integration of design specification

docs/en/design.rst

@@ -0,0 +1,16 @@
+=================
+Design Principles 
+=================
+
+Thanks to the Digital Identity Wallet Paradigm, the IT-Wallet System provides Users with a simpler, faster, and more secure experience when accessing services. 
+
+The IT-Wallet Solution serves as the primary Touchpoint, enabling Users to manage and utilize their Personal Identification Data and Attributes when interacting with Public or Private Entities, in both physical and digital contexts. However, the overall service depends on the interactions of a network of Touchpoints and Technical Solutions, that support its delivery and directly impact the User Experience. 
+
+To ensure service quality from a User Experience perspective, Primary Actors, both Public and Private Entities, MUST ensure the usability and accessibility of their Technical Solutions while aligning with the distinctive elements of the IT-Wallet System. Specifically:
+
+- **Usability**: Technical Solutions MUST be designed and maintained to meet high usability standards, to facilitate service adoption and reduce the need for assistance. Public Entities MUST adhere to [LG DESIGN], whereas Private Entities MAY refer to these guidelines as a best practice. 
+
+- **Accessibility**: Technical Solutions MUST be designed and maintained to meet high accessibility standards to ensure service access regardless of individual abilities, technological skills, or external and contextual constraints. Public Entities MUST adhere to [LG DESIGN], whereas Private Entities MUST comply with applicable regulations. 
+
+- **Consistency**: Technical Solutions MUST be designed and maintained in adherence to the IT-Wallet System’s Visual Identity and functional User Experience requirements in this document, to promote the recognizability of components, to ensure overall system consistency, and to minimize the User's cognitive load.
+

docs/en/index.rst

@@ -1,41 +1,20 @@
 .. include:: ../common/common_definitions.rst
 
-==============================================
-The Italian EUDI Wallet Implementation Profile
-==============================================
+IT-Wallet System Technical Specifications 
+=========================================
 
-Introduction
-------------
-
-The European Parliament `has adopted <https://www.europarl.europa.eu/doceo/document/A-9-2023-0038_EN.html#_section1>`_ the revision of the eIDAS Regulation concerning electronic identification and trust services, introducing a significant innovation: the `European Digital Identity Wallet <https://commission.europa.eu/strategy-and-policy/priorities-2019-2024/europe-fit-digital-age/european-digital-identity_en>`_. This update marks a pivotal advancement in the EU's digital strategy, aiming to enhance the security, interoperability, and usability of digital identities across Member States. For further details, resources, and notes on this legislative development, please refer to the official EU Commission and Parliament websites.
-
-Italy has launched the National digital identity Wallet solution, known as IT-Wallet, established by the Legislative Decree of March 2, 2024, No. 19 (commonly referred to as the PNRR Decree), in direct response to the European community's directives. This initiative ensures full interoperability with the digital identity solutions provided by other European Member States, aligning with European regulations.
-
-The purpose of the following technical rules is to define the technical architecture and reference framework to be used as a guideline by all the parties involved in the development of the IT-Wallet project.
-
-This documentation defines the national implementation profile of IT-Wallet, containing the technical details about components of the Wallet ecosystem, as listed below:
-
- - Entities of the ecosystem according to `EIDAS-ARF`_.
- - Infrastructure of trust attesting realiability and eligibility of the participants.
- - PID and EAAs data schemes and attribute sets.
- - PID/EAA in MDL CBOR format.
- - PID/EAA in `SD-JWT`_ format.
- - Wallet Solution general architecture.
- - Wallet Attestation.
- - Issuance of PID/EAA according to `OpenID4VCI`_.
- - Presentation of PID/EAA according to `OpenID4VP`_.
- - Presentation of pseudonyms according to `SIOPv2`_.
- - PID/EAA backup and restore mechanisms.
- - PID/EAA revocation lists.
+This document provides the technical architecture, implementation framework and design requirements to be adopted by the IT-Wallet System Technical Solutions.
 
 Index of content
 ----------------
 
 .. toctree:: 
    :maxdepth: 3
 
-   ssi-introduction.rst
+   introduction.rst
    defined-terms.rst
+   ssi-introduction.rst
+   design.rst
    trust.rst
    wallet-solution.rst
    pid-eaa-data-model.rst
@@ -48,4 +27,3 @@ Index of content
    security-privacy-considerations.rst
    standards.rst
    contribute.rst
-

docs/en/introduction.rst

@@ -0,0 +1,49 @@
+.. include:: ../common/common_definitions.rst
+
+.. _introduction.rst:
+
+Introduction
+************
+
+Over the last decade, digitalization has radically transformed the way citizens and businesses interact with public and private services, introducing new secure, accessible and user-friendly forms of service access. 
+
+In Italy, Decree-Law No. 19 of 2 March 2024, converted, with amendments, by Law No. 56 of 29 April 2024, introduced Article 64-quater of Legislative Decree No. 82 of 7 March 2005, establishing the Italian Digital Wallet System - IT-Wallet System. The IT-Wallet System allows natural or legal persons to access public and private services through the secure presentation of their data on entitlements, delegations, characteristics, licenses or qualifications in the form of Digital Credentials. 
+
+Thanks to the IT-Wallet System, natural and legal persons can directly provide, via their 
+wallet, the information required for Authentication in the form of Digital Credentials. Similarly to a physical wallet, the IT-Wallet can contain identity or document-related data, such as a driver's license or health card, as well as a wide range of verifiable digital information, such as a professional qualification, educational diploma, licence or personal qualification. 
+
+What distinguishes the IT-Wallet System from previous Authentication systems is that Digital Credentials refer to characteristics, qualities or properties, already authenticated at source. These Digital Credentials can be used by the User without the Credential Issuers being aware of their use. During the use of the Digital Credentials, no usage information is released to third parties as the relationship is exclusive between the User and the party to whom the Digital Credentials are presented in an informed and transparent way for the User.
+
+
+Scope 
+===========
+
+The following Technical Specifications has two main focus: 
+
+The first one is to provide a clear and structured set of guidelines, resources and design requirements related to the IT-Wallet System elements that impact on the User Experience. 
+The document, by distinguishing between mandatory regulatory aspects and good design practices, aims to provide to Public Entities and Private Entities interested in taking part in the IT-Wallet System what is necessary to: 
+
+ - facilitate the understanding and adoption of the Service Model, increasing the number of potential services and usage opportunities for the User; 
+ - adopt the IT-Wallet System’s Visual Identity in order to enhance its reliability and recognizability for the User; 
+ - ensure design consistency across macro-functionalities and single interactions between the User and the service Touchpoints; 
+ - maintain an adequate level of quality, promoting the principles of usability, accessibility and inclusivity. 
+
+Additional guidelines, tools and resources  for the development of the IT-Wallet System Technical Solutions are made available at www.wallet.gov.it.
+
+The second focus is to define the technical architecture and reference framework that will serve as a guideline for all the parties involved in the development of the IT-Wallet System. 
+This documentation defines the national implementation profile of the IT-Wallet System, detailing the technical specifications of its components, as listed below: 
+
+ - Entities of the ecosystem according to `EIDAS-ARF`_; 
+ - Infrastructure of trust attesting reliability and eligibility of the participants; 
+ - PID and EAAs data schemes and attribute sets;
+ - PID/EAA in MDL CBOR format; 
+ - PID/EAA in `SD-JWT`_ format; 
+ - Wallet Solution general architecture; 
+ - Wallet Attestation; 
+ - Issuance of PID/EAA according to `OpenID4VCI`_; 
+ - Presentation of PID/EAA according to `OpenID4VP`_;
+ - Presentation of pseudonyms according to `SIOPv2`_;
+ - PID/EAA backup and restore mechanisms;
+ - PID/EAA revocation lists. 
+
+

docs/en/ssi-introduction.rst

@@ -5,26 +5,31 @@
 The Digital Identity Wallet Paradigm
 ++++++++++++++++++++++++++++++++++++
 
-The Digital Identity Wallet paradigm refers to a new architecture in Identity and Access Management (IAM) that improves the privacy and grants complete control and ownership over the personal data by their owner, the users.
-Users possess their digital documents and determine to which actors they present these documents, with the ability to revoke the use of said documents, all while maintaining a history of their activities. 
+The Digital Identity Wallet paradigm refers to a new architecture in Identity and Access Management (IAM) that improves confidentiality and grants complete control and ownership over the personal data by their owner, the User.
+Thanks to this new paradigm, the IT-Wallet System allows Users to maintain full control in the management and use of their data for access to services provided by Public Entities and Private Entities. 
 
-The main difference between this new approach and the traditional IAM infrastructure is that during the presentation phase there are no intermediaries between the Wallet and the Relying Party, while in the SAML2 or OIDC based infrastructure an Identity Provider is always involved, knowing which services a citizen is accessing to.
+The main difference between this new approach and the traditional IAM infrastructure is that data presentation doesn’t require intermediaries between the Wallet Instance and the Relying Party, while in the SAML2 or OIDC based infrastructure a Digital Identity Provider is always involved, knowing which services the User is accessing to.
 
-Digital identity Wallet Architectures are significant in the field of data exchange and data governance. In accordance with the  eIDAS Regulation, a new digital identity paradigm is designed for European Users - be they citizens, public administrations, or companies - who want to access another Member State's services using their national authentication systems.
+Digital Identity Wallet Architectures are significant in the field of data exchange and data governance. This new digital identity paradigm is designed for Users - be they citizens, Public Administrations, or private organizations- who want to access services using their national authentication systems.
 
-The main roles in a Wallet ecosystem are listed as follow:
+The main roles in the Digital Identity Wallet ecosystem  are listed as follow:
 
- - Issuers: parties who can issue digital credentials about a person;
- - Verifiers: parties who request Holders' digital credentials for authentication and authorization purposes;
- - Holders: individuals who own a Wallet and have control over the digital credentials they can request, acquire, store, and present to verifiers;
- - Verifiable Data Registries: Authorities that publish certificates, attestations, metadata, and schemes needed for allowing the trust establishment between the parties.
+ - Issuers: parties who issue Digital Credentials for Users;
+ - Verifiers: parties who request Digital Credentials from the User for Authentication and authorization purposes;
+ - Holders: individuals who own a Wallet Instance and have control over the Digital Credentials they can request, acquire, store, and present to Verifiers;
+ - Verifiable Data Registries: authorities that publish certificates, attestations, metadata, and schemes needed for allowing the trust establishment between the parties.
 
-In this model, the Credential Issuer (e.g., an educational institution) provides Digital Credentials to the User, who can store them in their digital Wallet.
-The Wallet typically comes in the form of an application on the User's mobile phone.
+..  figure:: ../../images/GL-Three-party-model.svg
+    :alt: three-party model architecture
+    :width: 100%
 
-Other key elements that characterize an SSI system include:
 
- - **Privacy and control**: Wallets enable individuals to maintain control over their personal data. They can choose what information to release, to whom, and for what purpose;
+In this model, the credential issuer (e.g., an educational institution) provides Digital Credentials to the User, who can store them in their Wallet Instance.
+The Wallet Instance is typically provided as a mobile application on the User's smartphone.
+
+Other key elements that characterize this new Digital Identity Wallet paradigm  include:
+
+ - **Confidentiality and control**: Wallets enable individuals to maintain control over their personal data. They can choose what information to release, to whom, and for what purpose in line with the Self Sovereignty Identity (SSI) approach;
  - **Security**: Wallets leverage cryptographic mechanism to ensure the integrity and security of identity information. It avoids the risk of identity theft, fraud, and unauthorized access since the data remains under the individual's control;
  - **Interoperability**: Wallets promote interoperability by enabling different systems and organizations to recognize and verify identities without relying on a central authority. This allows for seamless and trusted interactions between individuals, organizations, and even across borders;
- - **Efficiency and cost reduction**: individuals can manage their own identities, eliminating the need for multiple identity credentials and repetitive identity verification processes. This can streamline administrative procedures, reduce costs, and enhance the user experience.
+ - **Efficiency and cost reduction**: individuals can easily manage their own data, avoid the need to manage multiple identity credentials and overcome repetitive identity verification processes. This can streamline administrative procedures, reduce costs, and enhance the User Experience.