6. Gaia-X Trust Anchors¶
Gaia-X Trust Anchors are bodies, parties, i.e., Conformity Assessment Bodies or technical means accredited by the bodies of the Gaia-X Association to be parties eligible to issue attestations about specific claims.
For each accredited Trust Anchor, a specific scope of attestation is defined.
The Trust Anchors are not necessarily Root Certificate Authorities as commonly understood, but they can be relative to different properties in a claim.
6.1 Overall decision flowchart¶
The decision flowchart below is used to determine what type of Trust Anchor must be defined for a given criteria objective.
6.2 Trust Anchors¶
6.2.1 Signee’s role¶
In the Gaia-X Ontology, for specific attributes which are linked or dependent from each other, a criteria can mandate that an attribute must be signed by the same issuer - or signee - of another attribute.
For example, in the Gaia-X Trust Framework 22.10, it is mandatory for the information whether or not a Data Product contains PII that the attribute dataProduct.containsPII
is signed by the Producer of this Data Product dataProduct.produceBy
.
6.2.2 Trust Service Provider¶
By default, for the claims to be legally relevant, all claims must be signed with one or more cryptographic material which can be traced back to a Trust Service Provider (TSP).
The Trust Service Providers accredited by Gaia-X must be organisation or algorithms issuing cryptographic material after a KYB/KYC process verifying the identity of the party such as, and not limited to:
- Business registration or license verification
- Physical address verification
- Phone number verification
To have a global reach, and only if there is no alternative specified in the Gaia-X Registry for the country of the business registration, Gaia-X allows the use of Extended Validation (EV) Secure Sockets Layer (SSL) certificate to sign attributes. (Homepage, Trusted Data Source)
Non-exhaustive list:
- EEA 🇪🇺, Iceland 🇮🇸, Liechtenstein 🇱🇮, Norway 🇳🇴: eIDAS Regulation (EU) No 910/2014. (Homepage, Trusted Data Source)
- South Korea 🇰🇷: KTNET (Homepage)
- United Arab Emirates (UAE) 🇦🇪: PASS (Homepage)
- India 🇮🇳: eMuhdra (Homepage, Trusted Data Source)
The full list of valid TSP is kept up-to-date and made available via the Gaia-X Registry.
6.3 Trusted Data Sources and Notaries¶
When an accredited Trust Anchor is not capable of issuing cryptographic material nor sign claim directly, the Gaia-X Association accredits one or more Notaries which convert “not machine readable” proofs into “machine readable” proofs.
Notaries perform validations and issue attestations based on objective evidences from Trusted Data sources. The Verifiable Credentials issued by the Notaries contain the evidences of the validation process.
Example: the following Trusted Data Sources have been accredited by Gaia-X and are currently used by the Gaia-X Notary Service to validate and issue attestations on the Participant’s Legal Registration Number:
EORI
: the European Commission API.leiCode
: the Global Legal Entity Identifier (GLEIF) APIlocal
: the OpenCorporate API- the returned claim will also contain information about
headquarterAddress.countryCode
- the returned claim will also contain information about
vatID
: for the European member states or North Ireland, the VAT Information Exchange System (VIES) API- the returned claim will also contain information about
headquarterAddress.countryCode
- the returned claim will also contain information about
The full list of valid Trusted Data Sources and Notaries is kept up-to-date and made available via the Gaia-X Registry.
6.4 “Certification CAB”, “Equivalence CAB”, “Gap CAB“¶
A “Certification CAB” is an identified entity approved by Gaia-X to issue specific certification.
An “Equivalence CAB” is an identified entity approved by Gaia-X to verify that one or more issued certifications cover the entirety of a given criteria scope.
A “Gap CAB” is an identified entity approved by Gaia-X to issue a certification for a scope identified as not covered by an “Equivalence CAB”.
The full list of valid “Certification CAB”, “Equivalence CAB”, “Gap CAB” is kept up-to-date and made available via the Gaia-X Registry.