5. Participant
A Participant is a Legal Person or Natural Person, which is identified, onboarded and has a Gaia-X Self-Description. Instances of a Participant neither being a legal nor a natural person are prohibited.
classDiagram
class Participant {
<<abstract>>
}
Participant <|-- LegalPerson
Participant <|-- NaturalPerson
The Architecture Document defines three roles a Participant can have within the Gaia-X Ecosystem (Provider, Consumer, and Federator). These are not yet part of Trust Framework and are to be defined in future releases.
5.1 Issuer
Each issuer shall issue a GaiaXTermsAndCondition
verifiable credential as follow:
Attribute | Cardinality | Trust Anchor | Comment |
---|---|---|---|
termsAndConditions |
1 | issuer |
SHA512 of the Generic Terms and Conditions for Gaia-X Ecosystem as defined below |
Example of T&C signed by the issuer
{
"id": "did:example:issuer/tandc",
"type": [
"VerifiableCredential"
],
"issuer": "did:example:issuer",
"issuanceDate": "2022-06-12T19:38:26.853Z",
"credentialSubject": [
{
"@id": "did:example:issuer/tandc/1",
"type": "GaiaXTermsAndCondition",
"termsAndConditions": {
"@value": "0f5ced733003d11798006639a5200db78206e43c85aa123456789789123456798",
"@type": "xsd:string",
"@checksumtype": "SHA-256"
}
}
],
"proof": {
"type": "JsonWebSignature2020",
"verificationMethod": "did:example:issuer#key",
"created": "2022-06-12T19:38:26.853Z",
"proofPurpose": "assertionMethod",
"jws": "z2iiwEyyGcqwLPMQDXnjEdQU4zGzWs6cgjrmXAM4LRcfXni1PpZ44EBuU6o2EnkXr4uNMVJcMbaYTLBg3WYLbev3S"
}
}
5.2 Legal person
For legal person the attributes are
Attribute | Cardinality | Trust Anchor | Comment |
---|---|---|---|
registrationNumber |
1 | registrationNumberIssuer | Country’s registration number, which identifies one specific entity. |
headquartersAddress .countryCode |
1 | State | Physical location of the headquarters in ISO 3166-2 alpha2, alpha-3 or numeric format. |
legalAddress .countryCode |
1 | State | Physical location of legal registration in ISO 3166-2 alpha2, alpha-3 or numeric format. |
parentOrganization[] |
0..* | State | A list of direct participant that this entity is a subOrganization of, if any. |
subOrganization[] |
0..* | State | A list of direct participant with a legal mandate on this entity, e.g., as a subsidiary. |
5.2.1 registrationNumber
The list of valid entity registrationNumber
type are described below:
Attribute | Comment |
---|---|
local |
the state issued company number |
EUID |
the European Unique Identifier (EUID) for business located in the European Economic Area, Iceland, Liechtenstein or Norway and registered in the Business Registers Interconnection System (BRIS). This number can be found via the EU Business registers portal |
EORI |
the Economic Operators Registration and Identification number (EORI). |
vatID |
the VAT identification number. |
leiCode |
Unique LEI number as defined by https://www.gleif.org. |
Consistency rules
- if several numbers are provided, the information provided by each number must be consistent.
5.2.2 Gaia-X Ecosystem Terms and Conditions
The PARTICIPANT signing the Self-Description agrees as follows:
- to update its descriptions about any changes, be it technical, organizational, or legal - especially but not limited to contractual in regards to the indicated attributes present in the descriptions.
The keypair used to sign Verifiable Credentials will be revoked where Gaia-X Association becomes aware of any inaccurate statements in regards to the claims which result in a non-compliance with the Trust Framework and policy rules defined in the Policy Rules and Labelling Document (PRLD).
5.3 Validation of a Natural person (Experimental)
The Functional Requirement to validate if a remote interaction is done by a natural person is of interest for several usecases in Gaia-X; consent management, rights delegation, data & service contract negotiation, …
The proposal below is to bound the verification of an interaction with a natural person to an action on a physical device. The device shall provide a mean to remotely validate its physical and software integrity.
The list of technical solution being investigated are:
- WebAuthn with FIDO2 dongles
- a non exhaustive list can be found here https://www.dongleauth.com/dongles/
- demo with Yubikey
- Root CA validation can be made from https://developers.yubico.com/PIV/Introduction/PIV_attestation.html
- Android applications using Google Play Integrity API with a nonce given by the Verifier.
- the returned value of
IntegrityTokenResponse.token()
must be shared with the Verifier. - Root CA validation can be made from https://www.googleapis.com/oauth2/v1/certs
- the returned value of
- Push notification to an application providing workload remote attestation1 supported by TPM2.0 modules.
- Root CA validation can be made by providing the Endorsement Key certificate (EKCert) from the TPM module.
To be noted that in the above context, public keys do not uniquely identify natural persons and hence are not considered as PII.