.. _glossary:

========
Glossary
========

For the purpose of this documentation, the following terms and definitions apply.

Terms and Definitions
=====================

.. list-table:: 
    :width: 100%
    :widths: 30 70

    * - Asymmetrical cryptography
      - Encryption/decryption operations performed using a key pair: a private key used by the issuer to sign documents and a public key used to verify the signature. The two keys have an “asymmetric” role, hence the term.

    * - C40 encoding
      - Encoding defined in ISO 16022:2006 to reduce the number of bytes required to encode a string of characters.

    * - Certificate
      - Electronic file attesting that a cryptographic key pair belongs to a person or a hardware or software component as identified in the certificate. A certificate is issued by a Certification Authority. By signing the certificate, the Certification Authority approves the link between the identity of a person or component and the cryptographic key pair. The certificate may be revoked if it doesn't attest the validity of this link any more. The certificate has a limited validity period.

    * - Certificate Authority (CA)
      - Service offered by a trust service provider to create, issue and produce certificates on behalf of users, and ensure the integrity of the electronic identification of signatories.

        Note: The CA signs the certificate (with its own private key) to guarantee the integrity of the certificate and the accuracy of the data contained in the certificates that it issues.

    * - Certificate Revocation List (CRL)
      - List of Certificates that have been revoked by the issuing Certificate Authority before their scheduled expiration date and should no longer be trusted.

    * - Digital Signature Algorithm (DSA)
      - Algorithms that can be used to generate digital signatures. These include, but are not limited to, RSA and ECDSA algorithms defined in FIPS PUB 186-4 – Digital Signature Standard.

    * - Digital Seal
      - Data set signed in digital form that is logically attached or associated with other data in digital form to ensure the origin and integrity of the data.

    * - Electronic certificate (also referred to as a “certificate” or “X.509 certificate”)
      - Electronic file attesting that a cryptographic key pair belongs to either a physical or legal person, a hardware component or a software component as identified in the certificate. Certificates are issued by a Certificate Authority (CA). By signing the certificate, the CA certifies the association between the key pair with the person, hardware component or software component. A certificate may be revoked if this association can no longer be established. A certificate is valid for a limited amount of time.

    * - Electronically Signed Encoded Data Set (ESEDS)
      - A structured data set, often in the form of an MRC, containing a payload and its signature from the issuer. A header identifies the type of payload and the issuer. An optional auxiliary data block may be added after the signature.

    * - Hash
      - Operation that consists of applying a mathematical function to create a digital fingerprint on a data block, transforming the data block into a fixed-size code for authentication and storage purposes. Any change to the original data block results in a change in the hash value.

    * - Machine-Readable Code (MRC)
      - A graphic symbol or electronic device or a combination of the two containing a set of signs or letters that can be interpreted by an acquisition system. Examples of MRC  include, but are not limited to, 2D barcodes and RFID tags

    * - Manifest
      - External resource containing information in XML format about the VDS use case, its data schema, validation policies and optional extensions.

    * - Online Certificate Status Protocol (OCSP)
      - Protocol defined in RFC 6960 to validate a certificate’s status, usually to determine if the certificate has been revoked. Alternative to a certificate revocation list (CRL).

    * - Personal Data
      - Any information relating to an individual who is or can be identified, directly or indirectly, from that information. Personal data include: biographical data, such as name, sex, civil status, date and place of birth, country of origin, country of residence, individual registration number, occupation, religion and ethnicity; biometric data, such as a photograph, fingerprint, facial or iris image; health data; as well as any expression of opinion about the individual, such as assessments of his or her health status and/or specific needs.

    * - Response Formatting Function (RFF)
      - A function specifying how to format and present the output with VDS verification results.

    * - Schema
      - Payload data structure. Allows for data encoding, decoding and verification.

    * - Symbology
      - Correspondence between a payload and a machine-readable code, generally in the form of a barcode. A symbology:

        - describes the encoding of numeric, text or binary data in a barcode;
        - defines the redundancy and error correction code mechanisms; and
        - specifies the quiet zone around the barcode

    * - Trusted Entry Point (TEP)
      - Software application that manages the acquisition and strict validation of the VDS against format specifications, and security and governance rules.

    * - Trust Service List (TSL)
      - A trusted-service list compliant with ETSI TS 119 612 and containing information about the TSO, the TSPs and the TSP’s CA authorized to issue certificates to sign a VDS. TSLs are extensible using XML extensions defined by the TSO.

    * - Trust Service Operator (TSO)
      - Entity that defines the governance structure and technical requirements of the trust service, and oversees the overall operations. In some industries, the TSO acts as the Authentication Service Body (ASB).

    * - Trust Service Provider (TSP)
      - Entity tasked with defining the CA trust framework and governance structure, offering certificate service(s), operating the CA and ensuring compliance with said governance.

    * - Uniform Resource Identifier (URI)
      - Character string that unambiguously identifies a particular resource. Their syntax is defined in \rfc{3986} – Uniform Resource Identifiers.

    * - Visible Digital Seal (VDS)
      - A VDS is a device used to guarantee the authenticity and the integrity of sensitive data contained in a hard copy or electronic document at a relatively low cost, but with a high level of security by using asymmetrical cryptography.


Abbreviated Terms
=================

For the purpose of this documentation, the following abbreviations apply.

.. list-table:: 
    :width: 100%
    :widths: 30 70

    * - AES   
      - Advanced Encryption Standard                                 
    * - CA    
      - Certification Authority                                      
    * - CBC   
      - Cipher Block Chaining                                        
    * - CRL   
      - Certification Revocation List                                
    * - ECDSA 
      - Elliptic Curve Digital Signature Algorithm                   
    * - ESEDS 
      - Electronically Signed Encoded Data Set					   
    * - ISO   
      - International Organization for Standardization               
    * - LoTL  
      - List of Trust List                                           
    * - MRC   
      - Machine-Readable Code                                        
    * - OCSP  
      - Online Certificate Status Protocol						   
    * - RFF   
      - Response Formatting Function                                 
    * - RFU   
      - Reserved for Future Use                                      
    * - SHA   
      - Secure Hash Algorithm                                        
    * - TEP   
      - Trusted Entry Point                                          
    * - TSL   
      - Trust Service List                                           
    * - TSO   
      - Trust Service Operator                                       
    * - TSP   
      - Trust Service Provider                                       
    * - URI   
      - Uniform Resource Identifier                                  
    * - VDS   
      - Visible Digital Seal                                         
    * - XAdES 
      - XML Advanced Electronic Signature							   
    * - XML   
      - eXtensible Markup Language                                   
