The Identity-Layer uses the Service-Access-Layer and comprises the eCard-Interface and the Management-Interface, and therefore functions for the use and management of electronic identities as well as for management of the eCard-API-Framework. The eCard-Interface (see [BSI-TR03112], part 2) allows to request certificates and supports the encryption, signature and time-stamping of documents. In the Management-Interface (see [BSI-TR03112], part 3) there are functions for updating the framework and the management of trusted identities, smart cards, card terminals, and default behaviour.