Glossary

Authentication Layer

Main article: GAIA-X-Med Authentication

Security layer in front of a Provider Service that implements the GAIA-X-Med authentication protocol and only lets requests from a valid Participant pass. Consists of the Authentication Service on the Federation side and either an Authentication Proxy or an OpenID Connect Client on the Provider side.

Authentication Proxy

Auth-Proxy

Main article: GAIA-X-Med Authentication#Proxy method

Proxies incoming requests for Provider Services, only lets API-authenticated requests pass

Authentication Service

Main article: GAIA-X-Med Authentication

Authenticates a Participant by validating their Credentials for Compliance

Catalog

Service Registry

Main articles: Discovering a Service and Negotiating a Contract, Publishing a Service in the Catalog

Federation Service that stores references to Service Offerings and provides an interface to start Contract negotiations.

Certificate Service

Main article: GAIA-X-Med Trust Anchors

Answers Certificate Signing Requests (CSRs) with Participation or Service Certificates

Claims

Main article: Becoming a Participant#Verifiable Credentials

Statement about a Participant or Service Offering (resp. Legal Person Claims/Service Offering Claims), to be proven truthful and to be used as part of the description of a Participant/Service Offering

Client Library

Main article: Consuming a Service#Using a client library

A software library acting as a thin wrapper around a HTTP request library, adding a Login token to request headers based on a Participant Identity File, therefore enabling simplified connection to a Provider Service’s Authentication Proxy.

Compliance Credential

Main article: Becoming a Participant#GAIA-X-Med Compliance

A Verifiable Credential from the Compliance Service stating that a Self-Description is valid & has been checked, making it trustworthy and effectively immutable

Compliance Service

Main article: Becoming a Participant#GAIA-X-Med Compliance

Part of the Gaia-X Trust Framework; a Federation Service that verifies a Self-Description against shapes from the Registry Service, signs them with a Compliance Credential

Consumer

Main article: Consuming a Service

A Participant who consumes a Provider Service

Consumer Client

Main article: Consuming a Service#Using a client library

A library to be used by a Consumer that implements the communication protocol to speak to a Provider Service (through its Authentication Layer) to consume its API

Consumer Filter

Main article: Contract Negotiation#Consumer Filter

Part of a Contract Template. A JSON Schema object which the Consumer’s Claims are checked against. Negotiation is only possible if the Claims are successfully validated against this schema. Can be used to e.g. only allow Participants of a certain country to form Contracts.

Contract

Main article: Contract Negotiation

A Verifiable Presentation that contains signed Contract Offers from a Consumer and a Provider’s Contract Service as well as a Negotiation Credential from the Negotiation Service. Represents a finalized and legally binding contract.

Contract Offer

Main article: Contract Negotiation#Consumer’s Contract Offer

A Contract Template filled & signed by a Consumer to be sent to a Provider’s Contract Service for countersigning (or rejection)

Contract Service

Main article: Contract Negotiation#Contract Service Negotiation Handling

A Provider Service that stores finalized Contracts and performs negotiation for the Provider based on their specified rules

Contract Template

Main article: Contract Negotiation#Contract Template

Part of Service Offering metadata. Contains information necessary for a Consumer to create a Contract Offer for a given Provider Service, with the goal of creating a Contract. Consists of free-form static contract terms; the Negotiable Terms, the URL of the Contract Service responsible for handling negotiation requests; and the lifetime of Contracts upon formation.

Credential Manager

Main article: Participant Onboarding Guide#Create & Validate your Participant Credentials using the Credential Manager

Web frontend for the Credential Store; creates, validates and saves Credentials

Credential Store

Identity Store

Main article: Participant Onboarding Guide#Setup & Host the Credential Store

“Wallet” solution for GAIA-X-Med Credentials

Credentials

Vague all-encompassing collective term for identity-related documents like Verifiable Presentations, Verifiable Credentials, Claims, DID Documents, etc.

DID Document

Main article: Verifiable Credentials#Decentralized Identifiers (DIDs)

Contains a public key, link to a Self-Description, link to Certificate. Hosted by a Participant for either themselves or their Service

DID-URL

Main article: Becoming a Participant#DID Document Discoverability

Resolvable identifier to a DID Document. GAIA-X-Med primarily uses the did:web method.

JSON Web Token

JWT

See: https://jwt.io/

An IETF standard that allows to sign a JSON payload in standardized format using a key pair. Used for Login Tokens.

Login Token

Main article: GAIA-X-Med Authentication#Login Token

A JSON Web Token that contains a DID-URL and that is signed by the private key corresponding to the public key contained in the DID Document it points to. Basically used for attesting “Here is the location of my Credentials, and yes, those are indeed mine, proven by my signature”

Negotiable Terms

Main article: Contract Negotiation#Negotiable Terms

Part of a Contract Template. A JSON Schema object that describes the configurable or negotiable parts of a Contract. The Contract Offer made by a Consumer has to contain a Terms object that conforms to this schema.

Negotiation Credential

Main article: Contract Negotiation#Notarized Contract Offer

A Verifiable Credential created by the Negotiation Service signifying the current state of a negotiation (pending or finalized)

Negotiation Service

Main article: Contract Negotiation#Notarized Contract Offer

A Federation Service that handles Contract negotiation as a notary between a Consumer and a Provider’s Contract Service

Notarized Contract Offer

Main article: Contract Negotiation#Notarized Contract Offer

A Consumer’s Contract Offer and a Negotiation Credential wrapped in a Verifiable Presentation and signed by the Negotiation Service, to be sent to a Provider’s Contract Service for negotiation

OpenID Connect Client

OIDC Client

Main article: GAIA-X-Med Authentication#OpenID Connect Method

Part of the Authentication Layer. Proxies incoming requests for Provider Services, only lets OpenID-authenticated requests pass. Unauthorized requests get redirected to the OpenID Connect Identity Provider.

OpenID Connect Identity Provider

OIDC Provider

Main article: GAIA-X-Med Authentication#OpenID Connect Method

A Federation Service that adapts GAIA-X-Med authentication to OpenID Connect

Participant

Main article: Becoming a Participant

A legal person that has performed onboarding, received and stored their Credentials (in particular a Participant Self-Description that verifies their identity) and can participate in GAIA-X-Med activities

Participant Identity File

PIF

Main article: GAIA-X-Med Authentication#Participant Identity File

Contains a Participant’s private key and the DID-URL pointing to their DID Document. Participants need to provide their PIF to create and sign Login tokens for authentification, either by the OpenID Connect Identity Provider for Web Apps or by Client Libraries for accessing a backend directly. They are also used to sign Contract Offers.

Participation Certificate

Service Certificate

Main article: Becoming a Participant#GAIA-X-Med Trust Anchors

X.509 certificate signed by a Trust Anchor that allows creation of valid Self-Descriptions

Provider

A Participant that offers one or more Provider Services

Provider Service

Main article: Hosting your own Service

Specific instance of a Service Offering, operated by a Provider and usable by Consumers who have a valid Contract for the Service

Registry Service

Part of the Gaia-X Trust Framework; a Federation Service that holds a list of valid Trust Anchors and JSON-LD shapes to which Self-Descriptions have to conform

Self-Description

SD