Release/1.6.0 (#421)

Added results of "Topic A - Privacy risks and mitigation"
Added results of "Topic B - Re-issuance and batch issuance of PIDs and Attestations"
Editorial changes and fixing typos.

.gitignore

@@ -8,3 +8,4 @@ docs/arf.html
 docs/arf.jpeg
 docs/arf.pdf
 docs/arf.png
+.vscode

.vscode/settings.json

@@ -0,0 +1,47 @@
+{
+    "cSpell.words": [
+        "AHWG",
+        "biometrically",
+        "Birkholz",
+        "Bradner",
+        "Caceres",
+        "Cappalli",
+        "CBOR",
+        "centricity",
+        "Chokhani",
+        "comitology",
+        "COMMISSION",
+        "CTAP",
+        "deepfake",
+        "DPIA",
+        "ECCG",
+        "EDICG",
+        "EHIC",
+        "ENISA",
+        "EUCC",
+        "EUCS",
+        "EUDI",
+        "FITCEM",
+        "GSMA",
+        "HAIP",
+        "IDAS",
+        "Klyne",
+        "Kooper",
+        "linkabilitty",
+        "Lodderstedt",
+        "OMAPI",
+        "QEAA",
+        "QESRC",
+        "QSCD",
+        "QTSP",
+        "Rulebook",
+        "Sporny",
+        "Terbu",
+        "UICC",
+        "UICCs",
+        "unlinkability",
+        "VCDM",
+        "WSCA",
+        "WSCD"
+    ]
+}

CHANGELOG

@@ -5,24 +5,33 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semverdoc.org/).
 
-## [1.0.0] - 2023-02-10
+## [1.6.0] - 2025-03-03
 
-Initial release.
+Added results of "Topic A - Privacy risks and mitigation"
+Added results of "Topic B - Re-issuance and batch issuance of PIDs and Attestations"
+Editorial changes and fixing typos.
 
-## [1.4.0] - 2024-05-20
+## [1.5.1] - 2025-02-10
 
-The Annex structure has been updated. Each Annex is now located in a separate folder.
+Editorial changes and fixing typos.
 
-## [1.4.1] - 2024-09-11
+## [1.5.0] - 2025-02-04
 
-Editorial corrections.  
+This version of the ARF is aligned with the adopted Implementing Acts, covering
+articles 5a and 5c of the eIDAS Regulation.
 
-## [1.5.0] - 2025-02-04
+This version of the ARF also includes changes in response to comments provided
+on Github and by other stakeholders. Over more than 275 comments lead to changes
+in the ARF.
 
-The ARF is aligned with the adopted Implementing Acts, covering articles 5a and 5c of the eIDAS Regulation.
+## [1.4.1] - 2024-09-11
 
-The ARF also includes changes in response to comments provided on Github and by other stakeholders. Over more than 275 comments lead to changes in the ARF.
+Editorial corrections.
 
-## [1.5.1] - 2025-02-10
+## [1.4.0] - 2024-05-20
 
-Editorial changes and fixing typos.
+The Annex structure has been updated. Each Annex is now located in a separate folder.
+
+## [1.0.0] - 2023-02-10
+
+Initial release.

Makefile

@@ -26,7 +26,7 @@ SOURCE_DOCS    := $(MAIN_DOC) $(ANNEXES_DOCS)
 # Directories and Build Information
 BUILD_DIR      := ./build
 SITE_DIR       := ./site
-VERSION        := 1.5.1
+VERSION        := 1.6.0
 BUILD          := $(shell date +%Y%m%d.%H%M%S)
 
 # Pandoc configuration
@@ -101,4 +101,3 @@ zip-pdfs: copy-pdfs
 clean:
 	@echo "Cleaning build and site directories..."
 	-$(RM) -rf $(BUILD_DIR) $(SITE_DIR)
-

docs/annexes/annex-1/annex-1-definitions.md

@@ -6,17 +6,28 @@ subtitle: "Architecture and Reference Framework Annex 1 - Definitions"
 
 ## A.1 Introduction
 
-In the Architecture Reference Framework (ARF), v1.5.0, many terms are used that need a precise definition. This Annex to ARF 1.5.0 contains the definitions of these terms. In fact, there are three sources for these definitions:
+In the Architecture Reference Framework (ARF) many terms are used that need a
+precise definition. This Annex contains the definitions of these terms.
 
-- In the first place, the [European Digital Identity Regulation] defines several of these terms. For
-convenience, these definitions are listed in [Table 1](#a11-table-1---eidas-regulation-definitions).
-- Secondly, the adopted Commission Implementing Regulations [CIR 2024/2977](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32024R2977), [CIR 2024/2979](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L_202402979), [CIR 2024/2980](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L_202402980), [CIR 2024/2981](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L_202402981), and [CIR 2024/2982](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L_202402982) also contain a list of definitions. Again for convenience, these definitions are included in [Table 2]
-- Thirdly, in writing the ARF, additional technical terms and corresponding definitions are
-used. These are listed in [Table 3](#a12-table-2----additional-definitions-used-in-this-arf).
+In fact, there are three sources for these definitions:
+
+- In the first place, the [European Digital Identity Regulation] defines several
+of these terms. Forconvenience, these definitions are listed in [Section A.2](#a2-definitions-from-the-european-digital-identity-regulation).
+- Secondly, the adopted Commission Implementing Regulations [CIR
+2024/2977](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32024R2977),
+[CIR 2024/2979](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L_202402979),
+[CIR 2024/2980](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L_202402980),
+[CIR 2024/2981](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L_202402981),
+and [CIR 2024/2982](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L_202402982)
+also contain a list of definitions. Again for convenience, these definitions are
+included in [Section A.3](#a3-definitions-from-the-adopted-commission-implementing-regulations)
+- Thirdly, in writing the ARF, additional technical terms and corresponding
+definitions are used. These are listed in [Section A.4](#a4-additional-definitions-used-in-the-arf).
 
 ## A.2 Definitions from the [European Digital Identity Regulation]
 
-The following terms are defined in the [European Digital Identity Regulation] and used in the ARF.
+The following terms are defined in the [European Digital Identity Regulation]
+and used in the ARF.
 
 | **Term** | **Definition in [European Digital Identity Regulation]** |
 |-----------|-----------|
@@ -38,11 +49,15 @@ The following terms are defined in the [European Digital Identity Regulation] an
 |**Relying Party** | A natural or legal person that relies upon electronic identification, European Digital Identity Wallets or other electronic identification means, or upon a trust service |
 | **Public Sector Body** | A state, regional or local authority, a body governed by public law or an association formed by one or several such authorities or one or several such bodies governed by public law, or a private entity mandated by at least one of those authorities, bodies or associations to provide public services, when acting under such a mandate. |
 
-**Table 1: Definition of terms used in the ARF originating from the [European Digital Identity Regulation]**
+**Table 1: Definition of terms used in the ARF originating from
+the [European Digital Identity Regulation]**
 
 ## A.3 Definitions from the adopted Commission Implementing Regulations
 
-The following terms are defined in the adopted Commission Implementing Regulations and used in the ARF. Note that small differences exist in the way in which terms are written, for example regarding capitalisation. The table contains the term as used in the ARF.
+The following terms are defined in the adopted Commission Implementing
+Regulations and used in the ARF. Note that small differences exist in the way in
+which terms are written, for example regarding capitalisation. The table
+contains the term as used in the ARF.
 
 | **Term** | **Definition** |
 |-----------|-----------|
@@ -63,21 +78,30 @@ The following terms are defined in the adopted Commission Implementing Regulatio
 | Provider of wallet-relying party access certificates (Access Certificate Authority, Access CA) | A natural or legal person mandated by a Member State to issue Relying Party access certificates to (Wallet-) Relying Parties registered in that Member State. |
 | (Wallet-relying party) registration certificate | A data object that indicates the attributes the Relying Party has registered to intend to request from Users |
 
-## A.4 Additional definitions used in the ARF v1.5.0
+## A.4 Additional definitions used in the ARF
 
-Note: The technical terms and definitions in Table 3 below are intended to be defined in such a way that they are aligned with the definitions used in the [European Digital Identity Regulation] and the Commission Implementing Regulations in Tables 1 and 2, and should be interpreted as such. In case any definition in Table 3 contradicts a definition from the [European Digital Identity Regulation] or the Commission Implementing Regulations, the latter take precedence.
+Note: The technical terms and definitions in Table 3 below are intended to be
+defined in such a way that they are aligned with the definitions used in the
+[European Digital Identity Regulation] and the Commission Implementing
+Regulations in Tables 1 and 2, and should be interpreted as such. In case any
+definition in Table 3 contradicts a definition from the [European Digital
+Identity Regulation] or the Commission Implementing Regulations, the latter take
+precedence.
 
 In some cases, a term has its origin in the context of
-a specific Topic in [Annex 2](../annex-2/annex-2-high-level-requirements.md). In such a case, the topic number appears in brackets following the definition. If the definition relies on an external source, such as a
+a specific Topic in [Annex 2](../annex-2/annex-2-high-level-requirements.md). In
+such a case, the topic number appears in brackets following the definition. If
+the definition relies on an external source, such as a
 standard or a formal publication, that source is mentioned.
 
 | **Term** | **Definition** |
 |-----------|-----------|
+| Administrative validity period (of a PID or attestation) | The date(s) from and/or up to which the attributes in the attestation are valid, which are represented as attribute(s) in the attestation. *Note: Some attestations, for instance diplomas, do not have an administrative validity period* |
 | Attestation | When not further qualified, a collective term for a QEEA, PuB-EAA, or (non-qualified) EAA. |
 | Attestation Provider | When not further qualified, a collective term for QEAA Provider, PuB-EAA Provider, or (non-qualified) EAA Provider. |
-| Attestation Revocation List | A mechanism provided by a PID Provider or an Attestation Provider (or a trusted party acting on its behalf) for communicating the revocation status of PIDs and attestations, by publishing a list of identifiers of revoked PIDs or attestations; and used by a Relying Party to verify the status. [Topic 7] |
+| Attestation Revocation List | A mechanism provided by a PID Provider or an Attestation Provider (or a trusted party acting on its behalf) for communicating the revocation status of PIDs and attestations, by publishing a list of identifiers of revoked PIDs or attestations. [Topic 7] |
 | Attestation Rulebook | A document describing the attestation type, namespace(s), and other features for a specific attestation type. [Topic 12] |
-| Attestation Status List | A mechanism provided by a PID Provider or an Attestation Provider (or a trusted party acting on its behalf) for communicating the revocation status of PIDs and attestations, by publishing status information (Valid or Invalid) for all PIDs and attestations that are valid at the time of publication. [Topic 7] |
+| Attestation Status List | A mechanism provided by a PID Provider or an Attestation Provider (or a trusted party acting on its behalf) for communicating the revocation status of PIDs and attestations, by publishing status information (Valid or Invalid) for all relevant PIDs or attestations. [Topic 7] *Note: Which PIDs or attestations are relevant is determined by the entity publishing the status list. For example, a status list may contain all PIDs or attestations whose validity period is not over yet at the time of publication of the list.* |
 | Attestation type | An identifier for a type of attestation, unique within the context of the EUDI Wallet ecosystem [Topic 12] |
 | Certificate Authority (CA) | An entity which is trusted by one or more parties in the EUDI Wallet ecosystem to create and seal certificates. |
 | Certificate Policy (CP) | A named set of rules that indicates the applicability of a certificate to a particular community and/or class of application with common security requirements. |
@@ -89,5 +113,6 @@ standard or a formal publication, that source is mentioned.
 | Qualified Electronic Signature Remote Creation Service Provider | A natural or a legal person that offers services related to the remote creation, validation, and management of qualified electronic signatures that meet eIDAS regulation legal requirements and standards to be considered as legally equivalent to handwritten signatures. |
 | Relying Party Instance | A software and/or hardware module with the capability to interact with a Wallet Unit and to perform Relying Party authentication, that is controlled by a Relying Party. |
 | Selective Disclosure | The capability enabling the User to present a subset of the attributes included in a PID or attestation. |
-| Trust Anchor | An authoritative entity represented by a public key and associated data. (Based on RFC 5194) |
-| Trusted List | Repository of information about authoritative entities in a particular legal or contractual context which provides information about their current and historical status. |
+| Technical validity period (of a PID or attestation) | The dates (and possibly times) from and up to which the attestation is valid, which are represented as metadata of the attestation. *Note: All PIDs and attestations have a technical validity period, which is typically much shorter than its administrative validity period (if existent). The technical validity period is chosen based on a risk analysis, e.g. with regard to User privacy.* |
+| Trust Anchor | An authoritative entity represented by a public key and associated data. *Note: based on RFC 5914.* |
+| Trusted List | Repository of information about authoritative entities in a particular legal or contractual context which provides information about their current and historical status. |