You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- For QEAA Providers, no checking of entitlement (apart from the fact that they
2594
-
are a QEAA) is necessary, since QEAA Providers are trusted by other actors in
2595
-
the EUDI Wallet ecosystem to not fraudulently issue attestations that they are
2596
-
not legally entitlement to issue. This trust is warranted since QEAA Providers
2597
-
operate within a regulated framework and are regularly audited.
2598
-
- For PuB-EAA Providers, checking of entitlement may be necessary, since the
2599
-
legal and regulatory framework within which they operate is different from that
2600
-
of QEAAs. To verify the entitlements of an PuB-EAA Provider it is interacting
2601
-
with, a Wallet Unit or Relying Party can query the registry of the Registrar
2602
-
mentioned in the access certificate of the PuB-EAA Provider.
2603
-
- For non-qualified EAA Providers, checking of entitlement is necessary, since
2604
-
they are unregulated and may not be completely trustworthy. Without additional
2605
-
measures, a fraudulent EAA Provider may be able to issue types of QEAAs,
2606
-
PuB-EAAs or EAAs that it is not legally entitled to issue. To prevent this, a
2607
-
Wallet Unit or Relying Party may query the applicable register, as described in
2608
-
the previous bullet. In addition, the applicable Rulebook (see [Topic 12](./annexes/annex-2/annex-2-high-level-requirements.md#a2312-topic-12---attestation-rulebooks))
2609
2590
- For PID Providers, their entitlement to issue PIDs follows already from the
2610
2591
fact that their trust anchors are included in the PID Provider Trusted List; see
0 commit comments