Difference between revisions of "Trust Architecture"

From DE4A
Jump to navigation Jump to search
m
Line 10: Line 10:
 
! Application Component !! Description !! Pattern(s)
 
! Application Component !! Description !! Pattern(s)
 
|-
 
|-
| [[Trust Service Provisioning Component]]
+
| [[Trust Service Provisioning Component|Trust Service Provisioning]]
 
| Implements the functionalities encapsulating the trust services functionalities.
 
| Implements the functionalities encapsulating the trust services functionalities.
 
A ‘trust service’ means an electronic service which consists of these functionalities:
 
A ‘trust service’ means an electronic service which consists of these functionalities:
Line 21: Line 21:
 
| [[Intermediation Pattern|IM]], [[USI]], [[VC]]
 
| [[Intermediation Pattern|IM]], [[USI]], [[VC]]
 
|-
 
|-
| [[Identity Management Component]]
+
| [[Identity Management Component|Identity Management]]  
 
| Implements the functionality of user authentication.
 
| Implements the functionality of user authentication.
 
‘Electronic identification’ means the process of using person identification data in electronic form uniquely representing either a natural or legal person, or a natural person representing a legal person;
 
‘Electronic identification’ means the process of using person identification data in electronic form uniquely representing either a natural or legal person, or a natural person representing a legal person;

Revision as of 13:53, 24 March 2021


The Trust Architecture application collaboration aggregates multiple co-operating application components realizing all needed services to implement the DE4A trust models. The identity management application component is used by the DC to initiate the authentication process and it implements functionality so the user can authenticate him/herself. Both DC and DP use the component to perform the identity matching based on attributes. The Trust Service provisioning component is also used by both DC and DP to provide functionality to handle the digital signing of messages2. The data encryption/decryption component is again used by both DC and DP to support the encryption and decryption of messages. The Trust Architecture also provides functionality so that natural persons can represent other natural and legal persons.

For VC the collaboration between these components is similar. The interaction between the user identification components remains the same. In addition to creating, verifying and validating digital signatures, the Trust Provisioning Component now also needs to retrieve the DP certificates and communicates with the Distributed ledger access management component to store the certificates to the Trusted list stored/retrieved to/from the Distributed Ledger (instead of persistent storage in the Intermediation pattern).

Application Components of the Information Desk
Application Component Description Pattern(s)
Trust Service Provisioning Implements the functionalities encapsulating the trust services functionalities.

A ‘trust service’ means an electronic service which consists of these functionalities:

i) the creation, verification, and validation of electronic signatures, electronic seals or electronic time stamps, electronic registered delivery services and certificates related to those services, or

ii) the creation, verification and validation of certificates for website authentication; or

iii) the preservation of electronic signatures, seals or certificates related to those services.

IM, USI, VC
Identity Management Implements the functionality of user authentication.

‘Electronic identification’ means the process of using person identification data in electronic form uniquely representing either a natural or legal person, or a natural person representing a legal person;

‘Authentication’ means an electronic process that enables the electronic identification of a natural or legal person, or the origin and integrity of

IM, USI, VC
Record Matching Application component that provides identity matching based on attributes. Provided attributes are matched against attributes in some local registry. IM, USI, VC
Data Encryption/Decryption Application component providing encryption and decryption functionality (symmetrical, asymmetrical or a combination thereof). IM, USI (TODO discuss, strange that this is not applicable to VC)
Mandates/Powers Handles the mandates/powers for legal and natural persons, i.e. persons representing other persons. IM, USI
Distributed Ledger Application component that handles connections and operations related to the distributed ledger. VC
Distributed Ledger Access Management Application component that manages the access management related to Write/Read access into distributed ledger storage. VC