Software Components

The GAIA-X-Med architecture is divided into several (primarily web-based) services and user libraries, both adopted from the upstream Gaia-X implementations as well as components developed by the WP 110-130 team.

This page provides an overview of all software components, links to their respective repositories as well as a brief summary of their function.

Federation Services

These services are intended to be hosted as a single instance, federation-wide, by the Federators. All Participants can access these Services. Some might require authentication.

Federation Services

The functionality per service shown in this overview is also referenced in the data architecture.

Authentication Service

Repository:

https://gitlab.isp.uni-luebeck.de/gaia-x-med/federation-services/authentication-service

Technologies:

Python (Flask)

Description:

Implements our authentication flow, i.e. allows participants to log into the Catalogue and Provider Services using their DIDs.

Lead developer:

Hannes

Catalog

Also known as:

Service Registry

Repositories:

Backend, Frontend

Technologies:

JavaScript (express.js, React.js)

Description:

Stores references to Service Offerings. The frontend also serves as an entry point for starting negotiations.

Lead developers:

Tobias (Backend), Niklas (Frontend)

Certificate Service

Repository:

https://gitlab.isp.uni-luebeck.de/gaia-x-med/federation-services/certificate-service

Technologies:

Python (Flask)

Description:

Our “Trust Anchor” that automatically signs CSRs using our CA.

Lead developer:

Hannes

Compliance Service

Repository:

https://gitlab.isp.uni-luebeck.de/gaia-x-med/federation-services/compliance-service

Technologies:

TypeScript (nest.js, Axios, etc.)

Description:

Validates Self Descriptions and issues Compliance Credentials. We need to fork this to fix some upstream issues (notably to implement proper VC canonization)

Lead developer:

Hannes

Credential Manager

Also known as:

Identity Manager

Repository:

https://gitlab.isp.uni-luebeck.de/gaia-x-med/federation-services/credential-manager

Technologies:

TypeScript (Angular)

Description:

Provides a GUI that allows for management of Verifiable Credentials (of both Participants and their Service Offerings), their DID documents and certificates. Furthermore abstracts the signing and verification processes by implementing the necessary protocols and talking to the respective services.

Lead developer:

Hannes

Negotiation Service

Repository:

https://gitlab.isp.uni-luebeck.de/gaia-x-med/federation-services/negotiation-service

Technologies:

Python (FastAPI)

Description:

Receives and validates Contract Offer requests from Consumers and handles negotiation with a Provider’s Contract Service.

Lead developer:

Hannes

OIDC Identity Provider

Repository:

https://gitlab.isp.uni-luebeck.de/gaia-x-med/federation-services/oidc-identity-provider

Technologies:

JavaScript (express.js), node-oidc-provider

Description:

Provides OpenID Connect compatible authentication using GAIA-X-Med credentials.

Lead developer:

Hannes

Registry Service

Repository:

https://gitlab.isp.uni-luebeck.de/gaia-x-med/federation-services/registry-service

Technologies:

TypeScript (nest.js, Axios, etc.), MongoDB

Description:

Holds our custom CA and shapes.

Lead developer:

Hannes


Provider Services

These are reference implementations of software components that are intended to used by Providers in order to host one or multiple Service(s). These can be replaced with proprietary components as long as they implement the same protocols.

Furthermore, not all of these components are mandatory. For example, a Service that does not need a web frontend does not need an OpenID Connect Client, etc.

Authentication Proxy

Repository:

https://gitlab.isp.uni-luebeck.de/gaia-x-med/provider-services/authentication-proxy

Technologies:

Java (Spring)

Description:

Intercepts requests to Provider Services, handing them off to the Authentication Service. Only passes through requests from successfully authenticated participants.

Lead developer:

Tobias

Contract Service

Repository:

https://gitlab.isp.uni-luebeck.de/gaia-x-med/provider-services/contract-service

Technologies:

JavaScript, MongoDB

Description:

Implements contract negotiation and stores finalized contracts so that they can be verified by the Authentication Proxy and Provider Services.

Lead developers:

Max, Bennet, Hannes

Credential Store

Also known as:

Identity Store

Repository:

https://gitlab.isp.uni-luebeck.de/gaia-x-med/credential-store

Technologies:

nginx + nginx-jwt-module

Description:

Hosts the Verifiable Presentations, DID documents and certificates of Participants and their Service Offerings (akin to a “Wallet”) and provides endpoints that allow the Identity Manager to automatically upload those.

Lead developers:

Max & Bennet

OIDC Client/Proxy

Repository:

https://gitlab.isp.uni-luebeck.de/gaia-x-med/demonstrator-web-service/-/tree/main/proxy

Technologies:

Apache2 + mod_auth_openidc

Description:

Secures a Service Web App as an OpenID Connect client connecting to the OIDC Identity Provider.

Lead developers:

Hannes

Service Backend Example

Repository:

https://gitlab.isp.uni-luebeck.de/gaia-x-med/demonstrator-web-service/-/tree/main/backend

Technologies:

TypeScript (express.js)

Description:

An application-specific API that is either offered by a Provider as-is or that serves as a backend to a Web App Service.

Lead developer(s):

Hannes

Service Web App Example

Repository:

https://gitlab.isp.uni-luebeck.de/gaia-x-med/demonstrator-web-service

Technologies:

JavaScript (React.js)

Description:

An application-specific web app that a Provider wants to offer to Consumers. The example is an image gallery service with optional upload capabilities.

Lead developer(s):

Niklas, Hannes


Libraries

These libraries implement common tasks and routines like working with domain-specific files and implementing communication protocols.

Consumer Base API Client

Repositories:

Python, TypeScript

Description:

Generic APIs/Libraries that consume Provider Service APIs, implementing authentication and data transfer, but offer no domain logic. Intended to be used as a base for developing application-specific Service clients.

Lead developer:

Hannes

PIF library

Repositories:

Python, TypeScript

Description:

Library for handling Participant Identity Files, including decryption.

Lead developer:

Hannes

VC library

Repositories:

Python, TypeScript

Description:

Library for handling, fetching and verifying Verifiable Credentials.

Lead developer:

Hannes