Skip to content

Commit 5e22ea5

Browse files
mspornymsporny
committed
Include terminology section inline.
1 parent 01acc0a commit 5e22ea5

File tree

1 file changed

+213
-1
lines changed

1 file changed

+213
-1
lines changed

index.html

+213-1
Original file line numberDiff line numberDiff line change
@@ -640,7 +640,219 @@ <h3>Use Cases and Requirements</h3>
640640
<section class="normative">
641641
<h2>Terminology</h2>
642642

643-
<div data-include="./terms.html"></div>
643+
<p>
644+
The following terms are used to describe concepts in this specification.
645+
</p>
646+
647+
<dl class="termlist definitions">
648+
<dt><dfn data-lt="claims">claim</dfn></dt>
649+
<dd>
650+
An assertion made about a <a>subject</a>.
651+
</dd>
652+
<dt><dfn data-lt="credential|credentials">credential</dfn></dt>
653+
<dd>
654+
A set of one or more <a>claims</a> made by an <a>issuer</a>. The <a>claims</a>
655+
in a credential can be about different <a>subjects</a>. The definition of
656+
credential used in this specification differs from,
657+
<a href="https://csrc.nist.gov/glossary/term/credential">NIST's definitions of
658+
credential</a>.
659+
</dd>
660+
<dt><dfn>data minimization</dfn></dt>
661+
<dd>
662+
The act of limiting the amount of shared data strictly to the minimum
663+
necessary to successfully accomplish a task or goal.
664+
</dd>
665+
<dt><dfn data-lt="decentralized identifiers|DID|DIDs">decentralized identifier</dfn></dt>
666+
<dd>
667+
A portable URL-based identifier, also known as a <strong><em>DID</em></strong>,
668+
associated with an <a>entity</a>. These identifiers are most often used in a
669+
<a>verifiable credential</a> and are associated with <a>subjects</a> such that a
670+
<a>verifiable credential</a> itself can be easily ported from one
671+
<a>repository</a> to another without the need to reissue the <a>credential</a>.
672+
An example of a DID is `did:example:123456abcdef`.
673+
</dd>
674+
<dt><dfn class="lint-ignore" data-lt="decentralized identifier documents|DID document|DID documents">decentralized identifier document</dfn></dt>
675+
<dd>
676+
Also referred to as a <strong><em>DID document</em></strong>, this is a document
677+
that is accessible using a <a>verifiable data registry</a> and contains
678+
information related to a specific <a>decentralized identifier</a>, such as the
679+
associated <a>repository</a> and public key information.
680+
</dd>
681+
<dt><dfn data-lt="default graph">default graph</dfn></dt>
682+
<dd>
683+
The <a>graph</a> containing all <a>claims</a> that are not explicitly part of
684+
a <a>named graph</a>.
685+
</dd>
686+
<dt><dfn data-lt="predicates|derived predicates">derived predicate</dfn></dt>
687+
<dd>
688+
A verifiable, boolean assertion about the value of another attribute in a
689+
<a>verifiable credential</a>. These are useful in zero-knowledge-proof-style
690+
<a>verifiable presentations</a> because they can limit information disclosure.
691+
For example, if a <a>verifiable credential</a> contains an attribute for
692+
expressing a specific height in centimeters, a derived predicate might reference
693+
the height attribute in the <a>verifiable credential</a> demonstrating that the
694+
<a>issuer</a> attests to a height value meeting the minimum height requirement,
695+
without actually disclosing the specific height value. For example, the
696+
<a>subject</a> is taller than 150 centimeters.
697+
</dd>
698+
<dt><dfn class="lint-ignore">digital signature</dfn></dt>
699+
<dd>
700+
A mathematical scheme for demonstrating the authenticity of a digital message.
701+
</dd>
702+
<dt><dfn data-lt="entities|entity's">entity</dfn></dt>
703+
<dd>
704+
Anything that can be referenced in statements as an abstract or concrete noun.
705+
Entities include but are not limited to people, organizations, physical things,
706+
documents, abstract concepts, fictional characters, and arbitrary text. Any
707+
entity might perform roles in the ecosystem, if it is capable of doing so. Note
708+
that some entities fundamentally cannot take actions, e.g., the string "abc"
709+
cannot issue credentials.
710+
</dd>
711+
<dt><dfn data-lt="graphs">graph</dfn></dt>
712+
<dd>
713+
A set of claims, forming a network of information composed of <a>subjects</a>
714+
and their relationship to other <a>subjects</a> or data. Each <a>claim</a> is
715+
part of a graph; this is either explicit in the case of <a>named graphs</a>, or
716+
implicit for the <a>default graph</a>.
717+
</dd>
718+
<dt><dfn data-lt="holders|holder's|holders'">holder</dfn></dt>
719+
<dd>
720+
A role an <a>entity</a> might perform by possessing one or more
721+
<a>verifiable credentials</a> and generating <a>verifiable presentations</a>
722+
from them. A holder is often, but not always, a <a>subject</a> of the
723+
<a>verifiable credentials</a> they are holding. Holders store their
724+
<a>credentials</a> in <a>credential repositories</a>.
725+
</dd>
726+
<dt><dfn class="lint-ignore"
727+
data-lt="identities|identity's">identity</dfn></dt>
728+
<dd>
729+
The means for keeping track of <a>entities</a> across contexts. Digital
730+
identities enable tracking and customization of <a>entity</a> interactions
731+
across digital contexts, typically using identifiers and attributes. Unintended
732+
distribution or use of identity information can compromise privacy. Collection
733+
and use of such information should follow the principle of
734+
<a>data minimization</a>.
735+
</dd>
736+
<dt><dfn data-lt="identity providers|idp">identity provider</dfn></dt>
737+
<dd>
738+
An identity provider, sometimes abbreviated as <em>IdP</em>, is a system for
739+
creating, maintaining, and managing identity information for <a>holders</a>,
740+
while providing authentication services to <a>relying party</a> applications
741+
within a federation or distributed network. In this case the <a>holder</a> is
742+
always the <a>subject</a>. Even if the <a>verifiable credentials</a> are bearer
743+
<a>credentials</a>, it is assumed the <a>verifiable credentials</a> remain with
744+
the <a>subject</a>, and if they are not, they were stolen by an attacker. This
745+
specification does not use this term unless comparing or mapping the concepts in
746+
this document to other specifications. This specification decouples the
747+
<a>identity provider</a> concept into two distinct concepts: the <a>issuer</a>
748+
and the <a>holder</a>.
749+
</dd>
750+
<dt><dfn data-lt="issuers|issuer's">issuer</dfn></dt>
751+
<dd>
752+
A role an <a>entity</a> can perform by asserting <a>claims</a> about one or
753+
more <a>subjects</a>, creating a <a>verifiable credential</a> from these
754+
<a>claims</a>, and transmitting the <a>verifiable credential</a> to a
755+
<a>holder</a>.
756+
</dd>
757+
<dt><dfn data-lt="named graphs">named graph</dfn></dt>
758+
<dd>
759+
A <a>graph</a> associated with specific properties, such as
760+
`verifiableCredential`. These properties
761+
result in separate <a>graphs</a> that contain all <a>claims</a> defined in the
762+
corresponding JSON objects.
763+
</dd>
764+
<dt><dfn data-lt="presentation|presentations">presentation</dfn></dt>
765+
<dd>
766+
Data derived from one or more <a>verifiable credentials</a>, issued by one or
767+
more <a>issuers</a>, that is shared with a specific <a>verifier</a>.
768+
</dd>
769+
<dt><dfn data-lt="credential repository|credential repositories|repositories">repository</dfn></dt>
770+
<dd>
771+
A program, such as a storage vault or personal <a>verifiable credential</a>
772+
wallet, that stores and protects access to <a>holders'</a>
773+
<a>verifiable credentials</a>.
774+
</dd>
775+
<dt><dfn>selective disclosure</dfn></dt>
776+
<dd>
777+
The ability of a <a>holder</a> to make fine-grained decisions about what
778+
information to share.
779+
</dd>
780+
<dt><dfn data-lt="subjects|subject's">subject</dfn></dt>
781+
<dd>
782+
A thing about which <a>claims</a> are made.
783+
</dd>
784+
<dt><dfn class="lint-ignore">user agent</dfn></dt>
785+
<dd>
786+
A program, such as a browser or other Web client, that mediates the
787+
communication between <a>holders</a>, <a>issuers</a>, and <a>verifiers</a>.
788+
</dd>
789+
<dt><dfn data-lt="claim validation">validation</dfn></dt>
790+
<dd>
791+
The assurance that a <a>claim</a> from a specific <a>issuer</a> satisfies the
792+
business requirements of a <a>verifier</a> for a particular use. This
793+
specification defines how verifiers verify <a>verifiable credentials</a> and
794+
<a>verifiable presentations</a>.<br/>
795+
It also specifies that <a>verifiers</a> validate claims in <a>verifiable
796+
credentials</a> before relying on them. However, the means for such validation
797+
vary widely and are outside the scope of this specification. It is expected
798+
that <a>verifiers</a> will trust certain <a>issuers</a> for certain claims and
799+
apply their own rules to determine which claims in which <a>credentials</a>
800+
are suitable for use by their systems.
801+
</dd>
802+
<dt><dfn data-lt="verifiable credential|verifiable credentials|vc|vcs">verifiable credential</dfn></dt>
803+
<dd>
804+
A verifiable credential is a tamper-evident credential that has authorship that
805+
can be cryptographically verified. Verifiable credentials can be used to build
806+
<a>verifiable presentations</a>, which can also be cryptographically verified.
807+
</dd>
808+
<dt><dfn data-lt="verifiable data registries">verifiable data registry</dfn></dt>
809+
<dd>
810+
A role a system might perform by mediating the creation and <a>verification</a>
811+
of identifiers, keys, and other relevant data, such as
812+
<a>verifiable credential</a> schemas, revocation registries, issuer public keys,
813+
and so on, which might be required to use <a>verifiable credentials</a>. Some
814+
configurations might require correlatable identifiers for <a>subjects</a>. Some
815+
registries, such as ones for UUIDs and public keys, might just act as namespaces
816+
for identifiers.
817+
</dd>
818+
<dt><dfn data-lt="verifiable presentation|verifiable presentations|vp|vps">verifiable presentation</dfn></dt>
819+
<dd>
820+
A verifiable presentation is a tamper-evident presentation encoded in such a way
821+
that authorship of the data can be trusted after a process of cryptographic
822+
verification. Certain types of verifiable presentations might contain data that
823+
is synthesized from, but do not contain, the original <a>verifiable
824+
credentials</a> (for example, zero-knowledge proofs).
825+
</dd>
826+
<dt><dfn data-lt="verify|verified|verifying|verifiable|verifiability">verification</dfn></dt>
827+
<dd>
828+
The evaluation of whether a <a>verifiable credential</a> or <a>verifiable
829+
presentation</a> is an authentic and current statement of the issuer or
830+
presenter, respectively. This includes checking that: the credential (or
831+
presentation) conforms to the specification; the proof method is satisfied; and,
832+
if present, the status check succeeds. Verification of a credential does not
833+
imply evaluation of the truth of <a>claims</a> encoded in the credential.
834+
</dd>
835+
<dt><dfn data-lt="verifier|verifiers|verifier's|credential verifiers|credential verifier's">verifier</dfn></dt>
836+
<dd>
837+
A role an <a>entity</a> performs by receiving one or more
838+
<a>verifiable credentials</a>, optionally inside a
839+
<a>verifiable presentation</a> for processing. Other specifications might refer
840+
to this concept as a <dfn data-lt="relying parties">relying party</dfn>.
841+
</dd>
842+
<dt><dfn data-lt="verification material">verification material</dfn></dt>
843+
<dd>
844+
Information that could be a cryptographic public key or any other data used to
845+
verify a proof.
846+
</dd>
847+
<dt><dfn data-lt="URL|URLs">URL</dfn></dt>
848+
<dd>
849+
A Uniform Resource Locator, as defined by [[URL]]. URLs can be dereferenced such
850+
that they result in a resource, such as a document. The rules for dereferencing,
851+
or fetching, a URL are defined by the URL [=url/scheme=]. This specification
852+
does not use the term URI or IRI because those terms have been deemed to be
853+
confusing to Web developers.
854+
</dd>
855+
</dl>
644856
</section>
645857

646858
<section class="informative">

0 commit comments

Comments
 (0)