Participant Onboarding Guide

In Becoming a Participant, we have explained the necessary onboarding process for becoming a compliant GAIA-X-Med Participant.

In this guide, we will introduce you to two tools which aim to make this onboarding process as easy as possible.

Warning

To allow for more rapid development and evaluation cycles in the GAIA-X-Med research project, every certificate signing request from anyone is signed unconditionally through an automatic process, meaning that there is no controlling instance for a Participant making Claims about themselves.

In a production system, this process should be replaced/supplemented accordingly by a third party that checks a Participant’s Claims for truthfulness. This is essential for establishing trust between Participants.

Setup & host the Credential Store

As described in Becoming a Participant, you will need to host certain documents pertaining to your Participant identity – your DID document, Verifiable Presentation (or Participant Credential in this context), and certificate – on a publicly accessible web server at a location that is resolvable via your unique identifier, or DID URL.

We have created a simple tool to help managing these files: the Credential Store. It is a simple nginx-based, Docker-ready webserver that you can push files onto and is furthermore compatible with our other major onboarding tool, the Credential Manager.

Please follow the instructions in the Credential Store repository to get an instance running on your own infrastructure. The process involves generating an access keypair, which you will need in the next step when you use the Credential Manager to create your Participant credentials.

Important

The Credential Store is required to be accessible via HTTPS for security reasons (and because it is mandated by the did:web standard). Unencrypted plain HTTP is not supported. If you need a free (as in, gratis) SSL certificate, consider if you can use Let’s Encrypt for your domain.

Perform Participant Onboarding using the Credential Manager

The Credential Manager is a web app that guides you through the steps of creating your Participant credentials, resulting in a Participant Identity File (PIF) that will allow you to authenticate for using GAIA-X-Med Services.

In order to use the Credential Manager, you will need a running instance of the Credential Store and the private key used to access it. See Setup & Host the Credential Store above for details.

Following is a brief step-by-step guide on how to use the Credential Manager to create your Participant Identity File.

Visit the Credential Manager at https://identity.gaia-med.org/manager/ and choose to create a Participant.

Landing page

Credential Manager selection menu.

1. Fill out your Participant details

Participant Details

First step of the Participant Onboarding; entering your Participant details.

Make sure the claims you make about your Participant are correct and in the proper format, as indicated by the example.

2. Configure your Credential Store

Participant Details

Second step of the Participant Onboarding; configuring up your Credential Store.

Provide the URL of where you want your Participant Identity documents to be stored. This needs to point to an endpoint where an Credential Store instance is running. Note that sub-paths are supported, allowing you to manage multiple identities using a single Credential Store. The full URL will determine your unique Participant Identifier (or “username”) as displayed, so make sure you get it right.

Next, browse for the private key belonging to the keypair you used to setup the Credential Store. This is used for authentication purposes.

Note

The private key will only be used client-side in your browser and not leave your computer.

Finally, you are requested to provide a passphrase that is used to encrypt your Participant Identity File. Make sure to choose a passphrase that is up to common security guidelines.

3. Accept the GAIA-X-Med Terms and Conditions

Participant Details

Accepting the Terms and Conditions.

Confirm the Terms and Conditions by checking the box.

Note

The GAIA-X-Med Terms and Conditions are not finalized and subject to change.

4. Perform the onboarding process

Participant Details

Onboarding in progress.

After clicking on Start Onboarding, the Credential Manager will attempt to perform the necessary onboarding steps by communicating with the corresponding services as well as uploading the required files to your Credential Store. The process can take a few seconds.

5. Save your Participant Identity File

Participant Details

Onboarding is finished and a Participant Identity File can be generated.

If the onboarding procedure was successful, congratulations! You are now an officially certified GAIA-X-Med Participant.

Do not forget to download your (encrypted) Participant Identity file, which you can use to authenticate your identity with the GAIA-X-Med ecosystem.

Caution

Make sure to not lose your Participant Identity File or its passphrase, as you will need to perform onboarding again if you do.