Glossary¶

This page defines the key terms used throughout this documentation.

General Terms¶

Term	Definition
DIP	Digital Identity Provider - the identity verification service
RP	Relying Party - your application that integrates with DIP
End User	The person whose identity is being verified

Term	Definition
OIDC	OpenID Connect - an identity layer on top of OAuth 2.0
OIDC4IA	OpenID Connect for Identity Assurance - extension for verified identity claims
FAPI 2.0	Financial-grade API 2.0 - a security profile for high-security OAuth implementations
PAR	Pushed Authorization Request - a secure way to submit authorization parameters
PKCE	Proof Key for Code Exchange - protects against authorization code interception

Term	Definition
Client Assertion	A signed JWT that authenticates your application to DIP
Request Object	A signed JWT containing authorization parameters
JWKS	JSON Web Key Set - a collection of public keys in JSON format
JWK	JSON Web Key - a single public key in JSON format
JWE	JSON Web Encryption - encrypted JWT format
JWT	JSON Web Token - a compact, URL-safe token format

Term	Definition
State	A random value used to prevent CSRF attacks
Nonce	A random value used to prevent replay attacks
Code Verifier	A random string used in PKCE
Code Challenge	A hashed version of the code verifier

Term	Definition
Verified Claims	Identity claims that have been verified through the verification process
Trust Framework	The set of rules and standards used for identity verification (`stoe` or `stoe_etsi`)
Evidence	Information about how identity was verified (e.g., document scan)
Claims	Individual pieces of identity information (e.g., `given_name`, `birthdate`)

Algorithm	Description
ES256	ECDSA using P-256 curve and SHA-256
PS256	RSASSA-PSS using SHA-256
EdDSA	Edwards-curve Digital Signature Algorithm (Ed25519)

Type	Description
passport	National passport
idcard	National ID card