GXFS-DE has started to produce a series of explainer videos. Currently, the focus is on the five work packages of Gaia-X Federation Services:
- Identity & Trust
- Federated Catalog
- Sovereign Data Exchange
- Portal & Integration
The videos provide insights and explain the functionality and goals for a non-technical audience.
What are the individual work packages about?
Work Package No. 1: Identity & Trust
Based on the concept of Self-Sovereign Identity, the “Identity & Trust” service offers the possibility of maintaining control over one’s digital identities and data.
The authentication/authorization service enables Gaia-X participants to authenticate users and systems in a trusted and decentralized, sovereign manner.
The credential manager for organizations establishes trust between the various participants within the Gaia-X ecosystem by providing credentials to participants and managing the organization’s credentials.
The personal credential manager acts as the user’s representative, securely holding the acquired, distributed identity credentials and identity attributes and providing the technical means to selectively disclose the attributes for authentication and service utilization.
Work Package No. 2: Federated Catalog
The “federated catalog” is a directory of self-descriptions through which providers and service offerings can be easily found and selected. The self-descriptions contain the information that participants provide about themselves and their services in the form of characteristics and self-declarations.
The catalog stores self-descriptions both individually and aggregated in a graph data structure. The so-called self-description store contains the published raw data of the self-descriptions, together with additional lifecycle metadata.
The self-descriptions contain characteristics of resources, service offerings and participants linked to their respective identifiers. The providers themselves are responsible for creating the self-descriptions for their resources.
Work Package No. 3: Sovereign Data Exchange
“Data sovereignty services” offer participants the ability to decide how their data is exchanged and shared.
Self-determination for all participants includes two aspects: Transparency and control of data use. Enabling data sovereignty in the exchange, sharing, and use of data, requires basic features and capabilities. These are developed by federation services in conjunction with other mechanisms, concepts, and standards, and later provided by federators.
The data contract transaction represents the formal handshake to initiate the data transaction between the data provider and the data consumer. It validates the entire contract.
Data exchange logging services evidence that data was transmitted and received, and that rules and obligations were applied and met or violated.
Work Package no. 4: Compliance
Gaia-X defines a framework for compliance, defined in terms of a code of conduct and expressed through third-party certifications/confirmations or by signing general terms and conditions.
The onboarding and accreditation process ensures that all participants, resources and service offerings have gone through a validation process before being added to a catalog.
Continuous, automated monitoring enables monitoring of rule compliance based on the self-descriptions mentioned above.
The Notarization service is used to manage notarization requests and issue digital, legally binding and trustworthy notarizations.
Work Package No. 5: Portal & Integration
The Gaia-X portal serves as an example of an integration layer that introduces federation services and provides user-friendly access to those services.
With the orchestration service, the Gaia-X participant, through the portal, can instantiate services from the catalog search results.
To orchestrate the various service offerings with their associated APIs, an API framework will be introduced to create a unified user and developer experience for API access and lifecycle. An API gateway will provide security for all integrated services, including potentially connected external services such as authentication providers.
The workflow engine mainly serves the onboarding and accreditation process to approve and track service provisioning. It also manages the user interaction loop for user notifications.
Providing appropriate evidence is required to demonstrate that a federation service meets all defined requirements. The Compliance Documentation service specifies how Security and Privacy by Design compliance must be documented by each federation service.
The Gaia-X Federation Services (GXFS) represent the minimum technical requirements for an operational Gaia-X ecosystem. GXFS-DE is an initiative funded by the German Federal Ministry of Economics and Climate Protection (BMWK), based on a resolution of the German Bundestag. Together with other European partners, it aims to initiate and advance the development and technical setup for the so-called Gaia-X Federation Services. The resulting specifications and open source code are owned by the Gaia-X European Association for Data and Cloud AISBL – Brussels, Belgium.