What’s New

This article describes updates to software components as well as architectural changes to GAIA-X-Med, if any occur, starting from April 2024.

2024/06/13

The Catalog frontend was updated.
- Implemented various small fixes and error handling improvements.
Credential Manager was updated.
- Fixed an issue related to the Credential Store access key caching feature.

Contract Service 0.1.1 was released.
- Implemented Consumer filtering.
  - Consumers who wish to form a Contract need their Credential Subject validated against the JSON Schema contained in the “Consumer Filter” field of the Service Offering. If the validation fails, Negotiation is aborted.
  - If the schema is invalid or empty, this check is skipped.
Credential Manager was updated.
- Added a field for the “Consumer Filter” in Service Offering onboarding.
- The Consumer Filter and Negotiable Terms fields are now rendered in a monospace font.
- Added a “Copy to clipboard” button for the Participant’s or Service Offering’s DID URL after onboarding is complete.
- The Credential Store access key is now cached in the browser’s Local Storage for convenience.

gaiaxmed-vc-python 0.3.8 was released.
- Dropped the didkit dependency and replaced DID fetching with equivalent implementation, as didkit upstream module availability is unreliable (no support for Python 3.12 yet; and no source packages available)

Contract Service 0.1.0 was released. This is the first public versioned release of the Contract Service.
- Uses the VC library for checking Consumer compliance instead of asking the Authentication Service
  - This renders the CONTRACT_AUTHENTICATION_URL environment variable unused, and it has been removed
Demonstrator Web Service
- The demo client was updated to use the latest Client API
  - The DemoRepository constructor now refers to the GaiaXMedClient instance for the API endpoint URL. It can still be provided to the constructor for backwards compatibility.

Contract Service was updated.
- PUT /contracts: Add did:web: prefix to provider and service if not present, to match the behavior of the other endpoints

client-js 0.3.0 and client-python 0.3.0 were released.
- Adds support for the Authentication Proxy session feature.
  - The base URL of the Authentication Proxy-secured endpoint will have to be provided when creating a GaiaXMedClient in order to use this feature. See the updated READMEs for an example.
  - If the base URL is not provided, the clients will fall back to a legacy sessionless mode. This will re-authenticate you with every request, causing significant overhead.

Contract Service was updated.
- PUT /contracts: Fixes a bug related to the validUntil parameter

Authentication Proxy was updated.
- In order to reduce traffic and latency due to repeated authentication calls from the same client, the Proxy now supports sessioning.
  - The Proxy received a new endpoint, /authproxy/register. Sending a GET request with a Login Token will return a Session ID valid for 12 hours. This ID can then be attached to a x-gaia-x-session header in normal API requests to use the cached Identity without repeated validation with the Authentication Service.
  - Attaching an x-gaia-x-session header will cause the Proxy to ignore the regular authentication token; an invalid or expired session ID will cause the Proxy to reject your request even if a valid token was provided. In the absense of a Session ID header, the Login Token will be authenticated as before for backwards compatibility. In this regard, only a Login Token OR a Session ID needs to be attached to any regular request.
Contract Service was updated.
- Implemented automatic database reconnection attempts at startup.

Most of the GAIA-X-Med software components were (re-)licensed under the terms of the Apache License 2.0.
- Exceptions:
  - Compliance Service and Registry Service (kept upstream EPL)
  - oidc-identity-provider (kept upstream MIT License)
- All components with versioned releases received a new release with the new license: