4. Trust Anchors
The Gaia-X Compliance Service is using the same principles of Issuer / Holder / Verifier / Verifiable Data Registry as in the Verifiable Credential model.
The Gaia-X Compliance Service verifies:
- that the issued claims are conformant to the format specified in this document
- that the issuers of the information are properly registered in the Verifiable Data Registry aka Gaia-X Registry
- that the provided information is consistent
In this model, the Issuers aka Trust Anchors can be either:
- the entity in direct control of the Trusted Data Source
- an entity recognized by Gaia-X, also known as Notary, to translate Trusted Data Sources on behalf of the entity managing the Trusted Data Source into Verifiable Credentials.
Trust Anchors are entities endorsed by Gaia-X. Trust Anchors shall underpin claims by Participants. Consequently, Trust Anchors shall facilitate the processing of claims by Participants as Trust Anchors will - subject to their fair and transparent procedures - affirm the necessary trust in otherwise mere self-declared statements. Trust Anchors may underpin any aspects, whilst Gaia-X will only be interested in those aspects relating to criteria relevant either for the Trust Framework or the Gaia-X Labelling.
To be compliant with the Gaia-X Trust Framework, all keypairs used to sign claims must have at least one of the Trust Anchors in their certificate chain.
At any point in time, the list of valid Trust Anchors is stored in the Gaia-X Registry.
4.1 List of defined Trust Anchors
| Name | Defined as |
|---|---|
| State | The Trust Service Providers (TSP) must be a state validated identity issuers or EV SSL issuers. - For participant, if the legalAddress.country is in EEA, valid state identity issuers are eiDAS ones. - Gaia-X Association may also be a valid TSP for Gaia-X Association members. |
| eiDAS | Issuers of Qualified Certificate for Electronic Signature as defined in eIDAS Regulation (EU) No 910/2014 (homepage: https://esignature.ec.europa.eu/efda/tl-browser/#/screen/home) (machine: https://ec.europa.eu/tools/lotl/eu-lotl.xml) |
| EV SSL | Extended Validation (EV) Secure Sockets Layer (SSL) certificate issuers are considered to be temporarily valid Trust Service Providers. (homepage: https://wiki.mozilla.org/CA/Included_Certificates) (machine: https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReportPEMCSV) |
| registrationNumberIssuer | During the pilot phase, the Gaia-X Association nominated itself as a valid Trust Anchor under https://notary.gaia-x.eu |
4.2 List of Trusted Data Sources
4.2.1 For registrationNumberIssuer’s Trust Anchors
For a given attribute, the Trust Anchor shall use the following Trusted Data Source:
EORI: the European Commission API.leiCode: the Global Legal Entity Identifier (GLEIF) APIlocal: the OpenCorporate API- the returned claim will also contains information about
headquarterAddress.countryCode
- the returned claim will also contains information about
vatID: for the European member states or North Ireland, the VAT Information Exchange System (VIES) API- the returned claim will also contains information about
headquarterAddress.countryCode
- the returned claim will also contains information about
4.3 Trust Anchors registration
Gaia-X Trust Anchors will be appointed following a due process based on objective criteria (Gaia-X certification schema). The Gaia-X certification schema will be defined as soon as possible. Until the Gaia-X certification schema is being established, Gaia-X may appoint Trust Anchors on a case by case basis following transparent criteria and processes.