...
Definition: A feature of credentials that allows holders to share only specific claims or data fields with verifiers.
Purpose: Enhances privacy and minimizes data exposure.
...
Federation Overview
The OpenID Federation in the DC4EU Wallet ecosystem operates as a dynamic trust framework, enabling seamless and scalable interactions between issuers, wallets, and verifiers. By leveraging cryptographic proofs and hierarchical relationships, the federation ensures secure credential issuance, management, and verification.
...
Federation Architecture and Core Entities
The federation follows a hierarchical structure, with the Trust Anchor (TA) serving as the root of trust. Below the TA, subordinate entities like Subordinate entities, including Trust Mark Issuers, Credential Issuers, and Wallet Providers, and Verifiers, establish their roles through dynamic metadata exchanges and trust chains.
Key
...
Entities and Their Roles:
Trust Anchor (TA):
Root entity responsible for- Acts as the root of trust, defining federation policies and signing metadata.
- Ensures the authenticity and integrity of the federation’s trust framework.
Trust Mark Issuer (TMI):
- Issues
- Trust Marks to
- certify entities’ compliance with trust and interoperability requirements.
- Plays a critical role in policy enforcement within the federation.
Credential Issuers:
- Generate and issue
- Wallet Providers: Enable wallets to discover and interact with the federation.
- Verifiers: Validate the authenticity and integrity of credentials for relying parties.
Core Entities and Their Roles
...
Trust Anchor (TA):
- Signs metadata for subordinate entities.
- Acts as the authoritative root for trust relationships.
...
Trust Mark Issuer (TMI):
- Issues Trust Marks as cryptographic JWTs.
- Ensures compliance with federation policies.
Credential Issuers:
...
- verifiable credentials (e.g., EHIC, PDA1).
- Interface with authentic sources to retrieve user attributes.
Wallet Providers
...
:
...
- Enable Wallet Instance registration
...
- and interaction with the federation.
- Act as the primary interface for wallets, which are external to the federation
...
- .
Verifiers:
- Validate credentials presented by holders.
- Ensure
...
- that credentials adhere to defined schemas and trust models.
...
Trust Workflow
The trust workflow involves metadata discovery, validation, and trust establishment:
...