Gaia-X Compliance Service

deltaDAO Team
6 min readJun 20, 2022

To secure a higher and unparalleled level of trust in digital platforms, trust must be an easy-to-understand and adopted principle. Therefore Gaia-X designed a Trust Framework — formerly known as Gaia-X Compliance and Labelling Framework — that safeguards data protection, transparency, security, portability, and flexibility for the ecosystem as well as sovereignty and European Control.
It establishes mutual governance and the basic levels of interoperability between ecosystems.

“The Trust Framework is of utmost importance for Gaia-X as it sets the rules that define the minimum baseline to be part of the Gaia-X ecosystem. To put it simply, the Gaia-X ecosystem is the virtual set of participants and service offerings following the Gaia-X requirements from the Gaia-X Trust Framework”, said Pierre Gronlier, CTO of Gaia-X.

Verifiable credentials and linked data representation are used to build a findable, accessible, interoperable and reusable (FAIR) knowledge graph of verifiable claims. From those claims, additional trust and composability indexes can be automatically computed.

The Trust Framework applies its set of rules to all Gaia-X Self-Description files for participants, service offerings and resources. For the first time, we get an idea of what Gaia-X compliance could look like: The Trust Framework 22.04 document was released on May 20, 2022 and is an essential milestone in developing the common Gaia-X standard.

Hackathon #4 focuses on the Trust Framework and Compliance Service.
The Gaia-X Hackathon #4 is scheduled from June 20th to 21st, 2022 and we, as deltaDAO, are again proud co-organizers and happy to participate for the fourth time.

This hackathon edition is unique. A proper, approved, measurable set of rules to test what Gaia-X compliance could look like is in place for the first time. To enforce the rules stated in the Trust Framework, the Gaia-X Lab developed two prototypes, the Gaia-X Compliance Service and Gaia-X Registry APIs. These services are collectively referred to as the Gaia-X Compliance Service and Registry.

The CTO office emphasizes the importance of using and contributing to the Gaia-X Registry and Gaia-X Compliance APIs.

The following four main goals are set to be achieved during the hackathon:

  • Increase Gaia-X knowledge in the community, encourage collaboration and enable participants to make use of current open-source implementations and codebase.
  • Develop tools for creating/validating Self-Descriptions.
  • Usage and further development of the Gaia-X Compliance Service and Trust Framework.
  • Check and validate Gaia-X state (regarding architecture, specifications, technology, processes and general terms and conditions) via the creation of Gaia-X compliant federation services and service offerings leveraging Gaia-X architecture and projects.

Accelerating Gaia-X Compliance adoption: The Gaia-X Lab

The Gaia-X Lab is a development team under the Gaia-X CTO office and writes prototypes to technically validate functional and technical hypotheses made by the Gaia-X Working Groups. The Lab accelerates the development of external open-source software (OSS) projects and identifies missing functional components in the Gaia-X specifications.

deltaDAO is a day one member of the Gaia-X Lab and focuses on developing components for the Gaia-X Compliance and Trust Framework.

Gaia-X Compliance Service validates and signs Self-Descriptions

These development tasks resulted in two prototypes, the Gaia-X Compliance and Gaia-X Registry APIs. The APIs implement the rules of the latest Trust Framework document.

But how do the services work?

The Compliance Service validates the shape, content and credentials of Self Descriptions and signs valid Self Descriptions. Required fields and consistency rules are defined in the latest Trust Framework document.

It verifies participant or service (experimental) Self-Descriptions and verifies Self-Description signatures. These signatures are checked against the Gaia-X registry to ensure that they are signed by a key connected to a verified Trust Anchor. The Compliance Service provides a canonized Self-Description and adds the proof of compliance. It can also verify an already signed Self-Description and its proof of compliance. The Gaia-X Compliance Service can be utilized both via the API and the Swagger UI.

The process of creating your own Gaia-X compliant Self-Description is based on four steps:

  1. Creating a participant or Experimental Service Offering Self-Description

2. Signing the created Self-Description with a key registered as or connected to a registered Trust Anchor. For this step, you can use the signing tool to perform the actions.

3. Using the Compliance Service to verify and sign your Self-Description

4. Verify your signed Self-Description with the proof provided by the Compliance Service.

These steps are described in detail in our Compliance Service repository and the corresponding documentation. You can find it at https://gitlab.com/gaia-x/lab/compliance/gx-compliance. Try it yourself. It’s easy!

Gaia-X Registry contains a list of defined trust anchors

Our Gaia-X Registry solution contains a list of defined trust anchors. Trust anchors are Gaia-X endorsed entities responsible for managing certificates to sign claims. To fulfill the requirements of the latest Gaia-X Trust Framework document, all keypairs used to sign claims must have at least one of the Trust Anchors in their certificate chain. The Registry API can now verify X.509 certificates and public keys of Trust Service Providers according to the Trust Framework document. It offers the basis for the proof of compliance issued by the Compliance Service and the basis to validate the chain of trust for the Compliance Service. The Gaia-X Registry service can be used both via the API and the Swagger UI.

If you want to learn how to use it yourself, you can find our Registry repository and the corresponding documentation under https://gitlab.com/gaia-x/lab/compliance/gx-registry.The source code of the Gaia-X Compliance Service and registry is completely open-source under Eclipse 2.0 license.

Looking forward to hackathon #4 and our EuProGigant session

We are excited about how the Trust Framework and the Compliance Service will develop during the hackathon and how the individual projects will adopt the service. We are very confident that the wonderful Gaia-X community will continue to improve the Compliance Service and we will take another big step toward real-world adoption of Gaia-X.

On day 2, during the use case track, we are using the APIs ourselves to integrate the Gaia-X Trust framework into a real-world manufacturing use case. In this session, we continue what we started with EuProGigant, a Gaia-X lighthouse project, during the Hannover Messe 2022.

With its industry-related use cases, EuProGigant perfectly fits our ambitions to enable open, transparent, secure and decentralized digital ecosystems.

Visitors of the Hannover Fair experienced how the data of two connected CNC machining centers at different locations came together on one platform. The data and algorithms were made available securely and decentralized via the Minimal Viable Gaia-X Demonstrator of deltaDAO AG, based on Ocean Protocol.

If you would like to see some impressions from the fair, you can watch a first trailer right here: https://youtu.be/TvrpCh2c6Vs

Now we go one step further and integrate the Gaia-X Compliance Service and Trust Framework into the validation platform.

In our hacking session, we will create a set of Self-Descriptions that aim to be Gaia-X compliant according to the latest Trust Framework document. Together with the Gaia-X community, we will further develop the Compliance Service and the EuProGigant Demonstrator. You can find the Demonstrator here: https://euprogigant.portal.minimal-gaia-x.eu/

About deltaDAO

deltaDAO AG is a software development, integration and consulting company based in Hamburg, Germany. Founded in 2021 our focus is to enable a transparent, secure and decentralized data economy in which large enterprises, SMEs and public institutions can keep full technical control over their private data. As specialists for distributed ledger technologies (DLT) and smart contracts, we are engaged in the Gaia-X community, working groups and lighthouse projects and provided the first Minimal Viable Gaia-X (https://minimal-gaia-x.eu/) in 2021, based on open-source software and Web 3.0 components.

deltaDAO — data economy solutions. GDPR compliant.

https://www.delta-dao.com/

--

--