Skip to content

5. Participant

A Participant is a Legal Person or Natural Person, which is identified, onboarded and has a Gaia-X Self-Description. Instances of a Participant neither being a legal nor a natural person are prohibited.

classDiagram

class Participant {
    <<abstract>>
}

Participant <|-- LegalPerson
Participant <|-- NaturalPerson

The Architecture Document defines three roles a Participant can have within the Gaia-X Ecosystem (Provider, Consumer, and Federator). These are not yet part of Trust Framework and are to be defined in future releases.

5.1 Issuer

Each issuer shall issue a GaiaXTermsAndCondition verifiable credential as follow:

Attribute Cardinality Trust Anchor Comment
termsAndConditions 1 issuer SHA512 of the Generic Terms and Conditions for Gaia-X Ecosystem as defined below
Example of T&C signed by the issuer
{
  "id": "did:example:issuer/tandc",
  "type": [
    "VerifiableCredential"
  ],
  "issuer": "did:example:issuer",
  "issuanceDate": "2022-06-12T19:38:26.853Z",
  "credentialSubject": [
    {
      "@id": "did:example:issuer/tandc/1",
      "type": "GaiaXTermsAndCondition",
      "termsAndConditions": {
        "@value": "0f5ced733003d11798006639a5200db78206e43c85aa123456789789123456798",
        "@type": "xsd:string",
        "@checksumtype": "SHA-256"
      }
    }
  ],
  "proof": {
    "type": "JsonWebSignature2020",
    "verificationMethod": "did:example:issuer#key",
    "created": "2022-06-12T19:38:26.853Z",
    "proofPurpose": "assertionMethod",
    "jws": "z2iiwEyyGcqwLPMQDXnjEdQU4zGzWs6cgjrmXAM4LRcfXni1PpZ44EBuU6o2EnkXr4uNMVJcMbaYTLBg3WYLbev3S"
  }
}

For legal person the attributes are

Attribute Cardinality Trust Anchor Comment
registrationNumber 1 registrationNumberIssuer Country’s registration number, which identifies one specific entity.
headquartersAddress.countryCode 1 State Physical location of the headquarters in ISO 3166-2 alpha2, alpha-3 or numeric format.
legalAddress.countryCode 1 State Physical location of legal registration in ISO 3166-2 alpha2, alpha-3 or numeric format.
parentOrganization[] 0..* State A list of direct participant that this entity is a subOrganization of, if any.
subOrganization[] 0..* State A list of direct participant with a legal mandate on this entity, e.g., as a subsidiary.

5.2.1 registrationNumber

The list of valid entity registrationNumber type are described below:

Attribute Comment
local the state issued company number
EUID the European Unique Identifier (EUID) for business located in the European Economic Area, Iceland, Liechtenstein or Norway and registered in the Business Registers Interconnection System (BRIS). This number can be found via the EU Business registers portal
EORI the Economic Operators Registration and Identification number (EORI).
vatID the VAT identification number.
leiCode Unique LEI number as defined by https://www.gleif.org.

Consistency rules

  • if several numbers are provided, the information provided by each number must be consistent.

5.2.2 Gaia-X Ecosystem Terms and Conditions

The PARTICIPANT signing the Self-Description agrees as follows:
- to update its descriptions about any changes, be it technical, organizational, or legal - especially but not limited to contractual in regards to the indicated attributes present in the descriptions.

The keypair used to sign Verifiable Credentials will be revoked where Gaia-X Association becomes aware of any inaccurate statements in regards to the claims which result in a non-compliance with the Trust Framework and policy rules defined in the Policy Rules and Labelling Document (PRLD).

5.3 Validation of a Natural person (Experimental)

The Functional Requirement to validate if a remote interaction is done by a natural person is of interest for several usecases in Gaia-X; consent management, rights delegation, data & service contract negotiation, …

The proposal below is to bound the verification of an interaction with a natural person to an action on a physical device. The device shall provide a mean to remotely validate its physical and software integrity.
The list of technical solution being investigated are:

To be noted that in the above context, public keys do not uniquely identify natural persons and hence are not considered as PII.