Difference between revisions of "Attribute Attestation"

From MgmtWiki
Jump to: navigation, search
(Full Title or Meme)
(Context)
Line 3: Line 3:
  
 
==Context==
 
==Context==
The qualified Electronic Attribute Attestations (qEAAs) were introduced in eIDAS2<ref>European Commission. ''Proposal for a Regulation of the European Parliament and of the Council amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity''  2021-06. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52021PC0281</ref> for use with the EUDI Wallet.  
+
* [https://csrc.nist.gov/pubs/ir/8480/ipd NIST IR 8480 (Initial Public Draft) Attribute Validation Services for Identity Management: Architecture, Security, Privacy, and Operational Considerations] 2024-10-07
 +
* The qualified Electronic Attribute Attestations (qEAAs) were introduced in eIDAS2<ref>European Commission. ''Proposal for a Regulation of the European Parliament and of the Council amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity''  2021-06. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52021PC0281</ref> for use with the EUDI Wallet.  
 
Hence, Article 24 in eIDAS2 has been updated to allow for QTSPs to issue qualified Electronic Attribute Attestations  
 
Hence, Article 24 in eIDAS2 has been updated to allow for QTSPs to issue qualified Electronic Attribute Attestations  
 
(qEAAs) as well as Qualified Certificates.
 
(qEAAs) as well as Qualified Certificates.

Revision as of 10:28, 12 November 2024

Full Title or Meme

A data construct designed to carry information about a small number of a subject's Attributes while not resulting in the identification of that subject. An example Attribute would be the age of the holder of a certificate with that attribute.

Context

Hence, Article 24 in eIDAS2 has been updated to allow for QTSPs to issue qualified Electronic Attribute Attestations (qEAAs) as well as Qualified Certificates. Furthermore, eIDAS2 Article 24.1a has been updated with respect to identification for issuance of qEEAs and Qualified Certificates: “by means of a notified electronic identification means which meets the requirements set out in Article 8 with regard to the assurance levels ‘substantial’ or ‘high’;” Another change to the eIDAS2 regulation with regards to QTSPs is that the proposed EU NIS2 directive will shift some of the auditing and reporting requirements to the supervisory bodies.

References

  1. European Commission. Proposal for a Regulation of the European Parliament and of the Council amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity 2021-06. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52021PC0281