The following technical specifications have been drawn up in Spring 2021 and were awarded in an EU-wide tender. Starting in December 2021 the winning bidders are now going to implement the first set of Federation Services, which will create an GXFS open-source reference implementation.
An overview of the individual services and their functions can be found on two pages here.
Authentication & Authorization
The “Authentication and Authorization” service enables Gaia-X participants to authenticate other users and systems in a trusted, decentralized and self-sovereign manner without the need for a central source of authority.
Personal Credential Manager
The “Credential Manager” service enables Gaia-X users to manage their credentials themselves. To do this, the user needs secure storage (user wallet) and presentation capabilities in the authentication and authorization processes.
Organization Credential Manager
The “Organization Credential Manager” service establishes trust between the different participants within the decentralized Gaia-X ecosystem. It includes all trust-related functions required to manage and offer Gaia-X self-descriptions in the W3C Verifiable Credential Format.
Trust Services API
The “trust services” service ensure that a consistent level of trust can be established between all components and participants in Gaia-X. They are the central, technical implementation of cryptographic functions for enforcing policies in the SSI context for the use of the capabilities provided in a decentralized and self-governing manner.
The “Federated Catalogue” service include a catalog where Gaia-X resources, asset items, and participants can be found by potential consumers and end users. Resources, asset items and participants are provided at Gaia-X using self-descriptions.
Data Contract Service
The “Data Contract Service” enables data exchange in a secure, trustworthy and auditable way in the Gaia-X ecosystem. The Data Contract Service provides interfaces for negotiating data contracts that define the agreed terms (Data Asset Usage Policy) for the planned data exchange.
Data Exchange Logging Service
Continuous Automated Monitoring
The “Continuous Automated Monitoring” service provides Gaia-X users with transparency about whether individual service offerings in a Gaia-X Federated Catalog are compliant with the rules. This compliance is based on certain requirements and rules that Gaia-X itself has set for its system.
Onboarding & Accreditation Workflows
The “Onboarding & Accreditation Workflow” service ensures that all participants and offerings within the Gaia-X ecosystem undergo a validation process before being added to the Federated Catalog.
The “Notarization” service authenticates given master data and transforms it into a W3C-compliant, digitally verifiable representation. These tamper-proof digital assertions about specific attributes are central to gaining the desired trust in provided self-descriptions of assets and participants.
The “portal” service serves as a reference architecture for interacting with core service functions via an intuitive user interface and corresponding back-end implementation functions. The user interface provides mechanisms for interacting with core functions via API calls.
The “Orchestration” service allows Gaia-X consumers to instantiate and manage infrastructure services, such as virtual machines, from the Federated Catalog search results via the Gaia-X portal.
IDM & Trust Architecture
Core considerations related to:
- Decentralized identity management
- Trust Layer with signature and validation mechanisms
- Service components/features supporting on-/offboarding processes
- Access management