DASES - FR WG for a MVP of the Data Space
Minimum Viable Portal Specifications
Su questa assemblea
This page describes specifications about Minimum Viable Portal
This page describes the list of mandatory components for the MVP and details each of them and their different levels of fulfillment. A forecast horizon about their implementations is also provided.
This MVP is based on specifications from :
Participants of DASES work together and collaborate on equal and horizontal lines into the so-called Gaia-X Federation : The Federation is self-determined ecosystem, where individual Participants join together to offer services to be consumed within the Federation, to provide value to its participants, and or also outside the Federation, to create further value to the participants offering new value to the market.
A participant of the Federation or an external service supplier is appointed to become the so-called Federator, aiming to facilitate the group coordination and to provide for the necessary Federation Services implementation, required to operationalise the Federation. It is the purpose of Prometheus-X.
Prometheus-X is providing necessary blocks for the effective operation of the Federation. These blocks are:
- Identity and Trust
- Data Sovereignty Services
- Federated Catalogue
- Compliance
Prometheus-X is building a Portal as a sample integration layer showcasing the Federation Services and providing a user-friendly access to these blocks and attached services. The MVP is the first implementation of this Federation and this page specifies for the MVP each block and its services.
These services are related to GXFS specification documents
Diagram of blocks and services for the MVP:
Identity and Trust
Identity and Trust based on a Self-Sovereign Identity (SSI) concept enables to handle decentralised identities and digital trust establishments for identities and assets. The decentralised identity management based on W3C Verifiable Credentials and Distributed Identifier (DID) enables Gaia-X Participants to keep control over their digital identities. The following services are specified as part of the Federation Services for Identity & Trust:
Authentication/Authorisation (AAU)
Service functions enable Gaia-X Participants to authenticate users and systems in a trustworthy and decentralised self-sovereign manner.
Organisation Credential Manager (OCM)
The OCM establishes trust between the different Participants within the Gaia-X ecosystem by offering credentials to company Participants and managing credentials of the organisation.
Personal Credential Manager (PCM)
PCM acts as a user representative, securely holding the acquired distributed identity credentials and identity attributes. The PCM as a Gaia-X component is used by a natural person – typically in the form of a personal wallet for a user. The PCM enables users to interact with the SSI based ecosystem through VC’S and DID’s in a privacy-preserving way.
Trust Services (TRU)
The Trust Services are the technical implementation to enforce policies for the usage of the decentralised and self-sovereign components of Gaia-X. The Trust Services work through cryptographic validation of the provided credentials. The Trust Services’ scope covers the technology functionalities to ensure a consistent level of trust between all Participants in Gaia-X.
Data Sovereignty Services
Data Sovereignty Services give Participants the capability to have full self-determination of their data exchange and sharing. Informational self-determination for all Participants includes two aspects within the data ecosystem: Transparency and Control of data usage.
Data Contract Transaction (DCT)
The Data Contract Transaction constitutes the formal data transaction initiation between the data provider and the data consumer. The DCT validates the entire contract and, if the content is valid and the Participants have both successfully confirmed the contract, the Data Contract Service (DCS) adds its signature and distributes the finalised Data Contract to all involved parties.The service allows for negotiation of contracts.
Data Exchange Logging (DEL)
Data Exchange Logging provides evidence that data has been submitted and received, that rules and obligations (Data Usage Policies) were enforced, and on whether these have been complied with or violated. The parties involved in the data exchange are the data provider and the consumer of the data; they both receive notifications about the transaction. Some use cases may also require access to the notifications by an eligible third party that has been agreed upon in the Data Contract.
Federated Catalogue
The Federated Catalogue constitutes an indexed repository of Gaia-X Self-Descriptions to enable the discovery and selection of Providers and their service offerings. The Self-Descriptions are the information given by Participants about themselves and about their services in the form of properties and claims.
Catalogue (CAT)
A Catalogue stores Self-Descriptions both as stand-alone and as aggregated in a graph data structure. The Self-Description Storage contains the raw published Self-Description files in the JSON-LD (JavaScript Object Notation for Linked Data) format, together with additional lifecycle metadata.
Since Self-Descriptions are protected by cryptographic signatures, they are immutable and cannot be changed once published. This implies that, after any changes to a Self-Description, the Participant as the Self-Description issuer, must once again sign the Self-Description and release it as a new version.
Self-Descriptions (SD)
Gaia-X Self-Descriptions express characteristics of Resources, Service Offerings and Participants that are linked to their respective Identifiers. Providers are responsible for the creation of Self-Descriptions of their Resources. In addition to self-declared Claims made by Participants about themselves or about the Service Offerings provided by them, a Self-Description may comprise verifiable credentials issued and signed by trusted parties. These Credentials include Claims about the Provider or Resources claimed by the issuer.
Compliance
Gaia-X defines a compliance framework that manifests itself in the form of a Code of Conduct, third party certifications/attestations, or through signing of Terms and Conditions. The compliance framework is made up of rules (e.g., for encryption, data protection standards, and interoperability etc.) that Participants need to adhere to. These rules are the combination of those defined in the Policy Rules’ Document of Gaia-X, and other rules defined by the Labelling Document of Gaia-X. The main objective of the Compliance Federation Service is to provide Gaia-X users with verification of Compliance to the stated characteristics for each of the specific Service Offerings. Federation Services in the field of Compliance consist of three components:
Onboarding and Accreditation Workflow (OAW)
Ensures that all Participants, Resources and Service Offerings follows up a validation process before being added to a Catalogue:
• Registration of the Gaia-X Participant: Upon successful validation, a verifiable credential (VC) for the entity will be issued to underpin the status as a registered Participant in Gaia-X. Then, principals of those registered providers can register the service offerings for Gaia-X.
• Self-Description and additional evidence: to support adherence to the Gaia-X policy rules (e.g., by Codes of Conduct, third-party certifications/attestations, acceptance of Terms and Conditions) have to be provided.
• Documentation of the validation process and the generation of an audit trail to guarantee adherence to generally accepted practices in conformity assessment.
In addition to the general onboarding workflow, special functions must include:
• Monitoring of the relevant bases for Compliance and updates to Service Offerings that could trigger revisions / recertifications for Compliance
• Suspension of Service Offerings
• Revocation of Service Offerings
Continuous Automated Monitoring (CAM)
Enables compliance monitoring based on Self-Descriptions mentioned above in the context of the Federated Catalogue. CAM is achieved by automatically interacting with the service-under-test, using standardised protocols and interfaces to retrieve technical evidence.
Notarisation Service (NOT)
The Notarisation Service is designed to manage notarisation requests and issue digital, legally-binding and trustworthy credentials.
To issue such notarised credentials (including eIDAS signatures and public keys in the verifiable credentials format), participants need to provide relevant legal and accreditation documents as defined in the Gaia-X Policy & Rules Compliance Framework.
The roadmap for the development of these services is currently being created:
Condividi: