3 Terminology

Terminology used within this specification.

Term	Description
eSignature, e-Signature, electronic signature, digital signature	A data unit which is used by a Signatory to indicate his or her link to a Document
Certificate	Data that links a public key to a natural person and confirms the name of that person
Signatory/User	A natural person or an application delegated by the user who can create a digital signature
eSignature creation device (SCD)	Configured software and/or hardware used to create an eSignature. Two types of eSignature creation devices are supported: * Local - Private keys are stored locally on mobile devices. * Remote - Private keys are stored on the remote secure storage.
Signing application, Signature requestor, Third-Party	An application that has the Document that needs the Signatory's signature
Document (to be signed)	Data that needs to be signed by the Signatory. It can be any data file in an arbitrary format. Document to be signed is usually handled by a third party and made available to Signatory after signing.
Onboarding	The process of identifying Signatory, issuing a Certificate, and binding it to an eSignature Creation Device. User identification is performed using Govstack's Identity Building Block.
HSM	Hardware Security Module - a device or software that can store private keys safely.
SCD	Signature Creation Device - Can be local or remote based on where the keys are stored.
X509	A certificate format as defined in V3
Timestamp	Compliant to RFC3161
Sign	The process of using SCD or One Time signature APIs to encrypt the hash of the document.
CSR	Certificate Signing Request as per RFC 2986
One time Signature	A private key is created upon authentication of the user and expires right after the signature. Should not be confused with OTS or related signature models.
Revocation	All revocation of certificates will be available over OCSP. Follows the respective standards RFC 8954.