX with ABAC level control over attributes that is using * eIDAS Node (CA) -- State Certificate Authority (SAML/HTTP, PKIX, JSON/HTTP) * EUDI Verification Service Provider (VSP), Verifier -- Verifiable Presentations (VP, mDOC) * EUID Wallet, Holder -- iOS/Android Application (PKIX, mDOC, OpenID4VC) -* EUDI Trusted Service Provider (TSP), Issuer -- OpenID for Verifiable Credentials (OpenID4VC, mDOC) +* EUDI Trusted Service Provider (TSP), Issuer -- OpenID for Verifiable Credentials (OpenID4VC, mDOC, SAML) * Personal Identification Data (PID) Provider -- Diia State Enterprise (MSO mDOC) * Qualified and Non-Qualified Electronic Attestation of Attributes (QEAA) Schema Providers (MSO mDOC) * Qualifiied Electronic Signature Provider (QSP) -- Qualified Certificates (QC) From fb046ecd14d3aa414b10f825bd4fd917f2400aba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=9C=D0=B0=D0=BA=D1=81=D0=B8=D0=BC=20=D0=A1=D0=BE=D1=85?= =?UTF-8?q?=D0=B0=D1=86=D1=8C=D0=BA=D0=B8=D0=B9?= Date: Sat, 16 Nov 2024 12:35:01 +0200 Subject: [PATCH 5/5] Update EUDI.md --- EUDI.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/EUDI.md b/EUDI.md index bdd412d..d1d17ab 100644 --- a/EUDI.md +++ b/EUDI.md @@ -5,7 +5,7 @@ SYNRC CA server supports EUDI. ### Architecture -EUDI is decetralized PKIX with ABAC level control over attributes that is using JSON as encoding and HTTP as transport. +EUDI is decentralized PKIX with ABAC level control over attributes that is using JSON as encoding and HTTP as transport. * eIDAS Node (CA) -- State Certificate Authority (SAML/HTTP, PKIX, JSON/HTTP) * EUDI Verification Service Provider (VSP), Verifier -- Verifiable Presentations (VP, mDOC) @@ -20,14 +20,15 @@ EUDI is decetralized PKIX with ABAC level control over attributes that is using In an OpenID4VC ecosystem, the Verifier and the Issuer are connected indirectly through the credential lifecycle, with interactions primarily mediated by the Holder. This architecture ensures trust without requiring a direct, continuous relationship -between the Verifier and the Issuer, adhering to privacy and decentralization principles. -The Verifier does not directly contact the Issuer during typical operations unless a status check is required. -The Holder acts as the intermediary, ensuring their privacy and control over the data being shared. +between the Verifier and the Issuer, adhering to privacy and decentralizition principles. +The Verifier does not contact the Issuer directly during routine operations unless a +status check is necessary. The Holder acts as an intermediary, maintaining privacy +and control over shared data. -EUDI Wallet acts as Holder, QEAA, EAA, PIP (TSPs) act as EUDI Providers or Issuers. EUDI Verifier perform -status verification of credentials and acts as presentations Verifier. +EUDI Wallet acts as Holder, QEAA, EAA, PIP (TSPs) act as EUDI Providers or Issuers. +EUDI Verifier perform status verification of credentials and acts as presentations Verifier. -### PKIX vs OpenID4VC +### PKIX vs EUDI EUDI model has a similarity with PKIX. The same way person use a signed attribute set (a X.509 certificate from CSR attributes) @@ -35,10 +36,9 @@ for authentication and authorization in PKI, the OpenID4VC provider (PIP) envelo set of attributes (digital presentation of claims) and issue and Electronic Documents in mDOC format for EUDI Wallet. -However, unlike PKIX with its centralized model, -EUDI provide distributed model without single root CA, -where all parties bounded cryptographycally. Also, EUDI has more subtle -and rigorous control over attributes (claims) like in ABAC model. +Unlike PKIX, EUDI relies on a centralized model with a single root CA, +EUDI employs a distributed model where all parties are cryptographically bound. +EUDI enforces more rigorous control over attributes (claims), akin to the ABAC model. CRLs and OCSP can create privacy concerns since they involve querying a CA, potentially exposing the user's activity.