Attribute Attestation

From MgmtWiki
Jump to: navigation, search

Full Title or Meme

A data construct designed to carry information about a small number of a subject's Attributes while not resulting in the identification of that subject. An example Attribute would be the age of the holder of a certificate with that attribute.

Context

  • NIST IR 8480 (Initial Public Draft) Attribute Validation Services for Identity Management: Architecture, Security, Privacy, and Operational Considerations 2024-10-07
  • The qualified Electronic Attribute Attestations (qEAAs) were introduced in eIDAS2[1] for use with the EUDI Wallet. Hence, Article 24 in eIDAS2 has been updated to allow for QTSPs to issue qualified Electronic Attribute Attestations (qEAAs) as well as Qualified Certificates. Furthermore, eIDAS2 Article 24.1a has been updated with respect to identification for issuance of qEEAs and Qualified Certificates: “by means of a notified electronic identification means which meets the requirements set out in Article 8 with regard to the assurance levels ‘substantial’ or ‘high’;” Another change to the eIDAS2 regulation with regards to QTSPs is that the proposed EU NIS2 directive will shift some of the auditing and reporting requirements to the supervisory bodies.

References

  1. European Commission. Proposal for a Regulation of the European Parliament and of the Council amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity 2021-06. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52021PC0281