Organization Credential Manager

The purpose of these Service Function is to provide all necessary components for the administration of the digital identity of a participant in the GAIA-X context. The Organization Credential Manager (OCM) as part of the conceptual model of the “Federated Trust Component” is necessary to establish trust between the different participants within the GAIA-X ecosystem and to create a level of trust. In order to achieve this goal, components are required which on the one hand allow the management of a participant identity for the creation of signatures for various properties, attributes and documents, and on the other hand enable the verification of external documents. This includes the creation of verifiable credentials with a corresponding digital signature on the basis of an identity, the issuing of verifiable presentations on the basis of existing and already received verifiable credentials, the requesting of verifiable credentials from third parties for the attestation of own attributes, for example, as well as the validation of incoming connection requests and proof requests. The format used for communication is based on the RFCs described in the Hyperledger Indy context and the standards of W3C in order to guarantee a uniform process flow and exchange formats. Therefore the Organization Credential Manager (OCM) enables a participant to interact with the SSI-based ecosystem in a trustworthy and secure manner.

The described functionalities allow other components to interact with the SSI-based ecosystem within the Identity Management context.

The OCM interacts with the Trust-Service to allow policy enforcement by being the key point for trustful information through verifiable presentations. It can be used by different roles, such as principals and participants, to support their respective processes in terms of digital trust.

Each GAIA-X Participant and the AISBL itself host their own instance in a self -sovereign manner. AISBL especially uses the component to issue membership credentials and act as the root of trust anchor endpoint of all trusted parties.

Specification document