Skip to main content

Dictionary SSI



  • (risk) control

    • digital.govt.nz

      (noun) measure that maintains and / or modifies risk[Source: ISO 31073:2022 modified to add note 3]Additional notes:Note 1: Risk controls include, but are not limited to, any process, policy, device, practice, or other conditions and / or actions which maintain and / or modify risk.Note 2: Risk controls do not always exert the intended or assumed modifying effect.Note 3: When using the Assessing identification risk guidance to calculate levels of identification process, these processes are not included as risk controls.
  • AAL

  • ABAC

  • ACDC

  • ADC

  • ADR

  • AID

  • AID controlled identifiers

    • ToIP (DID:Webs)

      Any identifier, including did:webs DIDs, that have the same AID are by definition referencing the same identity. As defined in the KERI specification
  • APC

  • API

  • AVR

  • Action

    • Essif-Lab

      something that is actually done (a 'unit of work' that is executed) by a single actor (on behalf of a given party), as a single operation, in a specific context.
  • Actor

    • Essif-Lab

      an offer by a specific party to provide a (type of) credential, where the offer includes (a reference to) the syntax and semantics specifications of that credential, and also lists various other characteristics that enable other parties to decide whether or not a credential that the advertising party has issued under this offer, is valid to be processed in one or more of its information processes.
  • Agent

  • Assertion

    • Essif-Lab

      a declaration/statement, made by a specific party, that something is the case.
  • Assessment Framework

    • Essif-Lab

      the combination of a set of criteria that an auditor can assess by applying them to an entity (of a specific kind), and the procedures that this auditor will follow for doing so, for the purpose of establishing the extent in which that entity conforms to a stated set of requirements.
  • Attribute

    • Essif-Lab

      data, that represents a characteristic that a party (the owner of the attribute) has attributed to an entity (which is the subject of that attribute).
    • TSWG (ACDC)

      a top-level field map within an ACDC that provides a property of an entity that is inherent or assigned to the entity.
  • Authentic Chained Data Container

  • Authority (Centralized or Decentralized)

  • Autonomic Identifier

    • TSWG (ACDC)

      a self-managing cryptonymous identifier that must be self-certifying (self-authenticating) and must be encoded in CESR as a qualified Cryptographic Primitive.
  • Autonomic Identifier (AID)

    • TSWG (CESR)

      a self-managing cryptonymous identifier that must be self-certifying (self-authenticating) and must be encoded in CESR as a qualified Cryptographic Primitive.
  • Autonomic identifier

    • TSWG (Keri)

      a self-managing cryptonymous identifier that must be self-certifying (self-authenticating) and must be encoded in CESR as a qualified Cryptographic primitive.
  • Autonomic identity system

    • TSWG (Keri)

      an identity system that includes a primary root-of-trust in self-certifying identifiers that are strongly bound at issuance to a cryptographic signing (public, private) key pair. An AIS enables any entity to establish control over an AN in an independent, interoperable, and portable way.
  • Autonomic namespace

    • TSWG (Keri)

      a namespace that is self-certifying and hence self-administrating. An AN has a self-certifying prefix that provides cryptographic verification of root control authority over its namespace. All derived AIDs in the same AN share the same root-of-trust, source-of-truth, and locus-of-control (RSL). The governance of the namespace is therefore unified into one entity, that is, the controller who is/holds the root authority over the namespace.
  • BADA

  • BADA-RUN

    • ToIP (DID:Webs)

      Best available data acceptance - Read/Update/Nullify provides a medium level of security because events are ordered in a consistent way, using a combination of date-time and a key state. The latest event is the one with the latest date-time for the latest key state. See The KERI spec for more detail.
  • BFT

  • BOLA

  • Backer

    • TSWG (Keri)

      an alternative to a traditional KERI based Witness commonly using Distributed Ledger Technology (DLT) to store the KEL for an identifier.
  • C2PA

  • CA

  • CAI

  • CBOR

  • CESR

  • CLC

  • CRUD

    • Nist

      Term found but the definition does not exist yet.
    • WebOfTrust

      CRUD

      Definition

      Is acronym for the traditional client-server database update policy is CRUD (Create, Read, Update, Delete).

      CRUD as opposed to RUN which is the acronym for the new peer-to-peer end-verifiable monotonic update policy.

      OOBI related

      We RUN off the CRUD, which means that because the source of truth for each data item is a decentralized controller Peer, a given database hosted by any Peer does not create records in the traditional sense of a server creating records for a client.

  • CSPRNG

    • WebOfTrust

      CSPRNG

      Definition

      means "Cryptographically Secure Pseudorandom Number Generator" which means that a sequence of numbers (bits, bytes...) that is produced from an algorithm which is deterministic (the sequence is generated from some unknown internal state), hence pseudorandom, is also cryptographically secure, or not.

      It is cryptographically secure if nobody can reliably distinguish the output from true randomness, even if the PRNG algorithm is perfectly known (but not its internal state). A non-cryptographically secure PRNG would fool basic statistical tests but can be distinguished from true randomness by an intelligent attacker.
      (Source: https://crypto.stackexchange.com/questions/12436/what-is-the-difference-between-csprng-and-prng)

      See also

      PRNG

  • CT

    • Nist

      A framework for publicly logging the existence of Transport Layer Security (TLS) certificates as they are issued or observed in a manner that allows anyone to audit CA activity and notice the issuance of suspect certificates as well as to audit the certificate logs themselves. (Experimental RFC 6962)
  • Capability (of a Party)

    • Essif-Lab

      the (named) combination of (a) the means of a specific party to get something done, (b) the party governance process that ensures that its (business) policies for getting that something done are being created and maintained, and (c) the party management process that creates and maintains the (operational) policies, such that every employee that has a task in getting this something done can find and interpret a policy and use it as it executes action in such tasks.
  • Capability (of an Actor)

    • Essif-Lab

      the potential of an actor to execute a (named) coherent set of action (a 'function', or 'task') on behalf of some party.
  • Chain-link Confidential Disclosure

    • TSWG (ACDC)

      contractual restrictions and liability imposed on a recipient of a disclosed ACDC that contractually link the obligations to protect the disclosure of the information contained within the ACDC to all subsequent recipients as the information moves downstream. The Chain-link Confidential Disclosure provides a mechanism for protecting against unpermissioned exploitation of the data disclosed via an ACDC.
  • Coalition for Content Provenance and Authenticity

    • ToIP

      C2PA is a Joint Development Foundation project of the Linux Foundation that addresses the prevalence of misleading information online through the development of technical standards for certifying the source and history (or provenance) of media content.

      Also known as: C2PA.

      See also: Content Authenticity Initiative.

  • Colleague

  • Commitment Decision

  • Communication Channel

    • Essif-Lab

      a (digital or non-digital) means by which two actor can exchange messages with one another.
  • Communication Session

  • Community

    • Essif-Lab

      a party, consisting of at least two different parties (the members of the community) that seek to collaborate with each other so that each of them can achieve its individual objective more efficiently and/or effectively.
  • Compact Disclosure

    • TSWG (ACDC)

      a disclosure of an ACDC that discloses only the SAID(s) of some or all of its field maps. Both Partial and Selective Disclosure rely on Compact Disclosure.
  • Compliance

    • Essif-Lab

      the state of realization of a set of conformance criteria or normative framework of a party.
  • Compliance Objective

    • Essif-Lab

      an objective, owned by a party, that aims to reach and maintain a state of affairs in which a specific set of entities that this party controls are in accordance with a specific set of requirements (e.g., laws, regulations, standards, etc.).
  • Compliance level

    • Essif-Lab

      a measure for stating how well an entity conforms with a stated (set of) requirement(s).
  • Compliance management

  • Composability

    • TSWG (CESR)

      short for text-binary concatenation composability. An encoding has Composability when any set of Self-Framing concatenated Primitives expressed in either the Text domain or Binary domain may be converted as a group to the other Domain and back again without loss.
  • Concept

  • Concise Binary Object Representation

    • TSWG (Keri)

      a binary serialization format, similar in concept to JSON but aiming for greater conciseness. Defined in [RFC7049].
  • Configuration traits

    • TSWG (Keri)

      a list of specially defined strings representing a configuration of a KEL. See (Configuration traits field)[#configuration-traits-field].
  • Content Authenticity Initiative

    • ToIP

      The Content Authenticity Initiative (CAI) is an association founded in November 2019 by Adobe, the New York Times and Twitter. The CAI promotes an industry standard for provenance metadata defined by the C2PA. The CAI cites curbing disinformation as one motivation for its activities.

      Source: Wikipedia.

      Also known as: CAI.

  • Contractually Protected Disclosure

    • TSWG (ACDC)

      a discloser of an ACDC that leverages a Graduated Disclosure so that contractual protections can be put into place to minimize the leakage of information that can be correlated. A Contractually Protected Disclosure partially or selectively reveals the information contained within the ACDC in the initial interaction with the recipient and disclose further information only after the recipient agrees to the terms established by the discloser. More information may be progressively revealed as the recipient agrees to additional terms.
  • Control

    • Essif-Lab

      the combination of resources (e.g. people, tools, budgets, time) and processes that are tasked to realize a specific control objective of a particular party.
  • Control Objective

  • Control Process

  • Control level

  • Controller

    • Essif-Lab

      the role that an actor performs as it is executing actions on that entity for the purpose of ensuring that the entity will act/behave, or be used, in a particular way.
    • TSWG (ACDC)

      an entity that can cryptographically prove the control authority over an AID and make changes on the associated KEL. A controller of a multi-sig AID may consist of multiple controlling entities. See controller.
    • TSWG (Keri)

      an entity that can cryptographically prove the control authority over an AID and make changes on the associated KEL. A controller of a multi-sig AID may consist of multiple controlling entities.
  • Controllership

  • Corpus of Terminology

  • Credential

    • Essif-Lab

      data, representing a set of assertion (claims, statements), authored and signed by, or on behalf of, a specific party.
  • Credential Catalogue

  • Credential Type

    • Essif-Lab

      the specification of the contents, properties, constraints etc. that credential of this type must have/comply with.
  • Cryptographic Primitive

    • TSWG (CESR)

      the serialization of a value associated with a cryptographic operation including but not limited to a digest (hash), a salt, a seed, a private key, a public key, or a signature.
    • TSWG (Keri)

      the serialization of a value associated with a cryptographic operation including but not limited to a digest (hash), a salt, a seed, a private key, a public key, or a signature.
  • Cryptonym

    • TSWG (Keri)

      a cryptographic pseudonymous identifier represented by a string of characters derived from a random or pseudo-random secret seed or salt via a one-way cryptographic function with a sufficiently high degree of cryptographic strength (e.g., 128 bits, see appendix on cryptographic strength) [13] [14] [12] [11]. A Cryptonym is a type of Primitive. Due to the entropy in its derivation, a Cyptonym is a universally unique identifier and only the Controller of the secret salt or seed from which the Cryptonym is derived may prove control over the Cryptonym. Therefore the derivation function must be associated with the Cryptonym and may be encoded as part of the Cryptonym itself.
  • Current threshold

    • TSWG (Keri)

      represents the number or fractional weights of signatures from the given set of current keys required to be attached to a Message for the Message to be considered fully signed.
  • DAG

  • DAR

  • DEL

  • DHT

  • DID

  • DID URL

    • ToIP

      A DID plus any additional syntactic component that conforms to the definition in section 3.2 of the W3C Decentralized Identifiers (DIDs) 1.0 specification. This includes an optional DID path (with its leading / character), optional DID query (with its leading ? character), and optional DID fragment (with its leading # character).

      Source: W3C DID.

    • W3C (DID)

      A DID plus any additional syntactic component that conforms to thedefinition in 3.2 DID URL Syntax. This includes an optional DIDpath (with its leading / character), optional DID query(with its leading ? character), and optional DID fragment(with its leading # character).
  • DID URL dereferencer

    • W3C (DID)

      A software and/or hardware system that performs the DID URL dereferencingfunction for a given DID URL or DID document.
  • DID URL dereferencing

    • W3C (DID)

      The process that takes as its input a DID URL and a set of inputmetadata, and returns a resource. This resource might be a DIDdocument plus additional metadata, a secondary resourcecontained within the DID document, or a resource entirelyexternal to the DID document. The process uses DID resolution tofetch a DID document indicated by the DID contained within theDID URL. The dereferencing process can then perform additional processingon the DID document to return the dereferenced resource indicated by theDID URL. The inputs and outputs of this process are defined in7.2 DID URL Dereferencing.
  • DID controller

    • ToIP

      An entity that has the capability to make changes to a DID document. A DID might have more than one DID controller. The DID controller(s) can be denoted by the optional controller property at the top level of the DID document. Note that a DID controller might be the DID subject.

      Source: W3C DID.

      See also: controller.

    • W3C (DID)

      An entity that has the capability to make changes to a DID document. ADID might have more than one DID controller. The DID controller(s)can be denoted by the optional controller property at the top level of theDID document. Note that a DID controller might be the DIDsubject.
  • DID delegate

    • W3C (DID)

      An entity to whom a DID controller has granted permission to use averification method associated with a DID via a DIDdocument. For example, a parent who controls a child's DID documentmight permit the child to use their personal device in order toauthenticate. In this case, the child is the DID delegate. Thechild's personal device would contain the private cryptographic materialenabling the child to authenticate using the DID. However, the childmight not be permitted to add other personal devices without the parent'spermission.
  • DID document

    • ToIP

      A set of data describing the DID subject, including mechanisms, such as cryptographic public keys, that the DID subject or a DID delegate can use to authenticate itself and prove its association with the DID. A DID document might have one or more different representations as defined in section 6 of the W3C Decentralized Identifiers (DIDs) 1.0 specification.

      Source: W3C DID.

    • ToIP (DID:Webs)

      A set of data describing the subject of a DID, as defined by DID Core. See also section DID Documents.
    • W3C (DID)

      A set of data describing the DID subject, including mechanisms, such ascryptographic public keys, that the DID subject or a DID delegatecan use to authenticate itself and prove its association with theDID. A DID document might have one or more differentrepresentations as defined in 6. Representations or in theW3C DID Specification Registries [DID-SPEC-REGISTRIES].
  • DID document metadata

    • ToIP (DID:Webs)

      DID document metadata is metadata about the DID and the DID document that is the result of the DID Resolution process. See also DID Document Metadata in the DID Core specification.
  • DID fragment

    • W3C (DID)

      The portion of a DID URL that follows the first hash sign character(#). DID fragment syntax is identical to URI fragment syntax.
  • DID method

    • ToIP

      A definition of how a specific DID method scheme is implemented. A DID method is defined by a DID method specification, which specifies the precise operations by which DIDs and DID documents are created, resolved, updated, and deactivated.

      Source: W3C DID.

      For more information: https://www.w3.org/TR/did-core/#methods 

    • W3C (DID)

      A definition of how a specific DID method scheme is implemented. A DID method isdefined by a DID method specification, which specifies the precise operations bywhich DIDs and DID documents are created, resolved, updated,and deactivated. See 8. Methods.
  • DID path

    • W3C (DID)

      The portion of a DID URL that begins with and includes the first forwardslash (/) character and ends with either a question mark(?) character, a fragment hash sign (#) character,or the end of the DID URL. DID path syntax is identical to URI path syntax.See Path.
  • DID query

    • W3C (DID)

      The portion of a DID URL that follows and includes the first questionmark character (?). DID query syntax is identical to URI querysyntax. See Query.
  • DID resolution

    • W3C (DID)

      The process that takes as its input a DID and a set of resolutionoptions and returns a DID document in a conforming representationplus additional metadata. This process relies on the "Read" operation of theapplicable DID method. The inputs and outputs of this process aredefined in 7.1 DID Resolution.
  • DID resolution metadata

    • ToIP (DID:Webs)

      DID resolution metadata is metadata about the DID Resolution process that was performed in order to obtain the DID document for a given DID. See also DID Resolution Metadata in the DID Core specification.
  • DID resolver

    • W3C (DID)

      A DID resolver is a software and/or hardware component that performs theDID resolution function by taking a DID as input and producing aconforming DID document as output.
  • DID scheme

    • W3C (DID)

      The formal syntax of a decentralized identifier. The generic DID schemebegins with the prefix did: as defined in 3.1 DID Syntax. Each DID method specification defines a specificDID method scheme that works with that specific DID method. In a specific DIDmethod scheme, the DID method name follows the first colon and terminates withthe second colon, e.g., did:example:
  • DID subject

    • ToIP

      The entity identified by a DID and described by a DID document. Anything can be a DID subject: person, group, organization, physical thing, digital thing, logical thing, etc.

      Source: W3C DID.

      See also: subject.

    • W3C (DID)

      The entity identified by a DID and described by a DID document.Anything can be a DID subject: person, group, organization, physical thing,digital thing, logical thing, etc.
  • DKMI

  • DPKI

  • DRM

  • DWN

  • Data

    • Essif-Lab

      something (tangible) that can be used to communicate a meaning (which is intangible/information).
  • Dead-Attack

    • TSWG (Keri)

      an attack on an establishment event that occurs after the Key-state for that event has become stale because a later establishment event has rotated the sets of signing and pre-rotated keys to new sets. See (Security Properties of Prerotation)[#dead-attacks].
  • Decentralized GRC Pattern

    • Essif-Lab

      a set of concepts and other semantic units that can be used to explain one's thinking about topics related to Governance, Risk management and Compliance (GRC) in a decentralized context, i.e., a context in which parties all autonomously do their own GRC.
  • Decentralized Identity Foundation

  • Decentralized Risk Management Pattern

  • Decentralized Web Node

  • Decentralized key management infrastructure

    • TSWG (Keri)

      a key management infrastructure that does not rely on a single entity for the integrity and security of the system as a whole. Trust in a DKMI is decentralized through the use of technologies that make it possible for geographically and politically disparate entities to reach an agreement on the key state of an identifier DPKI.
  • Decision

    • Essif-Lab

      the conclusion that a party inferences from a set of data that it considers to be facts.
  • Decision Making Pattern

    • Essif-Lab

      a set of concepts and other semantic units that can be used to explain how parties would, could, or should reason in order to reach good conclusions and make good decisions. This can be used as a basis for understanding the information needs of parties as they need to decide e.g. whether or not to commit to a Transaction proposal, or whether or not data is valid for some purpose. This pattern is based on Toulmin's use of arguments (of which a pragmatical text can be found here)
  • Define

    • Essif-Lab

      to provide a criterion and a term, where the criterion can be used by people to determine whether or not something is an instance/example of a concept (or other semantic unit), and the term is used to refer to that concept, or an arbitrary instance thereof.
  • Definition

    • Essif-Lab

      a text that helps parties to have the same understanding about the meaning of (and concept behind) a term, ideally in such a way that these parties can determine whether or not they make the same distinction.
  • Definition Pattern

  • Delegate

  • Dependent

  • Dictionary

    • Essif-Lab

      an alphabetically sorted list of term with various meanings they may have in different contexts.
  • Disclosee

    • TSWG (ACDC)

      a role of an entity that is a recipient to which an ACDC is disclosed. A Disclosee may or may not be the Issuee of the disclosed ACDC.
  • Discloser

    • TSWG (ACDC)

      a role of an entity that discloses an ACDC. A Discloser may or may not be the Issuer of the disclosed ACDC.
  • Documentation Interoperability

    • Essif-Lab

      the property that a documentation system of making its content comprehensible for a variety of people that come from different backgrounds.
  • Domain

    • TSWG (CESR)

      a representation of a Primitive either Text (T), Binary (B) or Raw binary (R).
  • Duplicity

    • TSWG (ACDC)

      the existence of more than one Version of a Verifiable KEL for a given AID. See duplicity.
    • TSWG (Keri)

      the existence of more than one Version of a Verifiable KEL for a given AID.
  • Duties and Rights Pattern

  • E2E

  • ECR

  • ESSR

  • Ecosystem

    • Essif-Lab

      a set of at least two (autonomous) parties (its 'members') whose individual work complements that of other members, and is of benefit to the set as a whole.
  • Edge

    • TSWG (ACDC)

      a top-level field map within an ACDC that provides edges that connect to other ACDCs, forming a labeled property graph (LPG).
  • Employee

  • Employer

  • Employment Contract

    • Essif-Lab

      an agreement/contract between two parties, one of which controls a set of actor (the subject of the contract), that states (or refers to) all (sets of) rights and duties under which these actor can and/or must work for the other party.
  • End-to-End Principle

  • End-verifiability

    • TSWG (Keri)

      a data item or statement may be cryptographically securely attributable to its source (party at the source end) by any recipient verifier (party at the destination end) without reliance on any infrastructure not under the verifiers ultimate control.
  • Entity

    • Essif-Lab

      someone or something that is known to exist.
  • Establishment event

    • TSWG (Keri)

      a Key event that establishes or changes the Key state which includes the current set of authoritative keypairs (Key state) for an AID.
  • Expectation

    • Essif-Lab

      an objective that is owned by a party for having a specific (set of) result(s) produced, where the actual production thereof is (going to be) outsourced to another party.
  • FAL

  • FFI

  • First-Seen

    • TSWG (Keri)

      refers to the first instance of a Message received by any Witness or Watcher. The first-seen event is always seen, and can never be unseen. It forms the basis for Duplicity detection in KERI based systems.
  • Framework (Conceptual)

    • Essif-Lab

      a set of assumptions, concepts, values, and practices that constitutes a way of viewing reality.
  • Framing Code

    • TSWG (ACDC)

      a code that delineate a number of characters or bytes, as appropriate, that can be extracted atomically from a Stream.
  • Framing Codes

    • TSWG (CESR)

      codes that delineate a number of characters or bytes, as appropriate, that can be extracted atomically from a Stream.
  • Full Disclosure

    • TSWG (ACDC)

      a disclosure of an ACDC that discloses the full details of some or all of its field maps. In the context of Selective Disclosure, Full Disclosure means detailed disclosure of the selectively disclosed attributes, not the detailed disclosure of all selectively disclosable attributes. In the context of Partial Disclosure, Full Disclosure means detailed disclosure of the field map that was so far only partially disclosed.
  • GAR

  • GDPR

  • GLEIF

  • GLEIS

    • WebOfTrust

      GLEIS

      Definition

      Global Legal Entity Identifier System

  • GPG

  • GRC

  • General Data Protection Regulation

    • ToIP

      The General Data Protection Regulation (Regulation (EU) 2016/679, abbreviated GDPR) is a European Union regulation on information privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and human rights law, in particular Article 8(1) of the Charter of Fundamental Rights of the European Union. It also governs the transfer of personal data outside the EU and EEA. The GDPR's goals are to enhance individuals' control and rights over their personal information and to simplify the regulations for international business.

      Source: Wikipedia.

      Also known as: GDPR.

  • Glossary

    • Essif-Lab

      an alphabetically sorted list of term with the (single) meaning it has in (at least) one context.
  • Governance

    • Essif-Lab

      the act or process of governing or overseeing the realization of (the results associated with) a set of objective by the owner of these objective, in order to ensure they will be fit for the purposes that this owner intends to use them for.
  • Governance and Management Pattern

  • Governance, Risk Management, and Compliance

    • ToIP

      Governance, risk management, and compliance (GRC) are three related facets that aim to assure an organization reliably achieves objectives, addresses uncertainty and acts with integrity. Governance is the combination of processes established and executed by the directors (or the board of directors) that are reflected in the organization's structure and how it is managed and led toward achieving goals. Risk management is predicting and managing risks that could hinder the organization from reliably achieving its objectives under uncertainty. Compliance refers to adhering with the mandated boundaries (laws and regulations) and voluntary boundaries (company's policies, procedures, etc.)

      Source: Wikipedia.

      Also known as: GRC.

  • Governor

  • Graduated Disclosure

    • TSWG (ACDC)

      a disclosure of an ACDC that does not to reveal its entire content in the initial interaction with the recipient and, instead, partially or selectively reveal only the information contained within the ACDC that is necessary to further a transaction with the recipient. A Graduated disclosure may invole multiple steps where more information is prgressively revealed as the recipient satisfy the conditions set by the discloser. Compact disclosure, Partial disclosure, Selective disclosure and Full disclosure are all Graduated disclosure mechanisms.
  • Group/Count Codes

    • TSWG (CESR)

      special Framing Codes that can be specified to support groups of Primitives which make them pipelinable. Self-framing grouping using Count Codes is one of the primary advantages of composable encoding.
  • Guardian

  • Guardianship (in a Jurisdiction)

  • Guardianship Arrangement

    • Essif-Lab

      guardianship Arrangement (in a Jurisdiction): the specification of a set of rights and duties between legal entities of the jurisdiction that enforces these rights and duties, for the purpose of caring for and/or protecting/guarding/defending one or more of these entities.
  • Guardianship Pattern

  • Guardianship-type

  • HSM

  • Holder

  • Holder Policy

  • Home

    • WebOfTrust

      Home

      Welcome to the WebofTrust terms wiki!

      The wiki also serves the glossary terms for the underlying and related techniques to ACDC, like KERI, CESR and OOBI.

      There are a few practical rules from the originator ToIP to get these wiki terms through their equivalent github actions script, please:

      1. beware all new wiki items you create, lead to new .md files. We'd like to know
      2. introduce lowercase names with spaces (they will convert into lower case names with dashes between the words)
      3. start with ## Definition header; example
      4. start with uppercase abbreviations with only the "## See" header; example
      5. don't delete items (i.e. .md files) but make clear they are depreciated and / or link to the new concept / term
      6. don't change or update the name of an item single handed, for it might change the concept / meaning for other people and create dead links for those who read - or link to the term. Please open an issue or a PR to discuss first.
      7. any other immediate updates and amendments welcome, the revisions are available for us to be able to (partially) revert if something unwanted or unexpected happens.
      KERISSE reads this wiki

      The weboftrust wiki glossary is currently our input tool for our KERI Suite glossary. However, we regularly scrape the wiki into KERISSE, we add features and metadata, we connect relevant matching terms from related glossaries and finally we index it for the KERI Suite Search Engine (KERISSE).

      Have fun CRU-ing!
      '* CRU=Create Read Update

  • Human Being

  • I O

  • IAL

  • IANA

  • IDP

  • IP

  • IP address

  • IPEX

  • Identification Pattern

  • Identifier

    • Essif-Lab

      a character string that is being used for the identification of some entity (yet may refer to 0, 1, or more entities, depending on the context within which it is being used).
  • Identifier Pattern

  • Identify

    • Essif-Lab

      an act, by or on behalf of a party, that results in the selection of either
  • Identity

  • Identity Pattern

  • Inception

    • TSWG (Keri)

      the operation of creating an AID by binding it to the initial set of authoritative keypairs and any other associated information. This operation is made verifiable and Duplicity evident upon acceptance as the Inception event that begins the AIDs KEL.
  • Inception event

    • TSWG (ACDC)

      an Establishment event that provides the incepting information needed to derive an AID and establish its initial Key state. See inception event.
    • TSWG (Keri)

      an Establishment event that provides the incepting information needed to derive an AID and establish its initial Key state.
  • Information Process

    • Essif-Lab

      a coherent set of [actions@] that are (to be) performed by a single [party@], in which data (that is controlled by this party is created, read, updated and/or deleted.
  • Information theoretic security

    • TSWG (ACDC)

      the highest level of cryptographic security with respect to a cryptographic secret (seed, salt, or private key).
  • Interaction event

    • TSWG (ACDC)

      a Non-establishment event that anchors external data to the Key state as established by the most recent prior Establishment event. See interaction event.
    • TSWG (Keri)

      a Non-establishment event that anchors external data to the Key state as established by the most recent prior Establishment event.
  • Internet Protocol

    • ToIP

      The Internet Protocol (IP) is the network layer communications protocol in the Internet protocol suite (also known as the TCP/IP suite) for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet.

      IP has the task of delivering packets from the source host to the destination host solely based on the IP addresses in the packet headers. For this purpose, IP defines packet structures that encapsulate the data to be delivered. It also defines addressing methods that are used to label the datagram with source and destination information.

      Source: Wikipedia.

      Also known as: IP.

      See also: Transmission Control Protocol, User Datagram Protocol.

  • Internet protocol suite

  • Issuee

    • TSWG (ACDC)

      a role of an entity to which the claims of an ACDC are asserted.
  • Issuer

    • Essif-Lab

      a component that implements the capability to construct credential from data objects, according to the content of its principal's issuer-Policy (specifically regarding the way in which the credential is to be digitally signed), and pass it to the wallet-component of its principal allowing it to be issued.
    • TSWG (ACDC)

      a role of an entity that asserts claims and creates an ACDC from these claims.
  • Isuer Policy

  • JOSE

  • JSON

  • Jurisdiction

  • Jurisdiction Pattern

  • KA2CE

  • KAACE

  • KAPI

    • WebOfTrust

      KAPI

      Definition

      Application programmer interfaces (APIs) for the various components in the KERI ecosystem such as Controllers, Agents, Witnesses, Watchers, Registrars etc need by which they can share information. The unique properties of the KERI protocol require APIs that preserve those properties. We call the set of APIs the KERI API.
      Source Kapi Repo

  • KATE

  • KEL

  • KEL backed data

    • ToIP (DID:Webs)

      KEL backed data in did:webs provides the highest level of data security assurance and such data can be found either in the KEL or anchored to an event in the KEL. This means that the signatures on the events in the KEL are strongly bound to the key state at the time the events are entered in the KEL, that is the data. This provides strong guarantees of non-duplicity to any verifiers receiving a presentation as the KELs are protected and can be watched by agents (watcher) of the verifiers. The information is end-verifiable and any evidence of duplicity in the events is evidence that the data or presentation should not be trusted. See WebOfTrust glossary for more detail.
  • KERI

  • KERI Request Authentication Mechanism

    • ToIP (DID:Webs)

      A non-interactive replay attack protection algorithm that uses a sliding window of date-time stamps and key state (similar to the tuple in BADA-RUN) but the date-time is the repliers not the queriers. KRAM is meant to protect a host. See the WebOfTrust glossary for more detail.
  • KERI event stream

    • ToIP (DID:Webs)

      A stream of verifiable KERI data, consisting of the key event log (KEL) and other data such as a transaction event log (TEL). This data is a CESR event stream, with media type application/cesr, and may be serialized in a file using CESR encoding. We refer to these CESR stream resources as KERI event streams to simplify the vocabulary. See WebOfTrust glossary for more detail.
  • KERIMask

    • WebOfTrust

      KERIMask

      Definition

      A wallet similar to MetaMask, the manifestation will be a browser extension and it will connect to KERIA servers in order for a person to control AIDs from their browser.

      Status

      As of October 2023 KERIMask is only planned.

      Related

      Signify keria request authentication protocol

  • KERISSE

  • KERIs Algorithm for Witness Agreement

    • TSWG (Keri)

      a type of Byzantine Fault Tolerant (BFT) algorithm
  • KERL

  • KID

  • KMS

  • KRAM

  • Key Event Receipt Infrastructure

  • Key Event Receipt Infrastructure (KERI)

    • TSWG (CESR)

      or the KERI protocol, is an identity system-based secure overlay for the Internet.
  • Key event

    • TSWG (Keri)

      concretely, the serialized data structure of an entry in the Key event log (KEL) for an AID. Abstractly, the data structure itself. Key events come in different types and are used primarily to establish or change the authoritative set of keypairs and/or anchor other data to the authoritative set of keypairs at the point in the KEL actualized by a particular entry.
  • Key event log

    • TSWG (Keri)

      a Verifiable data structure that is a backward and forward chained, signed, append-only log of key events for an AID. The first entry in a KEL must be the one and only Inception event of that AID.
  • Key event message

    • TSWG (Keri)

      message whose body is a Key event and whose attachments may include signatures on its body.
  • Key event receipt

    • TSWG (Keri)

      message whose body references a Key event and whose attachments must include one or more signatures on that Key event.
  • Key event receipt log

    • TSWG (Keri)

      a key event receipt log is a KEL that also includes all the consistent key event receipt Messages created by the associated set of witnesses. See annex Key event receipt log
  • Key-State

    • TSWG (Keri)

      a set of authoritative keys for an AID along with other essential information necessary to establish, evolve, verify, and validate control-signing authority for that AID. This information includes the current public keys and their thresholds (for a multi-signature scheme); pre-rotated key digests and their thresholds; witnesses and their thresholds; and configurations. An AIDs key state is first established through its inception event and may evolve via subsequent rotation events. Thus, an AIDs key state is time-dependent.
  • Key-state

    • TSWG (ACDC)

      a set of currently authoritative keypairs for an AID and any other information necessary to secure or establish control authority over an AID. This includes current keys, prior next key digests, current thresholds, prior next thresholds, witnesses, witness thresholds, and configurations. A key-state of an AID is first established through an inception event and may be altered by subsequent rotation events. See validator.
  • Knowledge

    • Essif-Lab

      the (intangible) sum of what is known by a specific party, as well as the familiarity, awareness or understanding of someone or something by that party.
  • LEI

  • LID

  • LLM

  • Laws of Identity

    • ToIP

      A set of seven “laws” written by Kim Cameron, former Chief Identity Architect of Microsoft (1941-2021), to describe the dynamics that cause digital identity systems to succeed or fail in various contexts. His goal was to define the requirements for a unifying identity metasystem that can offer the Internet the identity layer it needs.

      For more information, see: https://www.identityblog.com/?p=352.

  • Layer 1

  • Layer 2

  • Layer 3

  • Layer 4

  • Legal Entity Identifier

    • Essif-Lab

      a system in which rules are defined, and mechanisms for their enforcement and conflict resolution are (implicitly or explicitly) specified.
  • Live-Attack

    • TSWG (Keri)

      an attack that compromises either the current signing keys used to sign non-establishment events or the current pre-rotated keys needed to sign a subsequent establishment event. See (Security Properties of Prerotation)[#live-attacks].
  • LoA

  • LoC

  • MFA

    • Nist

      Authentication using two or more factors to achieve authentication. Factors include: (i) something you know (e.g., password/personal identification number [PIN]); (ii) something you have (e.g., cryptographic identification device, token); or (iii) something you are (e.g., biometric).
  • MIME type

  • MPC

  • Management

  • Mandate

  • Mandates, Delegation and Hiring Pattern

  • Mental Model

    • Essif-Lab

      a description, both casual and formal, of a set of concept (ideas), relations between them, and constraints, that together form a coherent and consistent 'viewpoint', or 'way of thinking' about a certain topic.
  • Mental Model Pattern

  • Message

    • TSWG (CESR)

      consists of a serialized data structure that comprises its body and a set of serialized data structures that are its attachments. Attachments may include but are not limited to signatures on the body.
    • TSWG (Keri)

      a serialized data structure that comprises its body and a set of serialized data structures that are its attachments. Attachments may include but are not limited to signatures on the body.
  • Mission

  • NFT

    • Nist

      An owned, transferable, and indivisible data record that is a digital representation of a physical or virtual linked asset. The data record is created and managed by a smart contract on a blockchain.
  • Next threshold

    • TSWG (Keri)

      represents the number or fractional weights of signatures from the given set of next keys required to be attached to a Message for the Message to be considered fully signed.
  • Non-establishment event

    • TSWG (Keri)

      a Key event that does not change the current Key state for an AID. Typically, the purpose of a Non-establishment event is to anchor external data to a given Key state as established by the most recent prior Establishment event for an AID.
  • Normative framework

    • Essif-Lab

      a set of rules that are followed and/or criteria that remain fulfilled by (a specific kind of) entities whose behavior and/or properties are characterized as 'normal'.
  • OOBI

  • OOR

  • Objective

    • Essif-Lab

      something toward which a party (its owner) directs effort (an aim, goal, or end of action).
  • Obligation

  • Onboarding

    • Essif-Lab

      a process that is run for a specific (set of) actor on behalf of a specific party, that terminates successfully if and only if the party has (a) established the suitability of the actor for executing certain kinds of action on its behalf, (b) ensured that their mutual rights and duties are properly specified and will be appropriately enforced, and (c) provided the circumstances/contexts within which the actor is enabled to do so.
  • OpenWallet Foundation

  • Operator

    • TSWG (ACDC)

      an optional field map in the Edge section that enables expression of the edge logic on edge subgraph as either a unary operator on the edge itself or an m-ary operator on the edge-group.
  • Organization

  • Outsourcing

    • Essif-Lab

      the state of affairs in which a party has an objective (better: an expectation) for the realization of a (set of) result(s), where the actual production of these results is expected to be done by a party other than itself.
  • Owned

    • Essif-Lab

      an entity over which another entity (its owner) has the power (duty, right) to enjoy it, dispose of it and control it; that power is limited to (the scope of) that jurisdiction, and by its rules.
  • Owner

    • Essif-Lab

      the role that a party performs when it is exercising its legal, rightful or natural title to control that entity.
  • Ownership

  • P2P

  • PGP

  • PID

  • PII

  • PKI

  • PRNG

    • Nist

      A deterministic computational process that has one or more inputs called "seeds", and it outputs a sequence of values that appears to be random according to specified statistical tests. A cryptographic PRNG has the additional property that the output is unpredictable, given that the seed is not known.
    • WebOfTrust

      PRNG

      Definition

      means "Pseudorandom Number Generator" which means that a sequence of numbers (bits, bytes...) is produced from an algorithm which looks random, but is in fact deterministic (the sequence is generated from some unknown internal state), hence pseudorandom.

      Such pseudorandomness can be cryptographically secure, or not. It is cryptographically secure if nobody can reliably distinguish the output from true randomness, even if the PRNG algorithm is perfectly known (but not its internal state). A non-cryptographically secure PRNG would fool basic statistical tests but can be distinguished from true randomness by an intelligent attacker.
      (Source: https://crypto.stackexchange.com/questions/12436/what-is-the-difference-between-csprng-and-prng)

      See also

      CSPRNG

  • PTEL

  • Partial Disclosure

    • TSWG (ACDC)

      a disclosure of an ACDC that partially discloses its field maps using Compact Disclosure. The Compact Disclosure provides a cryptographically equivalent commitment to the yet-to-be-disclosed content, and later exchange of the uncompacted content is verifiable to an earlier Partial Disclosure. Unlike Selective dDsclosure, a partially disclosable field becomes correlatable to its encompassing block after its Full Disclosure.
  • Partial identity

  • Participant

  • Party

  • Party Representation Pattern

  • Party, Actor and Actions Pattern

    • Essif-Lab

      a set of concepts and other semantic units that can be used to explain how things get done. It answers questions such as: 'Who/what does things?', 'How are their actions being guided/controlled?', 'Who controls whom/what?', 'Who/what may be held accountable?'.
  • Pattern

    • Essif-Lab

      a description, both casual and formal, of a set of concept (ideas), relations between them, and constraints, that together form a coherent and consistent 'viewpoint', or 'way of thinking' about a certain topic.
  • Peer Actor

  • Peer Party

  • Peer-agent

  • Percolated discovery

    • TSWG (ACDC)

      a discovery mechanism for information associated with an AID or a SAID, which is based on Invasion Percolation Theory. Once an entity has discovered such information, it may in turn share what it discovers with other entities. Since the information so discovered is end-verifiable, the percolation mechanism and percolating intermediaries do not need to be trusted.
  • Perfect security

    • TSWG (ACDC)

      a special case of Information theoretic security ITPS
  • PoP

  • Policy

    • Essif-Lab

      a (set of) rules, working-instructions, preferences and other guidance for the execution of one or more kinds of action, that agent of the party that governs the policy have access to and can interpret such that this results in these action being executed as intended by that party.
  • Presentation

  • Presentation Request

  • Primitive

    • TSWG (ACDC)

      a serialization of a unitary value. All Primitives in KERI must be expressed in CESR.
    • TSWG (CESR)

      a serialization of a unitary value. All Primitives in KERI must be expressed in CESR.
  • Primitive:

    • TSWG (Keri)

      a serialization of a unitary value. All Primitives in KERI must be expressed in CESR [1].
  • Principal

  • Principles of SSI

  • Property (of a Concept)

    • Essif-Lab

      a connection or association between a concept and a primitive data element, such as a text or a number, that represents some characteristic that instances of the concept may have.
  • QAR

  • QR code

    • ToIP

      A QR code (short for "quick-response code") is a type of two-dimensional matrix barcode—a machine-readable optical image that contains information specific to the identified item. In practice, QR codes contain data for a locator, an identifier, and web tracking.

      Source: Wikipedia.

      See also: out-of-band introduction.

  • QVI

  • Quadlet

    • TSWG (CESR)

      a group of 4 characters in the T domain and equivalently in triplets of 3 bytes each in the B domain used to define variable size.
  • Qualified Data

    • Essif-Lab

      data that comes with assurances, at least regarding its provenance and integrity (immutability), that make this data valid to be used for specific purposes of individual parties.
  • RBAC

  • RID

  • RUN

    • WebOfTrust

      RUN

      Definition

      The acronym for the new peer-to-peer end-verifiable monotonic update policy is RUN (Read, Update, Nullify).

      RUN as opposed to CRUD which is the traditional client-server database update policy.

      OOBI related

      We RUN off the CRUD, which means that because the source of truth for each data item is a decentralized controller Peer, a given database hosted by any Peer does not create records in the traditional sense of a server creating records for a client.

  • RWI

  • Relation (between Concepts)

    • Essif-Lab

      a (significant) connection or association between two or more concepts.
  • Revocation Policy

  • Revocation component

  • Revoke/Revocation

    • Essif-Lab

      the act, by or on behalf of the party that has issued the credential, of no longer vouching for the correctness or any other qualification of (arbitrary parts of) that credential.
  • Risk

    • Essif-Lab

      the effects that uncertainty (i.e. a lack of information, understanding or knowledge of events, their consequences or likelihoods) can have on the intended realization of an objective of a party.
  • Risk Objective

    • Essif-Lab

      an objective, owned by a party, that aims to reach and maintain a state of affairs in which the risk associated with a specific set of its objective become, and/or remain, acceptable.
  • Risk Owner

  • Risk level

    • Essif-Lab

      a measure for the deviation of the intended realization (results) of a specific objective that its owner uses to represent the priority with which the risk of that objective should be reckoned with.
  • Risk management

  • Role

  • Role name

    • Essif-Lab

      name (text) that refers to (and identifies) a role in a specific context.
  • Rotation

    • TSWG (Keri)

      the operation of revoking and replacing the set of authoritative keypairs for an AID. This operation is made verifiable and Duplicity evident upon acceptance as a Rotation event that is appended to the AIDs KEL.
  • Rotation event

    • TSWG (ACDC)

      an Establishment Event that provides the information needed to change the Key state which includes a change to the set of authoritative keypairs for an AID. See rotation event.
    • TSWG (Keri)

      an Establishment Event that provides the information needed to change the Key state which includes a change to the set of authoritative keypairs for an AID.
  • Rules

    • TSWG (ACDC)

      a top-level field map within an ACDC that provides a legal language as a Ricardian Contract [43], which is both human and machine-readable and referenceable by a cryptographic digest.
  • SAD

  • SAID

  • SATP

  • SCID

  • SEMVER

    • TSWG (ACDC)

      Semantic Versioning Specification 2.0. See also (https://semver.org)[https://semver.org]
  • SKRAP

  • SKWA

  • SPAC

  • SSI

  • SSI (Self-Sovereign Identity)

    • Essif-Lab

      sSI (Self-Sovereign Identity) is a term that has many different interpretations, and that we use to refer to concepts/ideas, architectures, processes and technologies that aim to support (autonomous) parties as they negotiate and execute electronic transaction with one another.
  • SSI Agent

  • SSI Assurance Community (SSI-AC)

  • SSI Infrastructure

    • Essif-Lab

      the technological components that are (envisaged to be) all over the world for the purpose of providing, requesting and obtaining qualified data, for the purpose of negotiating and/or executing electronic transaction.
  • SSL

  • Salt

    • TSWG (Keri)

      random data fed as an additional input to a one-way function that hashes data.
  • Schema

    • TSWG (ACDC)

      the SAID of a JSON schema that is used to issue and verify an ACDC.
  • Scope

  • Scope of Control

  • Scope: essifLabTerminology

    • Essif-Lab

      specification of the eSSIF-Lab scope.
  • Seal

    • TSWG (Keri)

      a seal is a cryptographic commitment in the form of a cryptographic digest or hash tree root (Merkle root) that anchors arbitrary data or a tree of hashes of arbitrary data to a particular event in the key event sequence. See annex (Seal)[#seal].
  • Secure Enclave

  • Secure Sockets Layer

  • Selective Disclosure

    • TSWG (ACDC)

      a disclosure of an ACDC that selectively discloses its attributes using Compact Disclosure. The set of selectively disclosable attributes is provided as an array of blinded blocks where each attribute in the set has its own dedicated blinded block. Unlike Partial Disclosure, the selectively disclosed fields are not correlatable to the so far undisclosed but selectively disclosable fields in the same encompassing block.
  • Self-Addressing Identifier (SAID)

    • TSWG (ACDC)

      any identifier which is deterministically generated out of the content, digest of the content.
  • Self-Framing

    • TSWG (CESR)

      a textual or binary encoding that begins with type, size, and value so that a parser knows how many characters (when textual) or bytes (when binary) to extract from the stream for a given element without parsing the rest of the characters or bytes in the element is Self-Framing. A self-framing Primitive may be extracted without needing any additional delimiting characters. Thus, a stream of concatenated Primitives may be extracted without the need to encapsulate each Primitive inside a set of delimiters or an envelope.
  • Self-Sovereign Identity (SSI)

    • Essif-Lab

      self-Sovereign Identity (SSI) is a term that has many different interpretations, and that we use to refer to concepts/ideas, architectures, processes and technologies that aim to support (autonomous) parties as they negotiate and execute electronic transaction with one another.
  • Self-Sovereignty

    • Essif-Lab

      the characteristic of every party that it is autonomous in managing and operating its owns knowledge, particularly in making decisions and deciding how to decide.
  • Self-addressed data

    • TSWG (Keri)

      a representation of data content from which a SAID is derived. The SAID is both cryptographically bound to (content-addressable) and encapsulated by (self-referential) its SAD SAID.
  • Self-addressing identifiers

    • TSWG (Keri)

      an identifier that is content-addressable and self-referential. A SAID is uniquely and cryptographically bound to a serialization of data that includes the SAID as a component in that serialization SAID.
  • Self-certifying identifier

    • TSWG (Keri)

      a type of Cryptonym that is uniquely cryptographically derived from the public key of an asymmetric signing keypair, (public, private).
  • Semantic Unit

    • Essif-Lab

      a basic building block of meaning or representation that exists within the 'mind' of a party (i.e., in its knowledge).
  • Semantics

    • Essif-Lab

      a mapping between the (tangible/textual) term and (intangible) ideas/concept - their meaning.
  • Semantics Pattern

  • Sovrin Foundation

  • Stable

  • Stream

    • TSWG (ACDC)

      a CESR Stream is any set of concatenated Primitives, concatenated groups of Primitives or hierarchically composed groups of Primitives.
    • TSWG (CESR)

      any set of concatenated Primitives, concatenated groups of Primitives or hierarchically composed groups of Primitives.
  • Subject

  • Sybil attack

    • ToIP

      A Sybil attack is a type of attack on a computer network service in which an attacker subverts the service's reputation system by creating a large number of pseudonymous identities and uses them to gain a disproportionately large influence. It is named after the subject of the book Sybil, a case study of a woman diagnosed with dissociative identity disorder.

      Source: Wikipedia.

  • TCP

  • TCP/IP

  • TCP/IP stack

  • TEE

  • TEL

  • TLS

  • TOAD

  • TPM

  • TSP

  • TTA

  • TTP

  • Tag

    • Essif-Lab

      an alphanumeric string that is used to identify scope (so called 'scopetags'), group term (so called 'grouptags'), or identify a specific version of a terminology (so called 'versiontags') from within a specific scope.
  • Targeted ACDC

    • TSWG (ACDC)

      an ACDC with the presence of the Issuee field in the attribute or attribute aggregate sections.
  • Term

    • Essif-Lab

      a word or phrase (i.e.: text) that is used in at least one scope/context to represent a specific concept.
  • Term (Scoped)

  • Terminology

    • Essif-Lab

      the set of term that are used within a single scope to refer to a single definition, enabling parties to reason and communicate ideas they have about one or more specific topics.
  • Terminology Pattern

  • Terminology Process

    • Essif-Lab

      a method for recognizing misunderstandings as such, and creating or maintaining definition that resolve them.
  • Terms Community

  • ToIP

  • ToIP Foundation

  • ToIP Governance Architecture Specification

  • ToIP Governance Metamodel

  • ToIP Governance Stack

  • ToIP Layer 1

  • ToIP Layer 2

  • ToIP Layer 3

  • ToIP Layer 4

  • ToIP Technology Architecture Specification

  • ToIP Technology Stack

  • ToIP Trust Registry Protocol

  • ToIP Trust Spanning Protocol

  • ToIP application

  • ToIP channel

  • ToIP communication

  • ToIP connection

  • ToIP controller

  • ToIP endpoint

  • ToIP governance framework

  • ToIP identifier

  • ToIP intermediary

  • ToIP layer

  • ToIP message

  • ToIP stack

  • ToIP system

  • ToIP trust community

  • ToIP trust network

  • Transaction

  • Transaction Agreement

  • Transaction Form

  • Transaction Id

  • Transaction Proposal

  • Transaction Request

  • Transmission Control Protocol

    • ToIP

      The Transmission Control Protocol (TCP) is one of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is commonly referred to as TCP/IP. TCP provides reliable, ordered, and error-checked delivery of a stream of octets (bytes) between applications running on hosts communicating via an IP network. Major internet applications such as the World Wide Web, email, remote administration, and file transfer rely on TCP, which is part of the Transport Layer of the TCP/IP suite. SSL/TLS often runs on top of TCP.

      Source: Wikipedia.

      Also known as: TCP.

      See also: User Datagram Protocol.

  • Transport Layer Security

    • ToIP

      Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and Voice over IP, but its use in securing HTTPS remains the most publicly visible. The TLS protocol aims primarily to provide security, including privacy (confidentiality), integrity, and authenticity through the use of cryptography, such as the use of certificates, between two or more communicating computer applications.

      Source: Wikipedia.

      Also known as: TLS.

      Note: TLS replaced the deprecated Secure Sockets Layer (SSL) protocol.

  • Tritet

    • TSWG (CESR)

      3 bits. See Performant resynchronization with unique start bits
  • Trust

    • Essif-Lab

      the (un)conscious decision by a party to believe that X is in fact the case.
  • Trust Pattern

  • Trust level

    • Essif-Lab

      the (subjective) degree of belief or confidence that a party has in X (someone, something, ...).
  • Trust over IP

    • ToIP

      A term coined by John Jordan to describe the decentralized digital trust infrastructure made possible by the ToIP stack. A play on the term Voice over IP (abbreviated VoIP).

      Also known as: ToIP.

  • UDP

  • UI

  • URL

  • Uniform Resource Identifier (URI)

    • W3C (DID)

      The standard identifier format for all resources on the World Wide Web asdefined by [RFC3986]. A DID is a type of URI scheme.
  • Universally Unique Identifier (UUID)

    • W3C (DID)

      A type of globally unique identifier defined by [RFC4122]. UUIDs are similarto DIDs in that they do not require a centralized registration authority. UUIDsdiffer from DIDs in that they are not resolvable orcryptographically-verifiable.
  • Unpermissioned correlation

    • TSWG (ACDC)

      a correlation established between two or more disclosed ACDCs whereby the discloser of the ACDCs does not permit the disclosee to establish such a correlation.
  • Untargeted ACDC

    • TSWG (ACDC)

      an ACDC without the presence of the Issuee field in the attribute or attribute aggregate sections.
  • User Datagram Protocol

  • VC

  • VC TEL

  • VDS

  • VID

  • VID relationship

  • VID-to-VID

  • Validate

    • Essif-Lab

      the act, by or on behalf of a party, of determining whether or not that data is valid to be used for some specific purpose(s) of that party.
  • Validator

    • Essif-Lab

      a component that implements the capability to determine whether or not (verified) data is valid to be used for some specific purpose(s).
    • TSWG (ACDC)

      any entity or agent that evaluates whether or not a given signed statement as attributed to an identifier is valid at the time of its issuance. See validator.
    • TSWG (Keri)

      any entity or agent that evaluates whether or not a given signed statement as attributed to an identifier is valid at the time of its issuance.
  • Validator Policy

  • Variable Length

    • TSWG (CESR)

      a type of count code allowing for vaiable size signatures or attachments which can be parsed to get the full size
  • Verifiable

    • TSWG (Keri)

      a condition of a KEL: being internally consistent with integrity of its backward and forward chaining digest as well as authenticity of its non-repudiable signatures.
  • Verifiable data registry

    • TSWG (ACDC)

      A role a system might perform by mediating issuance and verification of ACDCs. See verifiable data registry.
  • Verifier

    • Essif-Lab

      a component that implements the capability to request peer agents to present (provide) data from credentials (of a specified kind, issued by specified parties), and to verify such responses (check structure, signatures, dates), according to its principal's verifier policy.
    • TSWG (ACDC)

      any entity or agent that cryptographically verifies the signature(s) and/or digests on an event Message. See verifier.
    • TSWG (Keri)

      any entity or agent that cryptographically verifies the signature(s) and digests on an event Message.
  • Verifier Policy

  • Verify

    • Essif-Lab

      the act, by or on behalf of a party, of determining whether that data is authentic (i.e. originates from the party that authored it), timely (i.e. has not expired), and conforms to other specifications that apply to its structure.
  • Version

    • TSWG (CESR)

      the CESR Version is provided by a special Count Code that specifies the Version of all the the CESR code tables in a given Stream or Stream section.
    • TSWG (Keri)

      an instance of a KEL for an AID in which at least one event is unique between two instances of the KEL
  • Version String

    • TSWG (CESR)

      the first field in any top-level KERI field map in which it appears.
  • VoIP

  • Vocabulary

    • Essif-Lab

      the sum or stock of words employed by a language, group, individual, or work or in a field of knowledge.
  • Voice over IP

    • ToIP

      Voice over Internet Protocol (VoIP), also called IP telephony, is a method and group of technologies for voice calls for the delivery of voice communication sessions over Internet Protocol (IP) networks, such as the Internet.

      Also known as: VoIP.

  • W3C Verifiable Credentials Data Model Specification

  • Wallet

  • Wallet Policy

  • Watcher

    • TSWG (Keri)

      an entity or component that keeps a copy of a KERL for an identifier but that is not designated by the controller of the identifier as one of its witnesses. See annex watcher
  • Weight

    • TSWG (ACDC)

      an optional field map in the Edge section that provides edge weight property that enables directed weighted edges and operators that use weights.
  • Witness

    • TSWG (Keri)

      a witness is an entity or component designated (trusted) by the controller of an identifier. The primary role of a witness is to verify, sign, and keep events associated with an identifier. A witness is the controller of its own self-referential identifier which may or may not be the same as the identifier to which it is a witness. See Annex A under KAWA (KERIs Algorithm for Witness Agreement).
  • XBRL

  • ZKP

    • ToIP

      See: zero-knowledge proof.

      [a]@christine.martin@continuumloop.com you're good to go - start moving this to a 

      https://github.com/trustoverip/ctwg-main-glossary

      put the content in specs/terms_and_definitions.md

      ping me with questions.

      _Assigned to christine.martin@continuumloop.com_

      [b]focus on the terms - do [[def: first, then see how many [[ref: you can get done.

      [c]Christine, I had forgotten this link. Just added it now.

      [d]definition no longer in document

      [e]My bad. As you can tell, aligning terms with the ToIP Technology Architecture Specification was the last step I took, and when I did that, I didn't check to see where I had used the old terms. I fixed this.

  • access control

    • ToIP

      The process of granting or denying specific requests for obtaining and using information and related information processing services.

      Source: NIST-CSRC.

      Supporting definitions:

      Wikipedia: In physical security and information security, access control (AC) is the selective restriction of access to a place or other resource, while access management describes the process. The act of accessing may mean consuming, entering, or using. Permission to access a resource is called authorization.

  • access controlled interaction

    • WebOfTrust

      access controlled interaction

      Definition

      Access controlled actions like submitting a report. If you already have that report then load balancer needs a mechanism to drop repeated requests.

      Source: Samuel Smith / Daniel Hardman / Lance Byrd - Zoom meeting KERI Suite Jan 16 2024; discussion minute 30-60 min

      Replay attack prevention

      Replay attacks are less of a concern, other than DDoS attack using resubmissions.

      Also see

      Registration Interaction

  • account

    • digital.govt.nz

      an instance of entity information in a contextAdditional note:Note 1: A common term for the set of entity information relating to 1 entity to which an authenticator can be registered and from which credential subject information can be taken to establish a Credential.
  • accountable

    • digital.govt.nz

      responsible for some action; answerable[Source: expanded Dictionary meaning of accountable]Additional note:Note 1: For roles such as Credential Provider and Relying Party, it is the primary publicly accessible party.
  • accreditation (of an entity)

    • ToIP

      The independent, third-party evaluation of an entity, by a conformity assessment body (such as certification body, inspection body or laboratory) against recognised standards, conveying formal demonstration of its impartiality and competence to carry out specific conformity assessment tasks (such as certification, inspection and testing).

      Source: Wikipedia.

  • accreditation body

  • action

    • ToIP

      Something that is actually done (a 'unit of work' that is executed) by a single actor (on behalf of a given party), as a single operation, in a specific context.

      Source: eSSIF-Lab.

  • actor

  • address

  • administering authority

  • administering body

  • affected party

    • digital.govt.nz

      a party that could be influenced; acted upon[Source: expanded Dictionary meaning of affected]Additional note:Note 1: For identification risk, the affected parties have been identified as:Entitled individual for example, an entitled individual applies for a service and is deemed ineligible because their identity has been used previously by someone else to claim the same service.Service provider for example, an organisations reputation suffers because of publicity that the agency has been defrauded by large numbers of individuals claiming false identities.Wider community for example, identification documents are mistakenly issued to people with false identities and are then used to commit fraud against other organisations.
  • agency

    • Nist

      Any executive department, military department, government corporation, government controlled corporation, or other establishment in the executive branch of the government (including the Executive Office of the President), or any independent regulatory agency, but does not include: (i) the Government Accountability Office; (ii) the Federal Election Commission; (iii) the governments of the District of Columbia and of the territories and possessions of the United States, and their various subdivisions; or (iv) government-owned contractor-operated facilities, including laboratories engaged in national defense research and production activities.
    • ToIP

      In the context of decentralized digital trust infrastructure, the empowering of a party to act independently of its own accord, and in particular to empower the party to employ an agent to act on the party’s behalf.

    • WebOfTrust

      agency

      Definition

      Agents can be people, edge computers and the functionality within wallets. The service an agent offers is agency.

  • agent

    • digital.govt.nz

      a person, firm, etc. empowered to act for another[Source: Dictionary]
    • ToIP

      An actor that is executing an action on behalf of a party (called the principal of that actor). In the context of decentralized digital trust infrastructure, the term “agent” is most frequently used to mean a digital agent.

      Source: eSSIF-Lab.

      See also: wallet.

      Note: In a ToIP context, an agent is frequently assumed to have privileged access to the wallet(s) of its principal. In market parlance, a mobile app performing the actions of an agent is often simply called a wallet or a digital wallet.

    • WebOfTrust

      agent

      Definition

      A representative for an identity. MAY require the use of a wallet. MAY support transfer.

      KERIA Agent

      An agent in KERIA terms is an instance of a keystore (Hab) that runs in a given instance of the KERIA agent server.

  • ambient verifiability

    • WebOfTrust

      ambient verifiability

      Definition

      Verifiable by anyone, anywhere, at anytime. Although this seems a pretty general term, it was first used in the context of KERI by Sam Smith.

      An example of ambient verifiability is Ambient Duplicity Detection that describes the possibility of detecting duplicity by anyone, anywhere, anytime.

  • ample

    • WebOfTrust

      ample

      Definition

      The minimum required number of participants in an event to have a supermajority so that one and only one agreement or consensus on an event may be reached. This is a critical part of the KAACE agreement algorithm (consensus) in KERI for establishing consensus between witnesses on the key state of a KERI identifier. This consensus on key state forms the basis for accountability for a KERI controller, or what a person who controls a KERI identifier may be held legally responsible for.

      This supermajority is also called a sufficient majority that is labeled immune from certain kinds of attacks or faults.

      From section 11.4.2.4 Immune of v2.60 of the KERI whitepaper,

      Satisfaction of this constraint guarantees that at most one sufficient agreement occurs or none atall despite a dishonest controller but where at most F of the witnesses are potentially faulty.

      Ample Agreement Constraint:
      image

      Can apply to either

      1. a group of KERI witnesses for a witnessed event or
      2. a group of KERI identifier controllers participating in a multi-signature group.
      Problems avoided by using ample

      Ample witnesses avoids problems of accidental lockout from a multisig group which would occur if the signing threshold for the multisig group was set lower than the "ample" number of participants.

      Table of minimum required, or ample, number of participants

      N = Number of total participants
      M = Number of participants needed to get the guarantees of "ample"

      image

      Code Example

      Python code implementation from keri.core.eventing.py of the ample algorithm used in KAACE:

      def ample(n, f=None, weak=True):    """    Returns int as sufficient immune (ample) majority of n when n >=1        otherwise returns 0    Parameters:        n is int total number of elements        f is int optional fault number        weak is Boolean            If f is not None and                weak is True then minimize m for f                weak is False then maximize m for f that satisfies n >= 3*f+1            Else                weak is True then find maximum f and minimize m                weak is False then find maximum f and maximize m        n,m,f are subject to        f >= 1 if n > 0        n >= 3*f+1        (n+f+1)/2 <= m <= n-f    """    n = max(0, n)  # no negatives    if f is None:        f1 = max(1, max(0, n - 1) // 3)  # least floor f subject to n >= 3*f+1        f2 = max(1, ceil(max(0, n - 1) / 3))  # most ceil f subject to n >= 3*f+1        if weak:  # try both fs to see which one has lowest m            return min(n, ceil((n + f1 + 1) / 2), ceil((n + f2 + 1) / 2))        else:            return min(n, max(0, n - f1, ceil((n + f1 + 1) / 2)))    else:        f = max(0, f)        m1 = ceil((n + f + 1) / 2)        m2 = max(0, n - f)        if m2 < m1 and n > 0:            raise ValueError("Invalid f={} is too big for n={}.".format(f, n))        if weak:            return min(n, m1, m2)        else:            return min(n, max(m1, m2))
  • amplification attack

    • W3C (DID)

      A class of attack where the attacker attempts to exhaust a target system'sCPU, storage, network, or other resources by providing small, valid inputs intothe system that result in damaging effects that can be exponentially more costlyto process than the inputs themselves.
  • anonymous

    • digital.govt.nz

      not easily distinguished from others or from one another because of a lack of individual features or character[Source: Dictionary]
    • ToIP

      An adjective describing when the identity of a natural person or other actor is unknown.

      See also: pseudonym.

  • anycast

    • ToIP

      Anycast is a network addressing and routing methodology in which a single IP address is shared by devices (generally servers) in multiple locations. Routers direct packets addressed to this destination to the location nearest the sender, using their normal decision-making algorithms, typically the lowest number of BGP network hops. Anycast routing is widely used by content delivery networks such as web and name servers, to bring their content closer to end users.

      Source: Wikipedia.

      See also: broadcast, multicast, unicast.

  • anycast address

  • append only event logs

    • WebOfTrust

      append only event logs

      Definition

      Append-only is a property of computer data storage such that new data can be appended to the storage, but where existing data is immutable.

      A blockchain is an example of an append-only log. The events can be transactions. Bitcoin is a well-known Append only log where the events are totally ordered and signed transfers of control over unspent transaction output.

      More on Wikipedia

  • application programming interface

    • WebOfTrust

      application programming interface

      Definition

      An application programming interface (API) is a way for two or more computer programs to communicate with each other. It is a type of software interface, offering a service to other pieces of software.

      API specification

      A document or standard that describes how to build or use such a connection or interface is called an API specification. A computer system that meets this standard is said to implement or expose an API. The term API may refer either to the specification or to the implementation.

      More on source Wikipedia.

  • appraisability (of a communications endpoint)

  • appropriate friction

    • ToIP

      A user-experience design principle for information systems (such as digital wallets) specifying that the level of attention required of the holder for a particular transaction should provide a reasonable opportunity for an informed choice by the holder.

      Source: PEMC IGR.

  • architectural decision record

    • WebOfTrust

      architectural decision record

      Definition

      Is a justified software design choice that addresses a functional or non-functional requirement that is architecturally significant.
      Source adr.github.io

  • assurance

    • digital.govt.nz

      a statement, assertion, etc. intended to inspire confidence or give encouragement[Source: Dictionary]
  • assurance level

  • attestation

  • attribute

  • attribute-based access control

    • ToIP

      An access control approach in which access is mediated based on attributes associated with subjects (requesters) and the objects to be accessed. Each object and subject has a set of associated attributes, such as location, time of creation, access rights, etc. Access to an object is authorized or denied depending upon whether the required (e.g., policy-defined) correlation can be made between the attributes of that object and of the requesting subject.

      Source: NIST-CSRC.

      Supporting definitions:

      Wikipedia: Attribute-based access control (ABAC), also known as policy-based access control for IAM, defines an access control paradigm whereby a subject's authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, in some cases, environment attributes.

  • attributional trust

    • WebOfTrust

      attributional trust

      Definition

      KERI offers cryptographic root-of-trust to establish attributional trust. In the real world you'd also need reputational trust. You can't have reputation without attributional trust.
      Read more in source Universal Identifier Theory

      OOBI

      Out-of-band Introductions (OOBIs) to establish attributional trust, like its done with OOBIs in KERI, is not the same as the high friction costs of establishing reputational trust by going through the heavy lifting of identity assurance by a to be trusted middle-men party, like GLEIF.

  • audit (of system controls)

    • ToIP

      Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures.

      Source: NIST-CSRC.

  • audit log

    • ToIP

      An audit log is a security-relevant chronological record, set of records, and/or destination and source of records that provide documentary evidence of the sequence of activities that have affected at any time a specific operation, procedure, event, or device.

      Source: Wikipedia.

      Also known as: audit trail.

      See also: key event log.

  • auditor (of an entity)

  • authentic chained data container

    • WebOfTrust

      authentic chained data container

      Definition

      In brief, an ACDC or ADC proves digital data consistency and authenticity in one go. An ACDC cryptographically secures commitment to data contained, and its identifiers are self-addressing, which means they point to themselves and are also contained ìn the data.

  • authentic chained data container (ACDC)

    • ToIP (DID:Webs)

      a variant of the Verifiable Credential (VC) specification that inherits the security model derived from KERI, as defined by the ACDC specification. See WebOfTrust glossary for more detail.
  • authentic data

  • authentic data container

  • authentic provenance chain

    • WebOfTrust

      authentic provenance chain

      Definition

      Interlinked presentations of evidence that allow data to be tracked back to its origin in an objectively verifiable way.

  • authentic web

    • WebOfTrust

      authentic web

      Definition

      The authentic web is the internet as a whole giant verifiable data structure. Also called Web5. The web will be one big graph. That's the mental model of the 'authentic web'.

      Related
      • Signed at rest - the data never throws away any signature of data. Because otherwise we can't validate data in the future
      • Key state at rest - you need to solve this hard problem too. This is the hard problem KERI solves.
      • Signed in motion - signatures get thrown away. You use ephemeral identifiers. You have to do everything anew every time you want to reconstruct a verifiable data structure. Therefore we need 'Signed at rest'.
      Scalability of Key state at rest
      • You can append to any part of the (directed-acyclic) graph
      • You can hop into the graph to verify any fragment of the graph
      • You don't have to sign the data,you just have to sign hashes of this data
      • Every tree that gets integrated in this giant graph-forest has its own Root of Trust
      KERI related

      KERI solves all hard problems of the authentic web in a scalable manner.

      Technically oriented deep dive

      See more in Concepts behind KERI

  • authenticate

    • W3C (DID)

      Authentication is a process by which an entity can prove it has a specificattribute or controls a specific secret using one or more verificationmethods. With DIDs, a common example would be proving control of thecryptographic private key associated with a public key published in a DIDdocument.
  • authentication

    • digital.govt.nz

      process for establishing an authenticator is genuine or as represented[Source: expanded Dictionary meaning of authenticate]
  • authentication (of a user, process, or device)

  • authenticator

    • digital.govt.nz

      things known and/or possessed and controlled by an entity that are used to be recognised when they return to an organisation[Source: Based on NIST SP 800-63-3 Digital Identity Guidelines]
  • authenticator (of an entity)

  • authenticator assurance level

  • authenticator holder

    • digital.govt.nz

      the entity to which an authenticator was initially bound; the rightful holder[Source: New definition]
  • authenticity

    • Nist

      The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator
    • ToIP

      The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator.

      Source: NIST-CSRC.

      See also: confidentiality, correlation privacy, cryptographic verifiability.

    • WebOfTrust

      authenticity

      Definition

      The quality of having an objectively verifiable origin ; contrast veracity. When a newspaper publishes a story about an event, every faithful reproduction of that story may be authentic — but that does not mean the story was true (has veracity).

      Authenticity is strongly related to digital security. Ideally it should be verifiable (to a root-of-trust). The future picture therein is the Authentic Web.

      KERI related

      The three properties, authenticity, confidentiality, and privacy inhabit a trade space. ...One can have any two of the three (privacy, authenticity, confidentiality) at the highest level but not all three.
      The trilemma insists that one must make a trade-off by prioritizing one or two properties over a third.

      The ToIP design goals reflect that trade-off and provide an order of importance. The design goals indicate that one should start with high authenticity, then high confidentiality, and then as high as possible privacy, given there is no trade-off with respect to the other two.

      More on Source Samuel Smith SPAC whitepaper.

      Also see
  • authoritative

    • digital.govt.nz

      possessing or supported by authority; official[Source: Dictionary]Additional note:Note 1: Indigenous peoples, society and industry communities can nominate a party as authoritative. Its possible that such a party is subject to legal controls.
    • WebOfTrust

      authoritative

      Definition

      Established control authority over an identifier, that has received attestations to it, e.g. control over the identifier has been verified to its root-of-trust. So the (control over the) identifier is 'authoritative' because it can be considered accurate, renowned, honourable and / or respected.
      Also used to describe PKI key pairs that have this feature.

      Four A’s of secure data control
      1. Author: creator, source-of-truth
      2. Authentic: provable origin, root-of-trust
      3. Authorized: consent, loci-of-control
      4. Authoritative: accurate, reputable

      "A4" data control securely is established via self-certifying pseudonymous identifiers
      Source Samuel M. Smith

  • authoritative source

  • authority

  • authorization

    • ToIP

      The process of verifying that a requested action or service is approved for a specific entity.

      Source: NIST-CSRC.

      See also: permission.

      authorized organizational representative

      A person who has the authority to make claims, sign documents or otherwise commit resources on behalf of an organization.

      Source: Law Insider

    • WebOfTrust

      authorization

      Definition

      Is the function of specifying access rights/privileges to resources, which is related to general information security and computer security, and to access control in particular.

      More formally, "to authorize" is to define an access policy.

      KERI specific

      Authorizations have the form of a signed authorization statement where the statement typically includes the AID under which the authorization is issued. A verifier may then verify the authorization by verifying the attached signature using the keys that were authoritative at the time the authorization was issued. These authorizations are secure to the extent that the established control authority is secure. The authorizations inherit their security from their associated AID.

      W3C VC form

      Authorizations may take many forms. One form of particular interest is the W3C Verifiable Credential VC standard. Verifiable credentials use the W3C Decentralized Identifier DID standard. The DID standard provides name spacing syntax for decentralized identifiers that is evocative of URIs. A given DID may be a type of AID but not all DIDs are AIDs. Furthermore, because AIDs may use other name space syntax standards besides DIDs, not all AIDs are DIDs. KERI itself is name space agnostic so may be used to support AIDs in any name space that accepts pseudo-random strings as an element.

  • authorization graph

  • authorized vlei representative

    • WebOfTrust

      authorized vlei representative

      Definition

      Also 'AVR'. This a representative of a Legal Entity that are authorized by the DAR of a Legal Entity to request issuance and revocation of:

      • vLEI Legal Entity Credentials
      • Legal Entity Official Organizational Role vLEI Credentials (OOR vLEI Credentials)
      • Legal Entity Engagement Context Role vLEI Credentials (ECR vLEI Credentials).

      Paraphrased by @henkvancann from source Draft vLEI Ecosystem Governance Framework Glossary.

  • autonomic computing systems

    • WebOfTrust

      autonomic computing systems

      Definition

      Self managing computing systems using algorithmic governance, from the 90's way way way before DAOs. KERI creator Sam Smith worked at funded Navy research in the 90's on autonomic survivable systems as in "self-healing" systems: "We called them autonomic way back then".

  • autonomic identifier

    • ToIP

      The specific type of self-certifying identifier specified by the KERI specifications.

      Also known as: AID.

    • WebOfTrust

      autonomic identifier

      Definition

      An identifier that is self-certifying and self-sovereign (or self-managing).

      KERI related requirements

      A self-managing cryptonymous identifier that MUST be self-certifying (self-authenticating) and MUST be encoded in CESR as a qualified cryptographic primitive. An AID MAY exhibit other self-managing properties such as transferable control using key pre-rotation which enables control over such an AID to persist in spite of key weakness or compromise due to exposure. Authoritative control over the identifier persists in spite of the evolution of the key-state.
      Source Samuel M. Smith, ietf-keri draft

      Autonomic Identifier more general

      Autonomic Identifiers have been pretty well described in this piece as opposed to centralised (administrative) and blockchain-based (algorithmic) identifier systems: Architectural types of Identity Systems; originally by Phil Windley in this article.

      A summarizing comparison table might say more than a hundred words:

      summarising the trust bases of administrative, algorithmic and autonomic identifier systems
  • autonomic identifier (AID)

    • ToIP (DID:Webs)

      A self-certifying identifier (SCID) that is cryptographically bound cryptographically bound to a key event log (KEL), as defined by the KERI specification. An AID is either non-transferable or transferable. A non-transferable AID does not support key rotation while a transferable AID supports key rotation using a key pre-rotation mechanism that enables the AID to persist in spite of the evolution of its key state. See WebOfTrust glossary for more detail.
  • autonomic identity system

    • WebOfTrust

      autonomic identity system

      Definition

      There's nobody that can intervene with the establishment of the authenticity of a control operation because you can verify all the way back to the root-of-trust.

  • autonomic namespace

    • WebOfTrust

      autonomic namespace

      Definition

      A namespace that is self-certifying and hence self-administrating. ANs are therefore portable = truly self sovereign.

  • autonomic trust basis

    • WebOfTrust

      autonomic trust basis

      Definition

      When use an AID as the root-of-trust we form a so-called autonomic trust basis. This is diagrammed as follows:

      Other trust bases

      Two other trust bases are in common use for identifier systems. One we call algorithmic, the other is .

      An algorithmic trust basis relies on some network of nodes running some type of Byzantine fault tolerant totally ordering distributed consensus algorithm for its root-of-trust. These networks are more commonly known as a shared ledger or blockchain such as Bitcoin, Ethereum, or Sovrin

      The other commonly used trust basis in identifier systems is an administrative or organizational trust basis, i.e. a trusted entity. This is neither secure nor decentralized.

  • backer

    • WebOfTrust

      backer

      Definition

      The terms Backer and Witness are closely related in KERI. Backers include both regular KERI witnesses and ledger-registered backers.

  • base media type

    • WebOfTrust

      base media type

      Definition

      credential plus ld plus json.

      Other media types of credentials are allowed by must provide either unidirectional or bidirectional transformations. So for example we would create credential+acdc+json and provide a unidirectional transformation to credential+ld+json.

      We are going for credential plus acdc plus json without @context. The main objection to use @context is that it can change the meaning of a credential. The other way around: ACDCs will include W3C credentials.

      Media types will be used to differentiate between types of credentials and verifiable credentials.

  • base64

  • bespoke credential

    • WebOfTrust

      bespoke credential

      Definition

      It's an issuance of the disclosure or presentation of other ACDCs. Bespoke means Custom or tailor made.A bespoke credential serves as an on-the-fly contract with the issuee; it's a self-referencing and self-contained contract between the issuer and the verifier. Mind you, here the issuer and issuee are merely the discloser and disclosee of another (set of) ACDC(s).

      Example

      If I want consent terms attached to a presentation of an (set of) ACDC(s).
      Consider a disclosure-specific ACDC, aka tailor made, custom or bespoke. The Issuer is the Discloser, the Issuee is the Disclosee. The rule section includes a context-specific (anti) assimilation clause that limits the use of the information to a single one-time usage purpose, that is for example, admittance to a restaurant. The ACDC includes an edge that references some other ACDC that may for example be a coupon or gift card. The attribute section could include the date and place of admittance.
      For the code of this example, see this section 11.1 in Github

      Advantage

      We can use all the tools available for issuance and presentation we already have.

      How the process work

      Similar to a presentation exchange, a verifier will first be asked for what they are looking for, secondly the discloser creates the dataset and publishes only the structure and the fields. To accomplish this, thirdly a compact ACDC will be issued (you publish the fields, not the content) and then issuer asks to sign it first. After signing, the disclosee can get the content associated with the on-the-fly contract.

      More at Github source

  • best available data acceptance mechanism

    • WebOfTrust

      best available data acceptance mechanism

      Definition

      The BADA security model provides a degree of replay attack protection. The attributate originator (issuer, author, source) is provided by an attached signature couple or quadruple. A single reply could have multiple originators. When used as an authorization the reply attributes may include the identifier of the authorizer and the logic for processing the associated route may require a matching attachment.BADA is part of KERI's Zero Trust Computing Architecture for Data Management: How to support Secure Async Data Flow Routing in KERI enabled Applications.

      See also
  • bexter

    • WebOfTrust

      bexter

      Definition

      The class variable length text that is used in CESR and preserves the round-trip transposability using Base64 URL safe-only encoding even though the text variable length.

      More details

      From readthedocs.io

      Bexter is subclass of Matter, cryptographic material, for variable length strings that only contain Base64 URL safe characters, i.e. Base64 text (bext).

      When created using the 'bext' paramaeter, the encoded matter in qb64 format in the text domain is more compact than would be the case if the string were passed in as raw bytes. The text is used as is to form the value part of theqb64 version not including the leader.

      Due to ambiguity that arises from pre-padding bext whose length is a multiple of three with one or more 'A' chars. Any bext that starts with an 'A' and whose length is either a multiple of 3 or 4 may not round trip. Bext with a leading 'A' whose length is a multiple of four may have the leading 'A' stripped when round tripping.

      • Bexter(bext='ABBB').bext == 'BBB'
      • Bexter(bext='BBB').bext == 'BBB'
      • Bexter(bext='ABBB').qb64 == '4AABABBB' == Bexter(bext='BBB').qb64

      To avoid this problem, only use for applications of base 64 strings that never start with 'A'

      Examples: base64 text strings:

      • bext = ""
      • qb64 = '4AAA'
      • bext = "-"
      • qb64 = '6AABAAA-'
      • bext = "-A"
      • qb64 = '5AABAA-A'
      • bext = "-A-"
      • qb64 = '4AABA-A-'
      • bext = "-A-B"
      • qb64 = '4AAB-A-B'
      Example uses:
      • CESR encoded paths for nested SADs and SAIDs
      • CESR encoded fractionally weighted threshold expressions
      Attributes

      Inherited Properties: (See Matter) .pad is int number of pad chars given raw .code is str derivation code to indicate cypher suite .raw is bytes crypto material only without code .index is int count of attached crypto material by context (receipts) .qb64 is str in Base64 fully qualified with derivation code + crypto mat .qb64b is bytes in Base64 fully qualified with derivation code + crypto mat .qb2 is bytes in binary with derivation code + crypto material .transferable is Boolean, True when transferable derivation code False otherwiseProperties: .text is the Base64 text value, .qb64 with text code and leader removed.Hidden: ._pad is method to compute .pad property ._code is str value for .code property ._raw is bytes value for .raw property ._index is int value for .index property ._infil is method to compute fully qualified Base64 from .raw and .code ._exfil is method to extract .code and .raw from fully qualified Base64Methods:"""

  • binding

    • digital.govt.nz

      (noun) the action of a person or thing that binds[Source: Dictionary]
    • Nist

      Process of associating two related elements of information.
    • WebOfTrust

      binding

      Definition

      In short, the technique of connecting two data elements together. In the context of KERI it's the association of data or an identifier with another identifier or a subject (a person, organization or machine), thereby lifting the privacy of the subject through that connection, i.e. binding.

  • biometric

    • ToIP

      A measurable physical characteristic or personal behavioral trait used to recognize the identity, or verify the claimed identity, of an applicant. Facial images, fingerprints, and iris scan samples are all examples of biometrics.

      Source: NIST

  • bis

    • WebOfTrust

      bis

      Definition

      bis = backed vc issue, registry-backed transaction event log credential issuance

  • bivalent

    • WebOfTrust

      bivalent

      Definition

      A nested set of layered delegations in a delegation tree, wraps each layer with compromise recovery protection of the next higher layer. This maintains the security of the root layer for compromise recovery all the way out to the leaves in spite of the leaves using less secure key management methods.

      bivalent-key-management-infrastructure

      To elaborate, in a cooperative delegation, the key generation and storage functions of the delegator and delegate, in terms of the controlling private keys, may be completely isolated from each other. This means that each may use its own independent key management infrastructure with no movement of private keys between the two infrastructures. We call this a bivalent key management infrastructure.

      Source Universal Identifier Theory by Samuel Smith

      Also see

      MultivalentUnivalent

  • blake3

    • WebOfTrust

      blake3

      Definition

      BLAKE3 is a relatively young (2020) cryptographic hash function based on Bao and BLAKE2.

      Features and programming languages

      BLAKE3 is a single algorithm with many desirable features (parallelism, XOF, KDF, PRF and MAC), in contrast to BLAKE and BLAKE2, which are algorithm families with multiple variants. BLAKE3 has a binary tree structure, so it supports a practically unlimited degree of parallelism (both SIMD and multithreading) given long enough input.

      The official Rust and C implementations[24] are dual-licensed as public domain (CC0) and the Apache License.

      Fast, parallel and streaming

      BLAKE3 is designed to be as fast as possible. It is consistently a few times faster than BLAKE2. The BLAKE3 compression function is closely based on that of BLAKE2s, with the biggest difference being that the number of rounds is reduced from 10 to 7, a change based on the assumption that current cryptography is too conservative. In addition to providing parallelism, the Merkle tree format also allows for verified streaming (on-the-fly verifying) and incremental updates.

  • blind oobi

    • WebOfTrust

      blind oobi

      Definition

      A blind OOBI means that you have some mechanisms in place for verifying the AID instead of via the OOBI itself. A blind OOBI is essentially a URL. It's called "blind" because the witness is not in the OOBI itself. You haves other ways of verifying the AID supplied.

      Example

      A blind OOBI through an AID that is on some witness list and has been verified to root-of-trust already. So you know the human being behind this referred AID. Because it's an AID that has a KEL out there, which has been securely established, you can trust it. So a blind OOBI makes a via-via commitment.

      The working

      A natural person that you trust is an owner of an AID. Then you cryptographically commit this AID to another AID through some mechanism (e.g. a witness list).

      "Here's my public key and here's my AID and because this in an another witness list I trust it."

      Unblind

      A 'blind' AID becomes "unblind" when you establish a direct relationship with human being who controls the referenced AID. You shortcut the blind OOBI because you established a direct OOBI to the formerly reference AID.

      Why is a blind OOBI interesting

      type 2 authentication: minimise the friction| TBW prio 3 |

      Related terms

      Authentication by reference, latent authenticity

  • blinded revocation registry

    • WebOfTrust

      blinded revocation registry

      Definition

      The current state of a transaction event log (TEL) may be hidden or blinded such that the only way for a potential verifier of the state to observe that state is when the controller of a designated AID discloses it at the time of presentation.

      | TBW: BE CAREFUL WITH THE REST, JUST TEXT SNIPPETS TYPED IN FROM A CONVERSATION |

      No information can be obtained via a rainbow table attack because the hash has enough entropy added to it.

      | TBW | on the basis of the last half hour of the recording ACDC meetup Dec 6 }

      The issuer creates and signs the bulk issuance set of credentials and shares a salt with the presenters.The shared salt correlates between the issuer and the issuee, but that is the worst problem we have to consider, which is acceptable.

      See more in the section blindable state tel

      Important observation

      The presenter does the decomposition in a way that allows a verifier to conclude: "Yes that was an approved schema issued by the issuer!"

  • blockchain

    • ToIP

      A distributed digital ledger of cryptographically-signed transactions that are grouped into blocks. Each block is cryptographically linked to the previous one (making it tamper evident) after validation and undergoing a consensus decision. As new blocks are added, older blocks become more difficult to modify (creating tamper resistance). New blocks are replicated across copies of the ledger within the network, and any conflicts are resolved automatically using established rules.

      Source: NIST-CSRC

      Supporting definitions:

      Wikipedia: A distributed ledger with growing lists of records (blocks) that are securely linked together via cryptographic hashes. Each block contains a cryptographic hash of the previous block, a timestamp, and transaction data (generally represented as a Merkle tree, where data nodes are represented by leaves). Since each block contains information about the previous block, they effectively form a chain (compare linked list data structure), with each additional block linking to the ones before it. Consequently, blockchain transactions are irreversible in that, once they are recorded, the data in any given block cannot be altered retroactively without altering all subsequent blocks.

  • bran

    • WebOfTrust

      bran

      Definition

      A cryptographic string used as a primary input, a seed, for creating key material for and autonomic-identifier.

      Usages

      This is used in Signify TS:

      • Controller constructor argument
        constructor(bran: string, tier: Tier, ridx: number = 0, state: any | null = null) {     this.bran = MtrDex.Salt_128 + 'A' + bran.substring(0, 21)  // qb64 salt for seed     this.stem = "signify:controller"     this.tier = tier     this.ridx = ridx     this.salter = new Salter({ qb64: this.bran, tier: this.tier })...
      Sources

      Quote, a Zoom chat message, from Dr. Sam Smith on 8/22/23 in the Tuesday morning KERI & ACDC ToIP specification discussion call:

      We already use seed and salt for something else so bran is related to seed so we used a term that was evocative of its use but not conflict with already used seed

  • branch

    • WebOfTrust

      branch

      Definition

      In software development a 'branch' refers to the result of branching: the duplication of an object under version control for further separate modification.

      More info on Wikipedia

      Branching, in version control and software configuration management, is the duplication of an object under version control (such as a source code file or a directory tree). Each object can thereafter be modified separately and in parallel so that the objects become different. In this context the objects are called branches. The users of the version control system can branch any branch.

  • broadcast

    • ToIP

      In computer networking, telecommunication and information theory, broadcasting is a method of transferring a message to all recipients simultaneously. Broadcast delivers a message to all nodes in the network using a one-to-all association; a single datagram (or packet) from one sender is routed to all of the possibly multiple endpoints associated with the broadcast address. The network automatically replicates datagrams as needed to reach all the recipients within the scope of the broadcast, which is generally an entire network subnet.

      Source: Wikipedia.

      See also: anycast, multicast, unicast.

      Supporting definitions:

      NIST-CSRC: Transmission to all devices in a network without any acknowledgment by the receivers.

  • broadcast address

  • broken object level authorization

    • WebOfTrust

      broken object level authorization

      Definition

      Refers to security flaws where users can access data they shouldn't, due to inadequate permission checks on individual (sub)objects.

  • brv

    • WebOfTrust

      brv

      Definition

      brv = backed vc revoke, registry-backed transaction event log credential revocation

  • byzantine agreement

    • WebOfTrust

      byzantine agreement

      Definition

      (non PoW) Byzantine Agreement is Byzantine fault tolerance of distributed computing systems that enable them to come to consensus despite arbitrary behavior from a fraction of the nodes in the network. BA consensus makes no assumptions about the behavior of nodes in the system. Practical Byzantine Fault Tolerance (pBFT) is the prototypical model for Byzantine agreement, and it can reach consensus fast and efficiently while concurrently decoupling consensus from resources (i.e., financial stake in PoS or electricity in PoW).

      Stellar

      More about the Stellar consensus protocol

      "What if PBFT and Stellar had a baby?that was missing liveness and total ordering but had safety and was completely decentralized, portable, and permission-less? It would be named KERI."SamMSmith
  • byzantine fault tolerance

    • WebOfTrust

      byzantine fault tolerance

      Definition

      A Byzantine fault (also interactive consistency, source congruency, error avalanche, Byzantine agreement problem, Byzantine generals problem, and Byzantine failure) is a condition of a computer system, particularly distributed computing systems, where components may fail and there is imperfect information on whether a component has failed. The term takes its name from an allegory, the "Byzantine Generals Problem", developed to describe a situation in which, in order to avoid catastrophic failure of the system, the system's actors must agree on a concerted strategy, but some of these actors are unreliable.In a Byzantine fault, a component such as a server can inconsistently appear both failed and functioning to failure-detection systems, presenting different symptoms to different observers. It is difficult for the other components to declare it failed and shut it out of the network, because they need to first reach a consensus regarding which component has failed in the first place.Byzantine fault tolerance (BFT) is the dependability of a fault-tolerant computer system to such conditions.

      Consensus two third

      A system has Byzantine Fault Tolerance (BFT) when it can keep functioning correctly as long as two-thirds of the network agree or reaches consensus. BFT is a property or characteristic of a system that can resist up to one-third of the nodes failing or acting maliciously.

      The pBFT model primarily focuses on providing a practical Byzantine state machine replication that tolerates Byzantine faults (malicious nodes) through an assumption that there are independent node failures and manipulated messages propagated by specific, independent nodes.The algorithm is designed to work in asynchronous systems and is optimized to be high-performance with an impressive overhead runtime and only a slight increase in latency. More on wikipedia about

      More on Wikipedia
  • certificate authority

    • ToIP

      The entity in a public key infrastructure (PKI) that is responsible for issuing public key certificates and exacting compliance to a PKI policy.

      Source: NIST-CSRC.

      Also known as: certification authority.

      Supporting definitions:

      Wikipedia: In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others (relying parties) to rely upon signatures or on assertions made about the private key that corresponds to the certified public key. A CA acts as a trusted third party—trusted both by the subject (owner) of the certificate and by the party relying upon the certificate.[1] The format of these certificates is specified by the X.509 or EMV standard.

  • certificate transparency

    • WebOfTrust

      certificate transparency

      Definition

      Certificate Transparency (CT) is an Internet security standard and open source framework for monitoring and auditing digital certificates. The standard creates a system of public logs that seek to eventually record all certificates issued by publicly trusted certificate authorities, allowing efficient identification of mistakenly or maliciously issued certificates. As of 2021, Certificate Transparency is mandatory for all SSL/TLS certificates.

      2011 Diginotar Attack

      Certificate Transparency was a response to the 2011 attack on DigiNotar and other Certificate Authorities. These attacks showed that the lack of transparency in the way CAs operated was a significant risk to the Web Public Key Infrastructure. It led to the creation of this ambitious project to improve security online by bringing accountability to the system that protects HTTPS.

      More information

      More on certificate.transparency.dev and Wikipedia.

  • certification (of a party)

    • ToIP

      A comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.

      Source: NIST-CSRC.

  • certification authority

  • certification body

  • cesr proof signatures

    • WebOfTrust

      cesr proof signatures

      Definition

      CESR Proof Signatures are an extension to the Composable Event Streaming Representation [CESR] that provide transposable cryptographic signature attachments on self-addressing data (SAD) [SAID]. Any SAD, such as an Authentic Chained Data Container (ACDC) Verifiable Credential [ACDC] for example, may be signed with a CESR Proof Signature and streamed along with any other CESR content. In addition, a signed SAD can be embedded inside another SAD and the CESR proof signature attachment can be transposed across envelope boundaries and streamed without losing any cryptographic integrity.
      (Philip Feairheller, IETF-cesr-proof)

  • cesride

    • WebOfTrust

      cesride

      Definition

      is concerned with parsing CESR primitives.

      Cesride is built from cryptographic primitives that are named clearly and concisely. There are:

      Each primitive will have methods attached to it that permit one to generate and parse the qualified base2 or base64 representation. Common methods you'll find:

      • .qb64() - qualified base-64 representation of cryptographic material as a string
      • .qb64b() - qualified base-64 representation of cryptographic material as octets (bytes)
      • .qb2() - qualified base-2 representation of cryptographic material as octets (bytes)
      • .code() - qualifying code (describes the type of cryptographic material)
      • .raw() - raw cryptographic material (unqualified) as octets (bytes)

      Source by Jason Colburne

      Related

      Parside

    • WebOfTrust

      chain link confidentiality

      Definition

      Chains together a sequence of Disclosees which may also include a set of constraints on data usage by both second and third parties expressed in legal language such that the constraints apply to all recipients of the disclosed data thus the phrase "chain link" confidentiality. Each Disclosee in the sequence in turn is the Discloser to the next Disclosee.

      This is the primary mechanism of granting digital data rights through binding information exchange to confidentiality laws. Confidentiality is dynamically negotiated on a per-event, per-data exchange basis according to the data that is being shared in a given exchange.

      Contrast

      Disclosures via Presentations Exchanges may be contractually protected by Chain-Link Confidentiality (i.e. a Chain-Link Confidential disclosure). The chaining in this case is different from the chaining described above between Issuances in a DAG of chained Issuances. Chain-link confidentiality, in contrast, chains together a sequence of Disclosees.
      More info at source

      Article Woodrow Hartzog

      An important article on the topic can be found here:
      Woodrow Hartzog “Chain-Link Confidentiality”

  • chain of custody

    • WebOfTrust

      chain of custody

      Definition

      From Wikipedia (Source):Chain of custody (CoC), in legal contexts, is the chronological documentation or paper trail that records the sequence of custody, control, transfer, analysis, and disposition of materials, including physical or electronic evidence. Of particular importance in criminal cases, the concept is also applied in civil litigation and more broadly in drug testing of athletes and in supply chain management, e.g. to improve the traceability of food products, or to provide assurances that wood products originate from sustainably managed forests.

      New technology shortens CoC

      It is often a tedious process that has been required for evidence to be shown legally in court. Now, however, with new portable technology that allows accurate laboratory quality results from the scene of the crime, the chain of custody is often much shorter which means evidence can be processed for court much faster.
      (Source)

  • chain of trust

  • chained credentials

  • chaining

  • challenge

    • digital.govt.nz

      (verb) to order (a person) to halt and be identified or to give a password[Source: Dictionary]Additional note:Note 1: A challenger issues a challenge and a responder replies.
  • channel

  • cigar

  • ciphertext

  • claim

    • Nist

      A true-false statement about the limitations on the values of an unambiguously defined property called the claims property; and limitations on the uncertainty of the propertys values falling within these limitations during the claims duration of applicability under stated conditions.
    • ToIP

      An assertion about a subject, typically expressed as an attribute or property of the subject. It is called a “claim” because the assertion is always made by some party, called the issuer of the claim, and the validity of the claim must be judged by the verifier. 

      Supporting definitions:

      W3C VC: An assertion made about a subject.

      Wikipedia: A claim is a statement that one subject, such as a person or organization, makes about itself or another subject. For example, the statement can be about a name, group, buying preference, ethnicity, privilege, association or capability.

      Note: If the issuer of the claim is also the subject of the claim, the claim is self-asserted.

    • WebOfTrust

      claim

      Definition

      An assertion of the truth of something, typically one which is disputed or in doubt. A set of claims might convey personally identifying information: name, address, date of birth and citizenship, for example. (Source).

  • clone

    • WebOfTrust

      clone

      Definition

      A copy of a system that is - and works exactly as the original

      More detail

      In computing, a clone is hardware or software that is designed to function in exactly the same way as another system.

      A specific subset of clones are remakes (or remades), which are revivals of old, obsolete, or discontinued products.
      Source Wikipedia

  • cloud agent

    • WebOfTrust

      cloud agent

      Definition

      Cloud agent is software that is installed on the cloud server instances in order to provide security, monitoring, and analysis solutions for the cloud. They actually provide information and helps to provide control over cloud entities.
      Paraphrased by @henkvancann based on source.
      Also see Agent.

      Cloud computing

      Cloud computing[1] is the on-demand availability of computer system resources, especially data storage (cloud storage) and computing power, without direct active management by the user.
      More at source on Wikipedia

  • code table

  • code table selector

    • WebOfTrust

      code table selector

      Definition

      the first character in the text code of CESR stream that determines which code table to use, either a default code table or a code table selector character when not the default code table. Thus the 1 character text code table must do double duty. It must provide selectors for the different text code tables and also provide type codes for the most popular primitives that have a pad size of 1 that appear is the default code table.

      Selector code table

      See row 1.

  • cold start stream parsing

    • WebOfTrust

      cold start stream parsing

      Definition

      After a reboot (or cold start), a stream processor looks for framing information to know how to parse groups of elements in the stream.

      If that framing information is ambiguous then the parser may become confused and require yet another cold start. While processing a given stream a parser may become confused especially if a portion of the stream is malformed in some way. This usually requires flushing the stream and forcing a cold start to resynchronize the parser to subsequent stream elements.

      re-synchronization

      Better than flushing the stream and forcing a cold start is a re-synchronization mechanism that does not require flushing the in-transit buffers but merely skipping to the next well-defined stream element boundary in order to execute a cold start.
      See an example in the source

      CESR related

      Special CESR count codes support re-synchronization at each boundary between interleaved CESR and other serializations like JSON, CBOR, or MGPK.

  • collective signature

    • WebOfTrust

      collective signature

      Definition

      a group signature scheme, that (i) is shared by a set of signing groups and (ii) combined collective signature shared by several signing groups and several individual signers. The protocol of the first type is constructed and described in detail. It is possible to modify the described protocol which allows transforming the protocol of the first type into the protocol of the second type. The proposed collective signature protocols have significant merits, one of which is connected with possibility of their practical using on the base of the existing public key infrastructures.
      Source

      Collective signature have a variable length as a function of the number of signers.

  • collision

    • Nist

      An event in which two different messages have the same message digest.
    • WebOfTrust

      collision

      Definition

      In cryptography and identity collision generally refers to something going wrong because an identical result has been produced but it refers to - or points to - different sources or assets backing this result.

      E.g. two hashes collide, meaning two different digital sources produce the same hash.
      Another example is name(space) collision.

      Naming collision

      A circumstance where two or more identifiers in a given namespace or a given scope cannot be unambiguously resolved.
      Source Wikipedia

  • communication

  • communication channel

    • ToIP

      A communication channel refers either to a physical transmission medium such as a wire, or to a logical connection over a multiplexed medium such as a radio channel in telecommunications and computer networking. A channel is used for information transfer of, for example, a digital bit stream, from one or several senders to one or several receivers.

      Source: Wikipedia.

      See also: ToIP channel.

      Supporting definitions:

      eSSIF-Lab: a (digital or non-digital) means by which two actors can exchange messages with one another.

  • communication endpoint

    • ToIP

      A type of communication network node. It is an interface exposed by a communicating party or by a communication channel. An example of the latter type of a communication endpoint is a publish-subscribe topic or a group in group communication systems.

      Source: Wikipedia.

      See also: ToIP endpoint.

  • communication metadata

  • communication session

    • ToIP

      A finite period for which a communication channel is instantiated and maintained, during which certain properties of that channel, such as authentication of the participants, are in effect. A session has a beginning, called the session initiation, and an ending, called the session termination.

      Supporting definitions:

      NIST-CSRC: A persistent interaction between a subscriber and an end point, either a relying party or a Credential Service Provider. A session begins with an authentication event and ends with a session termination event. A session is bound by use of a session secret that the subscriber’s software (a browser, application, or operating system) can present to the relying party or the Credential Service Provider in lieu of the subscriber’s authentication credentials.

      Wikipedia: In computer science and networking in particular, a session is a time-delimited two-way link, a practical (relatively high) layer in the TCP/IP protocol enabling interactive expression and information exchange between two or more communication devices or ends – be they computers, automated systems, or live active users (see login session). A session is established at a certain point in time, and then ‘torn down’ - brought to an end - at some later point. An established communication session may involve more than one message in each direction. A session is typically stateful, meaning that at least one of the communicating parties needs to hold current state information and save information about the session history to be able to communicate, as opposed to stateless communication, where the communication consists of independent requests with responses. An established session is the basic requirement to perform a connection-oriented communication. A session also is the basic step to transmit in connectionless communication modes. However, any unidirectional transmission does not define a session.

  • compact event streaming representation (CESR)

    • ToIP (DID:Webs)

      An encoding format that enables round-trip text-binary conversion of concatenated cryptographic primitives and general data types, as defined by the CESR specification and CESR Proof Signature specification. See WebOfTrust glossary for more detail.
  • compact variant

    • WebOfTrust

      compact variant

      Definition

      Either a most compact version of an ACDC or the fully compact version of an ACDC. An Issuer commitment via a signature to any variant of ACDC (compact, full, etc) makes a cryptographic commitment to the top-level section fields shared by all variants of that ACDC because the value of a top level section field is either the SAD or the SAID of the SAD of the associated section.

      Relation

      All the variants of an ACDC are various degrees of expansion of the compact variant.
      More at source

      Also see

      Fully (expanded) version of an ACDC
      Fully compact(ed) version of an ACDC
      Most compact version of an ACDC.

  • complementary integrity verification

    • WebOfTrust

      complementary integrity verification

      Definition

      A mechanism that can verify integrity independent of needing access to a previous instance or reference version of the information for comparison.
      Source: Neil Thomson

      Complementary nature

      Independent Integrity Verification is what is achieved by use of a public key from the data "controller" such that it does not need to compare received data/messages against the sent data/message.

      The already verified chain up to a certain point in time in the past (previous instance or reference version) no longer needs to be verified.

      Example: The tail of a KEL that has been verified to its root-of-trust on a certain date and time, can be cut off. You don't need to verify this any more from this date.

      See also

      integrity
      verified integrity

  • complex password

    • ToIP

      A password that meets certain security requirements, such as minimum length, inclusion of different character types, non-repetition of characters, and so on.

      Supporting definitions:

      Science Direct: According to Microsoft, complex passwords consist of at least seven characters, including three of the following four character types: uppercase letters, lowercase letters, numeric digits, and non-alphanumeric characters such as & $ * and !

  • compliance

  • comply ~ance

    • digital.govt.nz

      to act in accordance with rules, wishes, etc; be obedient (to)[Source: Dictionary]
  • composability

  • composable

  • composable event streaming representation

    • WebOfTrust

      composable event streaming representation

      Definition

      Also called 'CESR'. This compact encoding scheme fully supports both textual and binary streaming applications of attached crypto material of all types. This approach includes composability in both the textual and binary streaming domains. The primitives may be the minimum possible but still composable size.

      Making composability a guaranteed property allows future extensible support of new compositions of streaming formats based on pre-existing core primitives and compositions of core primitives. This enables optimized stream processing in both the binary and text domains.

  • concatenation

    • WebOfTrust

      concatenation

      In formal language theory and computer programming, string concatenation is the operation of joining character strings end-to-end. For example, the concatenation of "snow" and "ball" is "snowball".
      More on source Wikipedia page

      KERI related

      In CESR Concatenation is an important property of CESR's Composability; it is associative and may be applied to any two primitives or any two groups or sets of concatenated primitives.

      The composability property of CESR allows us to create arbitrary compositions of primitives via concatenation in either the text or binary domain and then convert the composition en masse to the other domain and then de-concatenate the result without loss. The self-framing property of the primitives enables de-concatenation.

  • concept

    • ToIP

      An abstract idea that enables the classification of entities, i.e., a mental construct that enables an instance of a class of entities to be distinguished from entities that are not an instance of that class. A concept can be identified with a term.

      Supporting definitions:

      eSSIF-Lab: the ideas/thoughts behind a classification of entities (what makes entities in that class 'the same').

      Wikipedia: A concept is defined as an abstract idea. It is understood to be a fundamental building block underlying principles, thoughts and beliefs. Concepts play an important role in all aspects of cognition.

  • concise binary object representation

    • WebOfTrust

      concise binary object representation

      Definition

      It is a binary data serialization format loosely based on JSON authored by C. Bormann. Like JSON it allows the transmission of data objects that contain name–value pairs, but in a more concise manner. This increases processing and transfer speeds at the cost of human readability.

      IETF specification

      It is defined in IETF RFC 8949.[1]

      MessagePack

      CBOR was inspired by MessagePack, which was developed and promoted by Sadayuki Furuhashi. CBOR extended MessagePack, particularly by allowing to distinguish text strings from byte strings, which was implemented in 2013 in MessagePack.[4][5]

      More on Wikipedia

      CBOR

  • confidential computing

    • ToIP

      Hardware-enabled features that isolate and process encrypted data in memory so that the data is at less risk of exposure and compromise from concurrent workloads or the underlying system and platform.

      Source: NIST-CSRC.

      Supporting definitions:

      Wikipedia: Confidential computing is a security and privacy-enhancing computational technique focused on protecting data in use. Confidential computing can be used in conjunction with storage and network encryption, which protect data at rest and data in transit respectively. It is designed to address software, protocol, cryptographic, and basic physical and supply-chain attacks, although some critics have demonstrated architectural and side-channel attacks effective against the technology.

  • confidentiality

    • ToIP

      In a communications context, a type of privacy protection in which messages use encryption or other privacy-preserving technologies so that only authorized parties have access.

      See also: authenticity, correlation privacy.

      Supporting definitions:

      NIST-CSRC: Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.

      Wikipedia: Confidentiality involves a set of rules or a promise usually executed through confidentiality agreements that limits the access or places restrictions on certain types of information.

    • WebOfTrust

      confidentiality

      Definition

      All statements in a conversation are only known by the parties to that conversation. Source: Samuel Smith, at IIW-37, Oct 2023.

      Confidentiality involves a set of rules or a promise usually executed through confidentiality agreements that limits the access or places restrictions on certain types of information.
      More on source Wikipedia

      KERI related

      The three properties, authenticity, confidentiality, and privacy inhabit a trade space. ...One can have any two of the three (privacy, authenticity, confidentiality) at the highest level but not all three.
      The trilemma insists that one must make a trade-off by prioritizing one or two properties over a third.

      The ToIP design goals reflect that trade-off and provide an order of importance. The design goals indicate that one should start with high authenticity, then high confidentiality, and then as high as possible privacy, given there is no trade-off with respect to the other two.

      More on Source Samuel Smith SPAC whitepaper.

      Also see
  • configuration files

  • connection

  • consensus mechanism

    • WebOfTrust

      consensus mechanism

      Definition

      How groups of entitities come to decisions. In general to learn about consensus mechanisms read any textbook on decision making, automated reasoning, multi-objective decision making, operations research etc.

      Overall reliability

      A fundamental problem in distributed computing and multi-agent systems is to achieve overall system reliability in the presence of a number of faulty processes. This often requires coordinating processes to reach consensus, or agree on some data value that is needed during computation.

      More information

      More on wikipedia or in this 2018 report from the cryptocurrency field.

  • consent management

    • ToIP

      A system, process or set of policies under which a person agrees to share personal data for specific usages. A consent management system will typically create a record of such consent.

      Supporting definitions:

      Wikipedia: Consent management is a system, process or set of policies for allowing consumers and patients to determine what health information they are willing to permit their various care providers to access. It enables patients and consumers to affirm their participation in e-health initiatives and to establish consent directives to determine who will have access to their protected health information (PHI), for what purpose and under what circumstances. Consent management supports the dynamic creation, management and enforcement of consumer, organizational and jurisdictional privacy policies.

  • consequence

    • digital.govt.nz

      outcome of an event affecting objectives[Source: ISO 31073:2022]Additional notes:Note 1: A consequence can have positive or negative, direct or indirect, effects on objectives.Note 2: Consequences can be expressed qualitatively or quantitatively.Note 3: Any consequences can escalate through cascading and cumulative effects.
  • content addressable hash

    • WebOfTrust

      content addressable hash

      Definition

      Finding content by a hash of this content, generated by a one-way hash function applied to the content.

      Content addressing is a way to find data in a network using its content rather than its location. The way we do is by taking the content of the content and hashing it. Try uploading an image to IPFS and get the hash using the below button.

      Content Addressable Storage

      Content Addressable Storage systems work by passing the content of the file through a cryptographic hash function to generate a unique key, the "content address". The file system's directory stores these addresses and a pointer to the physical storage of the content. Because an attempt to store the same file will generate the same key, CAS systems ensure that the files within them are unique, and because changing the file will result in a new key, CAS systems provide assurance that the file is unchanged.

      IPFS

      In the IPFS ecosystem, this hash is called Content Identifier, or CID.

  • context

    • digital.govt.nz

      environment with defined boundary conditions in which entities exist and interact[Source: ITU-T X.1252]
  • contextual linkability

    • WebOfTrust

      contextual linkability

      Definition

      Refers to the condition where vendors or other data capture points provide enough context at point of capture to be able to use statistical correlation with existing data sets to link any of a person's disclosed attributes to a set of already known data points about a given person.

      This sort of linkability nullifies the perceived protection of selective disclosure through zero knowledge proofs since the disclosed data can be combined with context to easily link the disclosed data to an existing profile of the person.

      These threats mainly focus on a subject (the entity) who wants to hide as much of his identifiable information (or at least make it as unlikable as possible). This can occur when the subject wants to authenticate himself to a certain service (multiple authentication principles are shown in the tree), but also during regular communication (browsing, client-server requests, etc.) by means of the contextual information connected or linked to the the activity or communication.
      More at source

      Contractually protected disclosure is the primary defense against contextual linkability.

      Example

      Cameras in stores are already able to identify you due to the extremely high prevalence of modern security systems who do facial recognition or mobile device ping recognition on each person entering the premises of a store. In the context of you buying stuff in their store they can capture data linked to you and then go and sell your data to third parties since there is an implicit grant of permission to use the data and also since there are no legal constraints on the distribution of that data.

      Dangers

      Just have a look at what "they" are doing:
      https://linkgraph.io/blog/how-to-contextual-link-building/

  • contiguous

    • digital.govt.nz

      immediately preceding or following in time[Source: Dictionary modified by adding immediately]Additional note:Note 1: When applied to authentication, multiple factors are tested in such adjacent steps, that they are considered part of a single process.
  • contingent disclosure

  • contractually protected disclosure

    • WebOfTrust

      contractually protected disclosure

      Definition

      Usage of schema-based and contract-based controls to limit the exchange of information to provide both mechanical and legal protection on the sharing of data.

      Mechanical protection is composed of sharing the schema of the data to be shared prior to sharing the actual data contents. This mechanical protection is then combined through the IPEX protocol with disclosures of legal contracts to be agreed to prior to sharing the desired data contents.

      Once the legal agreements have been met then the disclosure mechanism exchanges the desired data contents.

      This is also the most elaborate form of disclosure by an IPEX. Contractually protected disclosure includes both chain-link confidential and contingent disclosure.
      Paraphrased by @henkvancann based on source

      Relation

      This IPEX protocol leverages important features of ACDCs and ancillary protocols such as CESR, SAIDs, and CESR-Proofs as well as Ricardian contracts and graduated disclosure (partial, selective, full) to enable contractually protected disclosure. Contractually protected disclosure includes both [chain-link confidential](chain-link confidential) and [contingent disclosure](contingent disclosure).

      Rule

      The disclosure performed by a presentation exchange MAY be graduated and MAY be contractually protected.

  • control

    • digital.govt.nz

      (verb) to command, direct, or rule[Source: Dictionary]Additional note:Note 1: Control is also used outside the context of risk mitigation. For example, to indicate the ability for an authenticator holder to retain use of their authenticator.
  • control authority

    • WebOfTrust

      control authority

      Definition

      In identity systems Control Authority is who controls what and that is the primary factor in determining the basis for trust in them. The entity with control authority takes action through operations that affect the

      • creation (inception)
      • updating
      • rotation
      • revocation
      • deletion
      • and delegation of the authentication factors and their relation to the identifier.
      Source of truth

      How these events are ordered and their dependence on previous operations is important. The record of these operations is the source of truth for the identity system.

      Change control authority

      In the 2022 implementation of KeriPy two rotations were required to change control authority.In new rotation rules, you can rotate to new keys that aren't in the prior next key digests. You just need to reach the appropriate thresholds of prior-next-threshold and current-signing-threshold. So you now only need one rotation to change control authority.
      Note: This change was the forcing function to require dual indexed codes in CESR.

  • controlled document

  • controller

    • ToIP (DID:Webs)

      A controlling entity that can cryptographically prove the control authority (signing and rotation) over an AID as well as make changes on the associated KEL. A controller may consist of multiple controlling entities in a multi-signature scheme. See WebOfTrust glossary for more detail.
    • WebOfTrust

      controller

      Definition

      A controller is a controlling entity (person, organization, or autonomous software) of an identifier. For an autonomic identifier (AID), a controlling entity has the capability to make changes to the key event log (KEL) of the AID. This capability is typically asserted by the control of a set of cryptographic keys used by software acting on behalf of the controller, though it might also be asserted via other mechanisms.

      At any point in time, an identifier has at least one but may have more than one controlling entity. This set of controlling entities constitutes the controller. Without loss of generality, when the context is unambiguous, the term controller may refer either to the whole set or a member of the set of controlling entities.

      All key events on the identifier must include a signature from the sole controlling entity when there is only one controlling entity or at least one signature from one of the controlling entities when there is more than one. Typically, when there is more than one controlling entity, control is established via signatures from all or a subset of controlling entities. This is called multi-signature (multi-sig). In a threshold multi-sig scheme, the control authority is split among the controlling entities, where each is assigned a weight. In this case, the control authority over the identifier is established via signatures from a subset of controlling entities whose combined weights exceed an agreed threshold. These thresholded multiple signatures may be expressed as a single collective threshold signature when a collective signing scheme is used.

      The control authority over an identifier can also be divided into signing authority and rotation authority. The controller of the identifier may grant their authority to other entities. For example, in custodial rotation, the controller grants a designated custodial agent the signing authority while retaining their rotation authority. In the case of a delegated identifier, the delegated identifier is granted some degree of control authority from its delegating identifier.

  • controller (of a key, vault, wallet, agent, or device)

  • cooperative delegation

    • WebOfTrust

      cooperative delegation

      Definition

      The way KERI addresses the security-cost-performance architecture trade-off is via delegation of identifier prefixes. Delegation includes a delegator and a delegate. For this reason we may call this a cooperative delegation. This is a somewhat novel form of delegation. A major advantage of cooperative delegation is the delegator’s key management protects the delegate’s via recovery by the delegator. With cooperative delegation, any exploiter that compromises only the delegate’s authoritative keys may not capture control authority of the delegate. Any exploit of the delegate only is recoverable by the delegator.

      Source Universal Identifier Theory by Samuel Smith

  • coroutines

  • correlate~ion

    • digital.govt.nz

      to place or be placed in a mutual, complementary, or reciprocal relationship[Source: Dictionary]
  • correlation

    • WebOfTrust

      correlation

      Definition

      In our scope this is an identifier used to indicate that external parties have observed how wallet contents are related.

      Example

      When a public key is reused, it conveys that some common entity is controlling both identifiers. Tracking correlation allows for software to warn when some new information might be about to be exposed, for example: "Looks like you are about to send cryptocurrency, from an account you frequently use to a new account you just created."

  • correlation privacy

  • corroborate~ing

    • digital.govt.nz

      to confirm or support (facts, opinions, etc), esp by providing fresh evidence[Source: Dictionary]
  • count code

  • counterparty

  • credential

    • digital.govt.nz

      an artefact created as the result of a series of processes that bind an entity with information and an authenticator, on which other parties relyAdditional note:Note 1: At a minimum a credential includes an authenticator and information to enable presentation.
    • Nist

      Evidence attesting to ones right to credit or authority. In this Standard, it is the PIV Card or derived PIV credential associated with an individual that authoritatively binds an identity (and, optionally, additional attributes) to that individual.
    • ToIP

      A container of claims describing one or more subjects. A credential is generated by the issuer of the credential and given to the holder of the credential. A credential typically includes a signature or some other means of proving its authenticity. A credential may be either a physical credential or a digital credential.

      See also: verifiable credential.

      Supporting definitions:

      eSSIF-Lab: data, representing a set of assertions (claims, statements), authored and signed by, or on behalf of, a specific party.

      W3C VC: A set of one or more claims made by an issuer.

    • WebOfTrust

      credential

      Definition

      Evidence of authority, status, rights, entitlement to privileges, or the like.
      (source)
      A credential has its current state and a history, which is captured in a doc or a graph.

      ACDC specific

      The credential is the whole graph.
      The pointers in the doc that contain the whole graph are universally globally distributable references via the SAIDs. Whereas in other credential systems pointers are only local in a credential doc.

  • credential family

  • credential governance framework

  • credential offer

  • credential provider

    • digital.govt.nz

      the party accountable for the establishment and presentation facilitation of a credentialAdditional note:Note 1: A Credential Provider may employ other parties in the carrying out of their function.
  • credential request

  • credential schema

  • criterion

    • ToIP

      In the context of terminology, a written description of a concept that anyone can evaluate to determine whether or not an entity is an instance or example of that concept. Evaluation leads to a yes/no result.

  • crypto libraries

    • WebOfTrust

      crypto libraries

      Definition

      Cryptography libraries deal with cryptography algorithms and have API function calls to each of the supported features.

      Selection criteria

      Criteria to chose one or the other:

      • Open Source (most of them are)
      • Compliant with standards
      • Key operations include key generation algorithms, key exchange agreements and public key cryptography standards.
      • Supported cryptographic hash functions
      • Implementations of message authentication code (MAC) algorithms
      • Implementations of block ciphers
      • Hardware-assisted support
      • Code size and code to comment ratio
      • Composable derivation codes

      See a comparison here at Wikipedia.

  • cryptocurrency

    • WebOfTrust

      cryptocurrency

      Definition

      A digital asset designed to work as a medium of exchange wherein individual coin ownership records are stored in a digital ledger or computerized database using strong cryptography to secure transaction record entries, to control the creation of additional digital coin records.
      See more on source Wikipedia.

      KERI related

      KERI doesn't need total global ordering, whereas cryptocurrencies do need this. As a consequence has been designed, without the need of a consensus-based distributed ledger (blockchain).

      KERI doesn't provide for a currency system, however a KERI-based system can be easily extended with a money - or token system.

      See also Non Fungible Tokens.

  • cryptographic binding

    • ToIP

      Associating two or more related elements of information using cryptographic techniques.

      Source: NIST-CSRC.

  • cryptographic commitment scheme

    • WebOfTrust

      cryptographic commitment scheme

      Definition

      is a cryptographic primitive that allows one to commit to a chosen value (or chosen statement) while keeping it hidden to others, with the ability to reveal the committed value later.

      Commitment schemes are designed so that a party cannot change the value or statement after they have committed to it: that is, commitment schemes are binding.
      More on wikipedia

  • cryptographic key

    • ToIP

      A key in cryptography is a piece of information, usually a string of numbers or letters that are stored in a file, which, when processed through a cryptographic algorithm, can encode or decode cryptographic data. Symmetric cryptography refers to the practice of the same key being used for both encryption and decryption. Asymmetric cryptography has separate keys for encrypting and decrypting. These keys are known as the public keys and private keys, respectively.

      Source: Wikipedia.

      See also: controller.

  • cryptographic primitive

  • cryptographic strength

    • WebOfTrust

      cryptographic strength

      Definition

      The term "cryptographically strong" is often used to describe an encryption algorithm, and implies, in comparison to some other algorithm (which is thus cryptographically weak), greater resistance to attack. But it can also be used to describe hashing and unique identifier and filename creation algorithms.
      More on Wikipedia

  • cryptographic suite

    • W3C (DID)

      A specification defining the usage of specific cryptographic primitives inorder to achieve a particular security goal. These documents are often usedto specify verification methods, digital signature types,their identifiers, and other related properties.
  • cryptographic trust

  • cryptographic verifiability

  • cryptographically bound

  • cryptographically verifiable

  • cryptonym

    • WebOfTrust

      cryptonym

      Definition

      A code name, call sign or cryptonym is a code word or name used, sometimes clandestinely, to refer to another name, word, project, or person.
      Source Wikipedia

      KERI related

      A cryptographic pseudonymous identifier represented by a string of characters derived from a random or pseudo-random secret seed or salt via a one-way cryptographic function with a sufficiently high degree of cryptographic strength (e.g. 128 bits, see appendix on cryptographic strength. A cryptonym is a type of primitive.
      Due the entropy in its derivation, a cryptonym is a universally unique identifier and only the controller of the secret salt or seed from which the cryptonym is derived may prove control over the cryptonym. Therefore the derivation function MUST be associated with the cryptonym and MAY be encoded as part of the cryptonym itself.\
      Source Smith, ietf-keri draft

  • custodial agent

    • WebOfTrust

      custodial agent

      Definition

      An agent owned by an individual who has granted signing authority to a custodian who is usually also the host of the running agent software. Using partial rotation to facilitate custodial key management the owner of the identifier retains rotational authority and thus the ability to "fire" the custodian at any time without requiring the cooperation of the custodian.

      Importance

      Custodial Agents are important for individuals who may not be comfortable managing their own signing keys and agent software but still want to participate in a decentralized identity ecosystem and they enable a software as a service business model without centralizing control on the service provider.
      (Source: Philip Feairheller)

      Key functionality

      Since ninety-nine percent of people in the world might not feel comfortable taking responsibility for their own practical key management but still want to be stay in control over their assets and be able to hire and fire service providers, this functionality is considered a key feature for KERI and ACDC.

  • custodial rotation

    • WebOfTrust

      custodial rotation

      Definition

      Rotation based on control authority that is split between two key sets. The first for signing authority and the second (pre-roateted) for rotation authority the associated thresholds and key list can be structured in such a way that a designated custodial agent can hold signing authority while the original controller can hold exclusive rotation authority.

      Partial pre-rotation supports the important use case that of custodial key rotation to authorize a custodial agent.
      Paraphrased by @henkvancann on the bases of the IETF-KERI draft 2022 by Samual Smith.

  • custodial wallet

  • custodian

  • custodianship arrangement

  • dark pattern

    • ToIP

      A design pattern, mainly in user interfaces, that has the effect of deceiving individuals into making choices that are advantageous to the designer.

      Source: Kantara PEMC Implementors Guidance Report

      Also known as: deceptive pattern.

  • data

    • ToIP

      In the pursuit of knowledge, data is a collection of discrete values that convey information, describing quantity, quality, fact, statistics, other basic units of meaning, or simply sequences of symbols that may be further interpreted. A datum is an individual value in a collection of data.

      Source: Wikipedia.

      See also: verifiable data.

      Supporting definitions:

      eSSIF-Lab: something (tangible) that can be used to communicate a meaning (which is intangible/information).

  • data anchor

    • WebOfTrust

      data anchor

      Definition

      Data anchors are digests of digital data, that uniquely identify this data. The digest is the anchor and can be used to identify - and point to the data at the same time.

      Anchoring data

      The act of creating the digest of arbitrary data and then hook (or reference) the digest to (in) another data structure is called 'anchoring data'.

      KERI related

      SADs are a type of data anchors.

      Beware

      Link anchors are a totally different concepts.

  • data packet

    • ToIP

      In telecommunications and computer networking, a network packet is a formatted unit of data carried by a packet-switched network such as the Internet. A packet consists of control information and user data; the latter is also known as the payload. Control information provides data for delivering the payload (e.g., source and destination network addresses, error detection codes, or sequencing information). Typically, control information is found in packet headers and trailers.

      Source: Wikipedia.

  • data schema

    • ToIP

      A description of the structure of a digital document or object, typically expressed in a machine-readable language in terms of constraints on the structure and content of documents or objects of that type. A credential schema is a particular type of data schema.

      Supporting definitions:

      Wikipedia: An XML schema is a description of a type of XML document, typically expressed in terms of constraints on the structure and content of documents of that type, above and beyond the basic syntactical constraints imposed by XML itself. These constraints are generally expressed using some combination of grammatical rules governing the order of elements, Boolean predicates that the content must satisfy, data types governing the content of elements and attributes, and more specialized rules such as uniqueness and referential integrity constraints.

  • data subject

  • data vault

  • datagram

  • dead drop

    • WebOfTrust

      dead drop

      Definition

      | TBW | the presenter controls the disclosure so you can't re-identify the data

      Tech meet KERI recording from minute 55, date June 29 2023.

  • decentralized identifier

    • ToIP

      A globally unique persistent identifier that does not require a centralized registration authority and is often generated and/or registered cryptographically. The generic format of a DID is defined in section 3.1 DID Syntax of the W3C Decentralized Identifiers (DIDs) 1.0 specification. A specific DID scheme is defined in a DID method specification.

      Source: W3C DID.

      Also known as: DID.

      See also: DID method, DID URL.

    • WebOfTrust

      decentralized identifier

      Definition

      Decentralized identifiers (DID) are a new type of identifier that enables verifiable, decentralized digital identity. A DID refers to any subject (e.g., a person, organization, thing, data model, abstract entity, etc.) as determined by the controller of the DID.
      Source W3C.org.

      Relation to federated identifiers

      In contrast to typical, federated identifiers, DIDs have been designed so that they may be decoupled from centralized registries, identity providers, and certificate authorities. Specifically, while other parties might be used to help enable the discovery of information related to a DID, the design enables the controller of a DID to prove control over it without requiring permission from any other party.
      Source W3C.org.

      Technical presence

      DIDs are URIs that associate a DID subject with a DID document allowing trustable interactions associated with that subject.
      Source W3C.org.

  • decentralized identifier (DID)

    • ToIP (DID:Webs)

      A globally unique persistent identifier, as defined by DID Core.
    • W3C (DID)

      A globally unique persistent identifier that does not require a centralizedregistration authority and is often generated and/or registeredcryptographically. The generic format of a DID is defined in 3.1 DID Syntax. A specific DID scheme is defined in a DIDmethod specification. Manybut not allDID methods make use ofdistributed ledger technology (DLT) or some other form of decentralizednetwork.
  • decentralized identity

    • ToIP

      A digital identity architecture in which a digital identity is established via the control of a set of cryptographic keys in a digital wallet so that the controller is not dependent on any external identity provider or other third party.

      See also: federated identity, self-sovereign identity.

    • WebOfTrust

      decentralized identity

      Definition

      is a technology that uses cryptography to allow individuals to create and control their own unique identifiers. They can use these identifiers to obtain Verifiable Credentials from trusted organizations and, subsequently, present elements of these credentials as proof of claims about themselves. In this model, the individual takes ownership of their own identity and need not cede control to centralized service providers or companies.

      KERIs definition of decentralization (centralization) is about control not spatial distribution. In our definition decentralized is not necessarily the same as distributed. By distributed we mean that activity happens at more than one site. Thus decentralization is about control and distribution is about place. To elaborate, when we refer to decentralized infrastructure we mean infrastructure under decentralized (centralized) control no matter its spatial distribution. Thus decentralized infrastructure is infrastructure sourced or controlled by more than one entity.

  • decentralized identity management

    • W3C (DID)

      Identitymanagement that is based on the use of decentralized identifiers.Decentralized identity management extends authority for identifier generation,registration, and assignment beyond traditional roots of trust such asX.500 directory services,the Domain Name System,and most national ID systems.
  • decentralized key management infrastructure

  • deceptive pattern

  • decryption

  • deep link

    • ToIP

      In the context of the World Wide Web, deep linking is the use of a hyperlink that links to a specific, generally searchable or indexed, piece of web content on a website (e.g. "https://example.com/path/page"), rather than the website's home page (e.g., "https://example.com"). The URL contains all the information needed to point to a particular item. Deep linking is different from mobile deep linking, which refers to directly linking to in-app content using a non-HTTP URI.

      See also: out-of-band introduction.

      Source: Wikipedia.

  • definition

    • ToIP

      A textual statement defining the meaning of a term by specifying criterion that enable the concept identified by the term to be distinguished from all other concepts within the intended scope.

      Supporting definitions:

      eSSIF-Lab: a text that helps parties to have the same understanding about the meaning of (and concept behind) a term, ideally in such a way that these parties can determine whether or not they make the same distinction.

      Wikipedia: A definition is a statement of the meaning of a term (a word, phrase, or other set of symbols). Definitions can be classified into two large categories: intensional definitions (which try to give the sense of a term), and extensional definitions (which try to list the objects that a term describes). Another important category of definitions is the class of ostensive definitions, which convey the meaning of a term by pointing out examples. A term may have many different senses and multiple meanings, and thus require multiple definitions.

  • delegate

    • digital.govt.nz

      (noun) a person chosen or elected to act for or represent another or others[Source: Dictionary]Additional note:Note 1: Modified to remove reference to conference or meeting.
  • delegated identifier

    • WebOfTrust

      delegated identifier

      Definition

      Matches the act of delegation with the appropriate digital twin. Consequently when applied recursively, delegation may be used to compose arbitrarily complex trees of hierarchical (delegative) key management event streams. This is a most powerful capability that may provide an essential building block for a generic universal decentralized key management infrastructure (DKMI) that is also compatible with the demand of generic event streaming applications.

      More in the whitepaper

      More KERI context

      The KERI design approach is to build composable primitives instead of custom functionality that is so typical of other DKMI approaches:

  • delegate~ed

    • digital.govt.nz

      (verb) to give or commit (duties, powers, etc) to another as agent or representative; depute[Source: Dictionary]
  • delegation

    • ToIP

      TODO

    • WebOfTrust

      delegation

      Definition

      A person or group of persons officially elected or appointed to represent another or others.

      Assign tasks but stay in control

      Delegation can be defined as “the act of empowering to act for another”. With this bestowed power, a person, usually a subordinate, is able to carry out specific activities (normally given by a manager or supervisor). Delegation is a management tool designed to increase the efficiency of an organization. It allows for the goals of the organization to be broken down into tasks and assigned to the team member best suited for the duty.

  • delegation credential

  • dependent

  • derivation code

    • WebOfTrust

      derivation code

      Definition

      To properly extract and use the public key embedded in a self-certifying identifier we need to know the cryptographic signing scheme used by the key pair. KERI includes this very compactly in the identifier, by replacing the pad character (a character used to fill a void to able to always end up with a fixed length public key) with a special character that encodes the derivation process. We call this the derivation code.

      Example

      For example suppose that the 44 character Base-64 with trailing pad character for the public key is as follows:F5pxRJP6THrUtlDdhh07hJEDKrJxkcR9m5u1xs33bhp=If B is the value of the derivation code then the resultant self-contained string is as follows:BF5pxRJP6THrUtlDdhh07hJEDKrJxkcR9m5u1xs33bhp

      Relation with KERI

      All crypto material appears in KERI in a fully qualified representation. This includes a derivation code prepended to the crypto-material.

      Example KERI derivation codes

      example derivation code in KERI

      Beware

      Key derivation functions are not related to the pre-pended derivation codes used in KERI.

  • derived value

    • digital.govt.nz

      value obtained by reasoning; deduction or inference[Source: expanded Dictionary meaning of derive]
  • designated aliases

    • ToIP (DID:Webs)

      An array of AID controlled identifiers that have been designated by the AID controller to be used as aliases for equivalentId and alsoKnownAs DID document metadata and to foster verification of redirection to different did:webs identifiers. See WebOfTrust glossary for more detail.
    • WebOfTrust

      designated aliases

      Definition

      An AID controller can designate aliases which are AID controlled identifiers such as a did:keri, did:webs, etc. The AID controller issues a designated aliases attestation (no issuee) that lists the identifiers and manages the status through a registry anchored to their KEL. See the designated aliases docs

  • designated authorized representative

    • WebOfTrust

      designated authorized representative

      Definition

      Also 'DAR'. These are representatives of a Legal Entity that are authorized by the Legal Entity to act officially on behalf of the Legal Entity. DARs can authorize:

      1. vLEI Issuer Qualification Program Checklists
      2. execute the vLEI Issuer Qualification Agreement
      3. provide designate/replace Authorized vLEI Representatives (AVRs).

      Paraphrased by @henkvancann from source Draft vLEI Ecosystem Governance Framework Glossary.

  • device controller

  • dictionary

    • ToIP

      A dictionary is a listing of lexemes (words or terms) from the lexicon of one or more specific languages, often arranged alphabetically, which may include information on definitions, usage, etymologies, pronunciations, translation, etc. It is a lexicographical reference that shows inter-relationships among the data. Unlike a glossary, a dictionary may provide multiple definitions of a term depending on its scope or context.

      Source: Wikipedia.

  • diger

    • WebOfTrust

      diger

      Definition

      A primitive that represents a digest. It has the ability to verify that an input hashes to its raw value.
      Source by Jason Colburne

  • digest

    • WebOfTrust

      digest

      Definition

      verifiable cryptographic commitment. It's a collision resistant hash of content.

      From Wikipedia (Source):

      A digest is a cryptographic hash function (CHF) is a mathematical algorithm that maps data of an arbitrary size (often called the "message") to a bit array of a fixed size (the "hash value", "hash", or "message digest"). It is a one-way function, that is, a function for which it is practically infeasible to invert or reverse the computation.[1]

      Digest and ACDCs

      An important property of high-strength cryptographic digests is that a verifiable cryptographic commitment (such as a digital signature) to the digest of some data is equivalent to a commitment to the data itself. Authentic Chained Data Containers (ACDCs) leverage this property to enable compact chains of ACDCs that anchor data via digests. The data contained in an ACDC may therefore be merely its equivalent anchoring digest. The anchored data is thereby equivalently authenticated or authorized by the chain of ACDCs.

  • digital agent

    • ToIP

      In the context of ​​decentralized digital trust infrastructure, an agent (specifically a type of software agent) that operates in conjunction with a digital wallet.

      Note: In a ToIP context, a digital agent is frequently assumed to have privileged access to the digital wallet(s) of its principal. In market parlance, a mobile app that performs the actions of a digital agent is often simply called a wallet or a digital wallet.

  • digital asset

    • ToIP

      A digital asset is anything that exists only in digital form and comes with a distinct usage right. Data that do not possess that right are not considered assets.

      Source: Wikipedia.

      See also: digital credential.

  • digital certificate

  • digital credential

  • digital ecosystem

    • ToIP

      A digital ecosystem is a distributed, adaptive, open socio-technical system with properties of self-organization, scalability and sustainability inspired from natural ecosystems. Digital ecosystem models are informed by knowledge of natural ecosystems, especially for aspects related to competition and collaboration among diverse entities.

      Source: Wikipedia.

      See also: digital trust ecosystem, trust community.

  • digital identity

    • ToIP

      An identity expressed in a digital form for the purpose representing the identified entity within a computer system or digital network.

      Supporting definitions:

      eSSIF-Lab: Digital data that enables a specific entity to be distinguished from all others in a specific context.

      Wikipedia: Digital identity refers to the information utilized by computer systems to represent external entities, including a person, organization, application, or device. When used to describe an individual, it encompasses a person's compiled information and plays a crucial role in automating access to computer-based services, verifying identity online, and enabling computers to mediate relationships between entities.

  • digital rights management

    • ToIP

      Digital rights management (DRM) is the management of legal access to digital content. Various tools or technological protection measures (TPM) like access control technologies, can restrict the use of proprietary hardware and copyrighted works. DRM technologies govern the use, modification and distribution of copyrighted works (e.g. software, multimedia content) and of systems that enforce these policies within devices.

      Source: Wikipedia.

      Also known as: DRM.

  • digital signature

    • ToIP

      A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature, where the prerequisites are satisfied, gives a recipient very high confidence that the message was created by a known sender (authenticity), and that the message was not altered in transit (integrity).

      Source: Wikipedia.

      Supporting definitions:

      NIST-CSRC: The result of a cryptographic transformation of data which, when properly implemented, provides the services of: 1. origin authentication, 2. data integrity, and 3. signer non-repudiation.

    • WebOfTrust

      digital signature

      Definition

      A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature, where the prerequisites are satisfied, gives a recipient very strong reason to believe that the message was created by a known sender (authentication), and that the message was not altered in transit (integrity).

      Electronic signatures

      There are digital signatures and Electronic signatures, the latter are quite different in purpose and practical use.

  • digital trust ecosystem

  • digital trust utility

    • ToIP

      An information system, network, distributed database, or blockchain designed to provide one or more supporting services to higher level components of decentralized digital trust infrastructure. In the ToIP stack, digital trust utilities are at Layer 1. A verifiable data registry is one type of digital trust utility.

  • digital vault

  • digital wallet

  • dip

    • WebOfTrust

      dip

      Definition

      dip = delcept, delegated inception

  • direct mode

    • ToIP (DID:Webs)

      an operational mode of the KERI protocol where a controller and a verifier of an AID exchange the KEL of the AID directly, as defined by the KERI whitepaper. See WebOfTrust glossary for more detail.
    • WebOfTrust

      direct mode

      Definition

      Two primary trust modalities motivated the KERI design, One of these is the direct (one-to-one) mode, in which the identity controller establishes control via verified signatures of the controlling key-pair. The direct mode doesn't use witnesses nor KERLs, but has direct (albeit intermittent) network contact with the validator.

      Operational mode

      To protect a validator when engaging with some other controller’s identifier, be it verification, control authority establishment, or duplicity detection, are based on an ability to replay the sequence of key events (key event history or log) of that identifier. There are two main operational modes for providing replay capability that are distinguished by the degree of availability of the identifier’s controller when creating and promulgating the key events.
      With direct mode, the promulgation of events to a validator does not happen unless the controller is attached to the network and able to communicate directly with a validator.
      Direct mode assumes that the controller may have intermittent network availability, it also assumes that these mechanism may not be trusted in any persistent sense to promulgate key events. Nonetheless, direct mode is important as it is compatible with the use of mobile internet devices such as cell phones. A single direct mode identifier may be re-used in multiple one-to-one relationships as part of a select group.
      More in Source: chapter Protocol Operational Modes in KERI white paper

      Security concerns

      The protocol may operate in two basic modes, called direct and indirect. The availability and consistency attack surfaces are different for the two modes and hence the mitigation properties of the protocol are likewise mode specific.

      Also see

      Indirect mode

  • directed acyclic graph

    • WebOfTrust

      directed acyclic graph

      Definition

      From Wikipedia (source):

      In mathematics, particularly graph theory, and computer science, a directed acyclic graph (DAG /ˈdæɡ/ (listen)) is a directed graph with no directed cycles. That is, it consists of vertices and edges (also called arcs), with each edge directed from one vertex to another.

      A directed acyclic graph (DAG)
      Why a directed acyclic graph (DAG)

      Following directions in a DAG will never form a closed loop. Steps through a DAG are finite. That's the main reason to choose for a DAG.

      Unique properties

      From Wikipedia (source):

      A directed graph is a DAG if and only if it can be topologically ordered, by arranging the vertices as a linear ordering that is consistent with all edge directions.

      Applications

      From Wikipedia (source):

      DAGs have numerous scientific and computational applications, ranging from biology (evolution, family trees, epidemiology) to information science (citation networks) to computation (scheduling).

  • disclosee

    • WebOfTrust

      disclosee

      Definition

      an ACDC in a disclosure is disclosed to the Disclosee

  • discloser

    • WebOfTrust

      discloser

      Definition

      An ACDC in a disclosure is disclosed by the Discloser.

  • discovery

    • WebOfTrust

      discovery

      Definition

      A mechanism that helps systems or devices find each other automatically, often used in networks to identify services or resources. In decentralized identifier systems it helps to locate and verify digital identities without relying on a central authority.

      Related but not the same

      Percolated information discovery

  • distributed hash table

    • WebOfTrust

      distributed hash table

      Definition

      It is a distributed system that provides a lookup service similar to a hash table: key-value pairs are stored in a DHT, and any participating node can efficiently retrieve the value associated with a given key. The main advantage of a DHT is that nodes can be added or removed with minimum work around re-distributing keys. Keys are unique identifiers which map to particular values, which in turn can be anything from addresses, to documents, to arbitrary data.
      (Source: Wikipedia)

  • distributed ledger

    • ToIP

      A distributed ledger (also called a shared ledger or distributed ledger technology or DLT) is the consensus of replicated, shared, and synchronized digital data that is geographically spread (distributed) across many sites, countries, or institutions. In contrast to a centralized database, a distributed ledger does not require a central administrator, and consequently does not have a single (central) point-of-failure. In general, a distributed ledger requires a peer-to-peer (P2P) computer network and consensus algorithms so that the ledger is reliably replicated across distributed computer nodes (servers, clients, etc.). The most common form of distributed ledger technology is the blockchain, which can either be on a public or private network.

      Source: Wikipedia.

  • distributed ledger (DLT)

    • W3C (DID)

      A non-centralized system for recording events. These systems establishsufficient confidence for participants to rely upon the data recorded by othersto make operational decisions. They typically use distributed databases wheredifferent nodes use a consensus protocol to confirm the ordering ofcryptographically signed transactions. The linking of digitally signedtransactions over time often makes the history of the ledger effectivelyimmutable.
  • dnd

    • WebOfTrust

      dnd

      Definition

      Do Not Delegate is a flag / attribute for a AID and this is default set to you can delegate.

      | TBW |

  • domain

  • domain name

    • WebOfTrust

      domain name

      Definition

      A domain name is a string that identifies a realm of administrative autonomy, authority or control within the Internet. Domain names are used in various networking contexts and for application-specific naming and addressing purposes.
      More on Source Wikipedia.

  • double spend proof

    • WebOfTrust

      double spend proof

      Definition

      Total global ordering of transaction so that value can’t be spend twice at the same time from the unit of value. Or in common language: you can't spend your money twice.

      | TBW |

      KERI related

      The most important feature of a cryptocurrency is that it must be double spend proof. Because KERI's key event operations are idempotent they do not need to be double spend proofed, so we can greatly simplify the distributed consensus algorithm in KERI. Which makes KERI relatively more attractive for many applications including IoT applications by comparison.
      As a result of the relaxation of double spend proofing, KERI is able to break the distributed consensus algorithm into two halves and simplify it in the process. The two halves are the promulgation half (by witnesses) and the confirmation half (by valdators).

  • drt

    • WebOfTrust

      drt

      Definition

      drt = deltate, delegated rotation

  • dual indexed codes

    • WebOfTrust

      dual indexed codes

      Definition

      a context-specific coding scheme, for the common use case of thresholded multi-signature schemes in CESR.

      Related to CESR

      One way to compactly associated each signature with its public key is to include in the text code for that signature the index into the ordered set of public keys.A popular signature raw binary size is 64 bytes which has a pad size of 2. This gives two code characters for a compact text code. The first character is the selector and type code. The second character is the Base64 encoded integer index.

      More at source Github Repo Ietf-CESR

  • dual text binary encoding format

    • WebOfTrust

      dual text binary encoding format

      Definition

      An encoding format that allows for both text and binary encoding format, which is fully interchangeable. The composability property enables the round trip conversion en-masse of concatenated primitives between the text domain and binary domain while maintaining the separability of individual primitives.
      Read more in source of Samuel Smith

      Related
  • duplicitous event log

    • WebOfTrust

      duplicitous event log

      Definition

      This is a record of inconsistent event messages produced by a given controller or witness with respect to a given KERL. The duplicitous events are indexed to the corresponding event in a KERL. A duplicitous event is represented by a set of two or more provably mutually inconsistent event messages with respect to a KERL. Each juror keeps a duplicitous event log (DEL) for each controller and all designated witness with respect to a KERL. Any validator may confirm duplicity by examining a DEL.

  • duplicity

    • WebOfTrust

      duplicity

      Duplicity

      Duplicity is used to describe external inconsistency. Publication of two or more versions of a KEL, each of which is internally consistent is duplicity. Given that signatures are non-repudiable any duplicity is detectable and provable given possession of any two mutually inconsistent versions of a KEL. In KERI consistency is is used to described data that is internally consistent and cryptographically verifiably so.

      KERI related

      Duplicity means the existence of more than one version of a verifiable KEL for a given AID. Because every event in a KEL must be signed with non-repudiable signatures any inconsistency between any two instances of the KEL for a given AID is provable evidence of duplicity on the part of the signers with respect to either or both the key-state of that AID and/or any anchored data at a given key-state. A shorter KEL that does not differ in any of its events with respect to another but longer KEL is not duplicitous but merely incomplete. To clarify, duplicity evident means that duplicity is provable via the presentation of a set of two or more mutually inconsistent but independently verifiable instances of a KEL.Source Sam Smith

      Outside world

      In common language 'duplicity' has a slightly different connotation: 'two-facedness', 'dishonesty', 'deceitfulness', 'deviousness,'two-facedness', 'falseness'.

  • duplicity detection

    • WebOfTrust

      duplicity detection

      Definition

      A mechanism to detect duplicity in cryptographically secured event logs.

      KERI related

      Duplicity detection, which protects, not against an external attacker, but against a malicious controller does require access to watchers that are also recording duplicitous events.

  • eIDAS

    • ToIP

      eIDAS (electronic IDentification, Authentication and trust Services) is an EU regulation with the stated purpose of governing "electronic identification and trust services for electronic transactions". It passed in 2014 and its provisions came into effect between 2016-2018.

      Source: Wikipedia.

  • eSSIF-Lab World Model

  • eclipse attack

    • WebOfTrust

      eclipse attack

      Definition

      An eclipse attack is a P2P network-based attack. Eclipse attack can only be performed on nodes that accept incoming connections from other nodes, and not all nodes accept incoming connections.

      In a bitcoin network, by default, there are a maximum of 117 incoming TCP connections and 8 outgoing TCP connections.
      Source

      KERI related

      The only attack on KERI possible is an eclipse attack, so the larger your watcher network reach is the better your protection from this type of attack. The only limitation is a resource constraint.
      Source Samuel Smith / Phil Feairheller

      Working of Eclipse Attack

      Eclipse attacks are possible because nodes within the network are unable to connect with all other nodes and can connect with a limited number of neighboring nodes. This limitation might make it seem convenient for attackers to isolate a node from the rest of the network, but it is not an easy task.
      More at Source GeeksforGeeks

      working of an eclipse attack
  • ecosystem

  • ecosystem governance framework

  • electronic signature

    • WebOfTrust

      electronic signature

      Definition

      An electronic signature, or e-signature, refers to data in electronic form, which is logically associated with other data in electronic form and which is used by the signatory to sign. This type of signature has the same legal standing as a handwritten signature as long as it adheres to the requirements of the specific regulation under which it was created (e.g., eIDAS in the European Union, NIST-DSS in the USA or ZertES in Switzerland).

      Digital signature implementation of e-signatures

      Electronic signatures are a legal concept distinct from digital signatures, a cryptographic mechanism often used to implement electronic signatures. While an electronic signature can be as simple as a name entered in an electronic document, digital signatures are increasingly used in e-commerce and in regulatory filings to implement electronic signatures in a cryptographically protected way.

  • encrypt sender sign receiver

  • encrypted data vault

  • encryption

    • ToIP

      Cryptographic transformation of data (called plaintext) into a form (called ciphertext) that conceals the data’s original meaning to prevent it from being known or used. If the transformation is reversible, the corresponding reversal process is called decryption, which is a transformation that restores encrypted data to its original state.

      Source: NIST-CSRC.

  • end role

    • WebOfTrust

      end role

      Definition

      An end role is an authorization for one AID to serve in a role for another AID.

      For example, declaring that your Agent AID is serving in the role of Agent for your business AIDs.

      Source: Phil Feairheller

  • end to end

    • WebOfTrust

      end to end

      Definition

      Inter-host communication and data flow transformations, considered in motion and at rest.1. E2E Security. Inter-host communication must be end-to-end signed/encrypted and data must be stored signed/encrypted. Data is signed/encrypted in motion and at rest.
      2. E2E Provenance. Data flow transformations must be end-to-end provenanced using verifiable data items (verifiable data chains or VCs). Every change shall be provenanced.

      Paraphrased from source Universal Identifier Theory by Samuel Smith

  • end verifiable

    • WebOfTrust

      end verifiable

      Definition

      When a log is end verifiable, it means that the log may be verified by any end user that receives a copy. No trust in intervening infrastructure is needed to verify the log and validate the content.

  • end-to-end encryption

    • ToIP

      Encryption that is applied to a communication before it is transmitted from the sender’s communication endpoint and cannot be decrypted until after it is received at the receiver’s communication endpoint. When end-to-end encryption is used, the communication cannot be decrypted in transit no matter how many intermediary systems are involved in the routing process.

      Supporting definitions:

      Wikipedia: End-to-end encryption (E2EE) is a private communication system in which only communicating users can participate. As such, no one, including the communication system provider, telecom providers, Internet providers or malicious actors, can access the cryptographic keys needed to converse. End-to-end encryption is intended to prevent data being read or secretly modified, other than by the true sender and recipient(s). The messages are encrypted by the sender but the third party does not have a means to decrypt them, and stores them encrypted. The recipients retrieve the encrypted data and decrypt it themselves.

  • endpoint

  • endpoint system

  • engagement context role

  • enrol ~ment

    • digital.govt.nz

      to become or cause to become a member; enlist; register[Source: Dictionary]
  • enterprise data vault

  • enterprise wallet

  • entity

    • digital.govt.nz

      something that has real or distinct existence from other things[Source: Dictionary]
    • ToIP

      Someone or something that is known to exist.

      Source: eSSIF-Lab.

    • WebOfTrust

      entity

      See

      entity in the #essiflab glossary.

  • entropy

    • WebOfTrust

      entropy

      Definition

      Unpredictable information. Often used as a secret or as input to a key generation algorithm.

      More on Wikipedia

      Entropy

      The term entropy is also used to describe the degree of unpredictability of a message. Entropy is then measured in bits. The degree or strength of randomness determines how difficult it would be for someone else to reproduce the same large random number. This is called collision resistance.

  • ephemeral

    • WebOfTrust

      ephemeral

      Definition

      Lasting for a markedly brief time. Having a short lifespan.
      In the context of identifiers is often referred to as identifiers for one time use; or throw-away identifiers.

  • ephemeral connection

  • escrow

    • WebOfTrust

      escrow

      Definition

      'Escrow' as a noun is a (legal) arrangement in which a third party temporarily holds money or property until a particular condition has been met.

      'Escrow' as a verb: we use it in protocol design to handle out of order events. Store the event and wait for the other stuff to show up and then continue processing of the event. So escrowing is the process of storing this event. We root back to the event later.

  • escrow state

    • WebOfTrust

      escrow state

      Definition

      The current state of all the temporary storage locations (what events are waiting for what other information) that KERI protocol needs to keep track of, due to its fully asynchronous nature.

      Inner-working and motivation

      Since the KERI protocol is fully asynchronous, there is no way to guarantee that events will arrive in order to be processed successfully. This includes things like anchoring events for transaction event logs for credentials (the TEL even could arrive before the anchoring event) and signatures arriving on a multisig event.
      To account for this asynchronous nature, implementations need to "escrow" events (store them temporarily) while waiting for other events or additional signatures to show up. The current state of all the temporary storage locations (what events are waiting for what other information) is called the "escrow state".
      Source: Philip Feairheller

      Beware

      An physical Escrow State that you might know from Real Estate transaction is not at all related to the one we define.

  • establishment event

    • WebOfTrust

      establishment event

      Definition

      A key creation or rotation event that establishes or transfers control authority for an identifier.

      Establishment events indicate which key pairs are authoritative (controlling) for an identifier at a given point in time.

      The subset of a key event log (KEL) that are establishment events are an ordered subsequence of the full KEL.

      For a non-transferable identifier this is one authoritative key pair and it never changes so there will only ever be one establishment event, the inception event.

      For transferable identifiers there can be multiple establishment events which would include the initial rotation event and any subsequent rotation events.

      Source Sam Smith

  • evidence

    • digital.govt.nz

      to give proof of or evidence for[Source: Dictionary]
  • exn

  • exp

    • WebOfTrust

      exp

      Definition

      exp = expose, sealed data exposition

  • expression language

  • extensible business reporting language

    • WebOfTrust

      extensible business reporting language

      Definition

      XBRL is the open international standard for digital business reporting, managed by a global not for profit consortium, XBRL International.

      Practical

      XBRL provides a language in which reporting terms can be authoritatively defined. Those terms can then be used to uniquely represent the contents of financial statements or other kinds of compliance, performance and business reports. XBRL lets reporting information move between organisations rapidly, accurately and digitally.
      Source

      Technical

      XBRL stands for eXtensible Business Reporting Language. It is one of a family of “XML” languages which is becoming a standard means of communicating information between businesses and on the internet.
      Source

  • facilitate~ion

    • digital.govt.nz

      to make easier; assist the progress of[Source: Dictionary]
  • facilitation providerFP

    • digital.govt.nz

      the party accountable for the establishment and functioning of a facilitation mechanism[Source: New definition]Additional note:Note 1: A facilitation mechanism facilitates the presentation of 1 or more Credentials to a Relying Party.
  • federated identity

  • federate~d~ion

    • digital.govt.nz

      united by common agreement under an authority[Source: Dictionary modified to remove central government]
  • federation

  • federation assurance level

  • fiduciary

    • ToIP

      A fiduciary is a person who holds a legal or ethical relationship of trust with one or more other parties (person or group of persons). Typically, a fiduciary prudently takes care of money or other assets for another person. One party, for example, a corporate trust company or the trust department of a bank, acts in a fiduciary capacity to another party, who, for example, has entrusted funds to the fiduciary for safekeeping or investment. In a fiduciary relationship, one person, in a position of vulnerability, justifiably vests confidence, good faith, reliance, and trust in another whose aid, advice, or protection is sought in some matter.

      Source: Wikipedia.

  • field map

    • WebOfTrust

      field map

      Definition

      A traditional key:value pair renamed to avoid confusing with the cryptographic use of the term 'key'.

      To avoid confusion with the cryptographic use of the term key we instead use the term field to refer to a mapping pair and the terms field label and field value for each member of a pair. These pairs can be represented by two tuples e.g (label, value). We qualify this terminology when necessary by using the term field map to reference such a mapping.

      Nested field maps

      Field maps may be nested where a given field value is itself a reference to another field map. We call this nested set of fields a nested field map or simply a nested map for short.

  • first party

  • first seen

    • WebOfTrust

      first seen

      Definition

      A "First seen" event in KERI refers to the first event received by validator such as a witness and that is valid and fits the available tail sequence number in the validator's KEL, and therefore is accepted into the validator's KEL. This rule has no effect on the timing of what has arrived in escrow for example; in escrow there can be garbage. Assuming a watched set of validators agree on the first-seen events and thus also agree on the KELs, the watchers of those validators will propagate only those first-seen events within microseconds.

      The rule

      From the perspective of a validator, the rule is "First seen, always seen, never unseen".

      Key Compromise, Duplicity, and Recovery

      Different validators might have a different first-seen number for the same originating transaction event. In the case of duplicitous (inconsistent) interaction events originating from the controller (of the current signing key(s)), which might not be discovered until after a key rotation, a recovery process involving judges and jury may be triggered. More here. Validators will not provide an outdated KEL or Event once an erroneous KEL has been corrected.

  • foreign function interface

  • forgery

    • digital.govt.nz

      the act of reproducing something for a deceitful or fraudulent purpose[Source: Dictionary]
  • foundational identity

  • fourth party

  • frame code

  • full disclosure

    • WebOfTrust

      full disclosure

      Definition

      A disclosure of data in all its details.

      When used in the context of selective disclosure, full disclosure means detailed disclosure of the selectively disclosed attributes not detailed disclosure of all selectively disclosable attributes. Whereas when used in the context of partial disclosure, full disclosure means detailed disclosure of the field map that was so far only partially disclosed.

  • fully compact

    • WebOfTrust

      fully compact

      definition

      The most compact form of an ACDC. This is the only signed variant of an ACDC and this signature is anchored in a transaction event log (TEL) for the ACDC.This is one valid choice for an ACDC schema.
      This form is part of the graduated disclosure mechanism in ACDCs.

      Anchoring to the TEL

      The extra a fully compact version has to offer over a most compact version is the anchoring to the Tranaction event log. Here were various proofs (hashes) can be "stored" which are optional in all kind of ACDC variants.

      See

      Fully (expanded) version of an ACDC
      Most compact version of an ACDC.

      Analogy

      A fully compact ACDC is like the core of an onion and the fully expanded ACDC is like rest of the outer layers of the onion. Turn this onion inside-out: you only need to sign the core (most compact), and then the whole onion (expanded version) would verify. The complete (expanded) onion is the most user friendly information bulb you can get, and you don't need to peel off all the rings of the onion to securely attribute all the information to the controller of the SAID that signed the core.

      You can present any version of the onion you like: only the core, one partially stripped back, one layer at a time, or the whole thing (fully expanded). This illustrates part of the rational for why ACDCs matter. They offer a layered, graduated disclosure mechanism of verifiable credentials never seen before in the SSI field.

  • fully expanded

    • WebOfTrust

      fully expanded

      Definition

      The most user-friendly version of an ACDC credential. It doesn't need to be signed and typically is not signed since the most compact version which is signed can be computed from this form and then the signature can be looked up in the transaction event log of the ACDC in question.

      Regarding the graduated disclosure objective this form is the one with the highest amount of disclosure for a given node of an ACDC graph.

      See also

      Fully compact(ed) version of an ACDC
      Most compact version of an ACDC.

  • functional identity

  • gateway

    • ToIP

      A gateway is a piece of networking hardware or software used in telecommunications networks that allows data to flow from one discrete network to another. Gateways are distinct from routers or switches in that they communicate using more than one protocol to connect multiple networks[1][2] and can operate at any of the seven layers of the open systems interconnection model (OSI).

      See also: intermediary.

      Source: Wikipedia.

  • ghost credential

    • WebOfTrust

      ghost credential

      Definition

      Is a valid credential within in a 90 days grace period (the revocation transaction time frame before it's booked to revocation registry). | TBW prio 3 |

      Design

      When a relationship needs to be terminated with a QVI and the QVI has not revoked their credentials (yet) then those credentials become ghost credentials.

  • gleif authorized representative

  • glossary

    • ToIP

      A glossary (from Ancient Greek: γλῶσσα, glossa; language, speech, wording), also known as a vocabulary or clavis, is an alphabetical list of terms in a particular domain of knowledge (scope) together with the definitions for those terms. Unlike a dictionary, a glossary has only one definition for each term.

      Source: Wikipedia.

  • gnu privacy guard

    • WebOfTrust

      gnu privacy guard

      Definition

      also GnuPG; is a free-software replacement for Symantec's PGP cryptographic software suite. It is compliant with RFC 4880, the IETF standards-track specification of OpenPGP. Modern versions of PGP are interoperable with GnuPG and other OpenPGP-compliant systems.
      More on wikipedia
      See more about the closely related and often-confusing term PGP.

  • governance

    • ToIP

      The act or process of governing or overseeing the realization of (the results associated with) a set of objectives by the owner of these objectives, in order to ensure they will be fit for the purposes that this owner intends to use them for.

      Source: eSSIF-Lab.

  • governance diamond

  • governance document

  • governance framework

    • ToIP

      A collection of one or more governance documents published by the governing body of a trust community.

      Also known as: trust framework.

      Note: In the digital identity industry specifically, a governance framework is better known as a trust framework. ToIP-conformant governance frameworks conform to the ToIP Governance Architecture Specification and follow the ToIP Governance Metamodel.

    • WebOfTrust

      governance framework

      Definition

      Also called 'Governance structure'. Governance frameworks are the structure of a government and reflect the interrelated relationships, factors, and other influences upon the institution. Governance frameworks structure and delineate power and the governing or management roles in an organization. They also set rules, procedures, and other informational guidelines.
      More in source Wikipedia.

      Related to GLEIF and vLEI

      In addition, governance frameworks define, guide, and provide for enforcement of these processes. These frameworks are shaped by the goals, strategic mandates, financial incentives, and established power structures and processes of the organization.

      Within GLEIF context, governance frameworks manifest in a document that details the requirements for vLEI credentials.

  • governance graph

  • governance requirement

  • governed information

  • governed party

  • governed use case

  • governing authority

  • governing body

  • graduated disclosure

    • WebOfTrust

      graduated disclosure

      Definition

      Lifting confidentiality step by step: Selectively disclosing more data as time and/or necessity progresses, offering backwards verifiability of earlier issued cryptographic proofs.

      Example

      You proof your insurance policy without disclosing details, before enjoying extreme sports. Only when something goes wrong, e.g. 1 in a 100, you disclose the data. This way confidentiality is kept in 99% of the cases.

      KERI specific

      Disclosure performed by a presentation exchange that has cross-variant (see compact variant) Issuer commitment verifiability as an essential property. It supports graduated disclosure by the Disclosee of any or all variants wether it be full, compact, metadata, partial, selective, bulk issued, or contractually protected.
      Paraphrased by @henkvancann based on source

      Reuse

      The SAID of a given variant is useful even when it is not the SAID of the variant the Issuer signed because during graduated disclosure the Discloser MAY choose to sign that given variant to fulfil a given step in an IPEX graduated disclosure transaction.

      Rule

      The disclosure performed by a presentation exchange MAY be graduated and MAY be contractually protected.

      Related terms

      | TBW | check prio 1

  • graph fragment

    • WebOfTrust

      graph fragment

      Definition

      An ACDC is a verifiable data structure and part of a graph, consisting of a node property and one or two edge proporties.

  • group code

  • group framing code

    • WebOfTrust

      group framing code

      Definition

      special framing codes can be specified to support groups of primitives in CESR. Grouping enables pipelining. Other suitable terms for these special framing codes are group codes or count codes for short. These are suitable terms because these framing codes can be used to count characters, primitives in a group, or groups of primitives in a larger group when parsing and off-loading a stream of CESR primitives.\
      Source

      Composability property

      One of the primary advantages of composable encoding is that we can use special framing code to support the above mentioned grouping.

  • guardian

  • guardianship arrangement

  • guardianship credential

  • hab

    • WebOfTrust

      hab

      Definition

      A Hab is a keystore for one identifier. The Python implementation in KERIpy, also used by KERIA uses LMDB to store key material and all other data.

      Many Habs are included within and managed by a Habery.

  • habery

    • WebOfTrust

      habery

      Definition

      'Hab' comes from ‘Habitat’. It’s a place where multi-sigs and AIDs are linked. Habery manages a collection of Habs. A Hab is a datastructure (a Python object).

      | TBW |-prio2

      Beware

      The only hit (2022) in a Google search pointing to a github site 'habery DOT github DOT io' is NOT related.

  • hardware security module

    • ToIP

      A physical computing device that provides tamper-evident and intrusion-resistant safeguarding and management of digital keys and other secrets, as well as crypto-processing.

      Source: NIST-CSRC.

      Also known as: HSM.

      Supporting definitions:

      NIST-CSRC: A physical computing device that provides tamper-evident and intrusion-resistant safeguarding and management of digital keys and other secrets, as well as crypto-processing. FIPS 140-2 specifies requirements for HSMs.

      Wikipedia: A physical computing device that safeguards and manages secrets (most importantly digital keys), performs encryption and decryption functions for digital signatures, strong authentication and other cryptographic functions. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server. A hardware security module contains one or more secure cryptoprocessor chips.

    • WebOfTrust

      hardware security module

      Definition

      A HSM is a physical computing device that safeguards and manages secrets (most importantly digital keys), performs encryption and decryption functions for digital signatures, strong authentication and other cryptographic functions.
      More in source Wikipedia

  • hash

  • hash function

    • ToIP

      An algorithm that computes a numerical value (called the hash value) on a data file or electronic message that is used to represent that file or message, and depends on the entire contents of the file or message. A hash function can be considered to be a fingerprint of the file or message. Approved hash functions satisfy the following properties: one-way (it is computationally infeasible to find any input that maps to any pre-specified output); and collision resistant (it is computationally infeasible to find any two distinct inputs that map to the same output).

      Source: NIST-CSRC.

  • hierarchical asynchronous coroutines and input output

    • WebOfTrust

      hierarchical asynchronous coroutines and input output

      Definition

      HIO is an acronym which stands for 'Weightless hierarchical asynchronous coroutines and I/O in Python'.

      It's Rich Flow Based Programming Hierarchical Structured Concurrency with Asynchronous IO. That mouthful of terms has been explained further on Github.

      HIO builds on very early work on hierarchical structured concurrency with lifecycle contexts from ioflo, ioflo github, and ioflo manuals.

      More info on Github

      Repo ioflo hio

  • hierarchical composition

    • WebOfTrust

      hierarchical composition

      Definition

      Encoding protocol that is composable in a hierarchy and enables pipelining (multiplexing and de-multiplexing) of complex streams in either text or compact binary. This allows management at scale for high-bandwidth applications.

      Example

      | TBW prio2 |

      CESR related

      Because of count codes and the composability - and concatenation property in CESR, pipelining is possible, which then uses multiplexing (combining self-framing primitives) and de-multiplexing (unravelling self-framing primitives).

  • hierchical deterministic keys

    • WebOfTrust

      hierchical deterministic keys

      Definition

      A HDK type is a type of deterministic bitcoin wallet derived from a known seed, that allow for the creation of child keys from the parent key. Because the child key is generated from a known seed there is a relationship between the child and parent keys that is invisible to anyone without that seed. The HD protocol (BIP 32) can generate a near infinite number of child keys from a deterministically-generated seed (chain code) from its parent, providing the functionality of being able to recreate those exact same child keys as long as you have the seed.
      More at W3 source

  • hio

    • WebOfTrust

      hio

      Definition

      Weightless hierarchical asynchronous coroutines and I/O in Python.
      Rich Flow Based Programming Hierarchical Structured Concurrency with Asynchronous IO.

      More on Github

      This very technical topic can best be studied further at the Github Repository

      Relation to KERI

      Choosing HIO complies with the asynchronous nature of KERI, the minimal sufficient means design principle of KERI and the leading KERIpy implementation.

  • holder (of a claim or credential)