The GAIA-X principles of self-sovereignty also include “identity” and more so, identities are the fundamental basis of such an self-sovereign architecture. Therefore, “Self Sovereign Identity” (SSI) is chosen as the identity layer for GAIA-X. The objective is the implementation of a secure and self-sovereign identity management and the creation of trust mechanisms (Security and Privacy by Design).
With the requirement to create a first solution within 12 months and also to integrate traditional provider solutions in GAIA-X, a solution has to be developed to connect well established IAM solutions. The future-oriented solution is being developed on the basis of a decentralized identity management architecture.
On these cornerstones, a bridge to conventional identity management solutions is created for authentication and “Trust Over IP”, supporting the GAIA-X goal of the federal cloud network.
The decentralized identity management based on SSI and the usage of the W3C standards for Decentralized Identifiers (DID) and VerifiableCredentials (VC) for GAIA-X are essential to establish the GAIA-X objective of a self-sovereign cloud with European interests and to integrate existing solutions. Based on this, the regulations applicable in the European area, according to the GDPR (DSGVO) can be enforced and consider the protection of identities.
In Gaia-X, we understand “Trust over IP” (ToIP) to define the various aspects of trust, in particular the relationship between participants and assets via their identity on a technical and governance level. Among other things, it defines the authentication and authorization functions based on existing standards.
The “Trust over IP” initiative, maintained by the Linux Foundation, is defining a complete architecture and governance structure for Internet-scale decentral and digital trust that combines both cryptographic trust at the machine layer and human trust at the business, legal and social layers.
This document specifies the basics for the following service functions:
- Decentralized identity management according to SSI and DIF via DID Standard Release 1 relates to existing preparatory work from EU like eSSIF and Bundesministerium für Wirtschaft und Energie (BMWi) projects such as “Schaufenster Sichere Digitale Identitäten” including IDUnion.
- Trust Layer with signature and validation mechanisms
- Service components/features supporting on-/offboarding processes for organizations, participants and principals
- Access management (authentication and authorization)