FOR SHARE - JULY SNAPSHOT - Trust - Two pages description

Trust framework as part of the data sovereignty and trust building block

Overview

A Trust Framework is a fundamental pillar for data spaces.  It refers to a set of common agreed rules, standards and technological enablers, with the purpose of establishing trust among the data space participants, allowing them to exercise sovereignty over the data they share while enabling secure and privacy-preserving data sharing.

The so-called Trust Anchors are ‘trusted’ entities that are widely recognized and have a high level of credibility within a data space. Their aim is to authenticate and validate the claims made by participants by following fair and transparent procedures, and to ensure the necessary trust that enables participants to have confidence in the entities they interact with. The role of trust anchors is vital in building and maintaining trust in data spaces by ensuring the authenticity, integrity, security and reliability of data and data transactions within the data space.

Examples of good practices for setting up a trust framework and related trust anchors are described in the Gaia-X Trust Framework (Gaia-X Framework - Gaia-X: A Federated Secure Data Infrastructure).

The Gaia-X Trust Framework - cross-data space interoperability and extension of common governance by data spaces

The purpose of the Gaia-X Trust Framework (last release: (Gaia-X Trust Framework - 22.10 Release) is to define and operationalise principles at a higher level than the data space level, providing a common governance that results in a basic level of interoperability across individual data spaces, while letting the users in full control of their choices.
The Gaia-X Trust Framework allows for the measurement and comparison of the legal and technical autonomy levels of services with regard to service composability, service characteristics, compliance to existing standards, and portability and interoperability capabilities – covering licenses, workloads, and data.

The basis for the Gaia-X Trust Framework is represented by the high-level policy rules, defined by the members of the Association in line with EU values and principles.

The Gaia-X Trust Anchors are defined as bodies, parties, i.e.  CABs or technical means accredited by the bodies of the Gaia-X Association to be trustworthy anchors in the cryptographic chain of keypairs used to digitally sign claims about an object.
The list of valid Trust Anchors is stored in the Gaia-X Registry.

Key elements

The following terms are used in the Gaia-X model and their definition is maintained in the Gaia-X Glossary:

• Entities in the ecosystem/data space (participants, services, resources)

• Verifiable Credentials

• Rules/requirements

• Schema

• Trust Anchors

• List of approved Trust Anchors

• Registry

• Trusted Data Sources

• Notaries

Emphasizing Federation

Federation is a trust domain in which parties (organizations) have their own Identity Provider services, and users (individuals) typically belong to one such party (their 'home'). The governance/trust framework within a federation arranges what is usual for a trust domain, as well as that it ensures that users that belong to one party can access services of other parties, by logging in with their 'home' credentials.

Extension of the Gaia-X Trust Framework by data spaces

In the Gaia-X Model, a data space can extend the common Gaia-X Trust Framework by:

• Adding more criteria on the eligibility of the already defined Trust Anchors.

• Selecting a subset of the Gaia-X Trust Anchors for the data space domain.

• Identifying new data space-specific Trust Anchors for new data space-specific criteria.