Creation Review

Type
Creation
State
Successful
End Date of the Review Period

Reviews run for a minimum of one week. The outcome of the review is decided on this date. This is the last day to make comments or ask questions about this review.

Proposal

Eclipse XFSC (Cross Federation Services Components)

Wednesday, March 29, 2023 - 10:09 by Emma Wehrwein
This proposal is in the Project Proposal Phase (as defined in the Eclipse Development Process) and is written to declare its intent and scope. We solicit additional participation and input from the community. Please login and add your feedback in the comments section.
Parent Project
Proposal State
Created
Background

Gaia-X is an initiative launched in Europe: Hundreds of companies and organisations are building a federated next-generation data infrastructure for Europe. Gaia-X connects isolated data sources in organisations and competing cloud services from different providers in an ecosystem. This enables companies, organisations, authorities and also citizens to exchange data securely and, above all, sovereignly. This means they retain full control over their data and no longer risk becoming technically dependent on individual platform providers.

The Gaia-X Federation Services provide the technical foundation for the European data ecosystem. They are a software framework that can be used to build and manage cloud-based data ecosystems – we call them federations.

With the migration to the Eclipse Foundation the Gaia-X Federation Services are transitioning into Eclipse Cross Federation Services Components (XFSC).

Scope

Eclipse XFSC (Cross Federation Services Components) develops the software components necessary to set up a federated system that interconnects several participants in a data and service infrastructure with each other, aiming to develop new data-driven services and innovative products. Such ecosystems consist of joined interconnected data and infrastructure ecosystems, aggregated in so-called Federations that are individually orchestrated and operated with the help of Federation Services.

It consists of several components (mainly microservices) enabling federations in data ecosystems and providing interoperability across federations.

The Eclipse XFSC Toolbox provides a set of services for the functional implementation of Self Sovereign Identities, W3C credential management, Trust Services, database functions for knowledge graphs, usage policy negotiation and a core Low Code Engine. The main purpose is the operational uptake of federations as decentralized ecosystems.

Description

Eclipse XFSC (Cross Federation Services Components) develops the software components necessary to set up a federated system that interconnects several participants in a data and service infrastructure with each other, aiming to develop new data-driven services and innovative products. Such ecosystems consist of joined interconnected data and infrastructure ecosystems, aggregated in so-called Federations that are individually orchestrated and operated with the help of Federation Services, part of Gaia-X.

It consists of several components (mainly microservices) enabling federations in data ecosystems and providing interoperability across federations.

The Eclipse XFSC Toolbox provides a set of services for the functional implementation of Self Sovereign Identities, W3C credential management, Trust Services, database functions for knowledge graphs, usage policy negotiation and a core Low Code Engine. The main purpose is the operational uptake of federations as decentralized ecosystems.

Eclipse XFSC is to be seen as the implementation of a suite of solutions – providing for the minimum technical requirements to empower Federations to become operational and to allow organizations to participate in a world of Self Sovereign Identity and data ecosystems. The Eclipse XFSC toolbox defines a range of components necessary to fulfil the Gaia-X’s objective of building trust and interoperability, and ensuring participants retain sovereignty over their data. Concretely, the first set of services delivered are:

Identity & Trust

These services empower federations to authenticate and authorize participants in a federation, for example via credential validation, and cover technology functionalities to ensure a consistent level of trust between all Participants of a federation.

  • Authentication & Authorization Service (AAS)
  • Personal Credential Manager (PCM)
  • Organization Credential Manager (OCM)
  • Trust Services (TRU)
  • Notarization Service (NOT)

Self-Description/Catalogue

The Federated Catalogue is the repository of one Federation, enabling participants to find other participants’ information and service offerings in the shape of the Self-Descriptions. The toolbox provides the basic code for each Federation to build their own Federated Catalogue. Once a service offerings has been found, the toolbox also provides services that can facilitate contract negotiations and keep track of data transactions within Federations. These will empower Participants to determine and keep track of how their data is used through different transactions.

  • Federated Catalogue (CAT)
  • Self-Description Wizard (SD-Wizard)
  • Data Contract Transaction (DCT)
  • Data Exchange Logging Service (DELS)

Tooling

The Toolbox also contains services supporting federations with handy functionalities to organize itself. E.g., the Portal serves as a sample integration layer showcasing the Federation Services and providing user-friendly access to these services. A Workflow Engine is delivered aiming at improving complex application networking, e.g., the implementation and configuration of Onboarding & Accreditation workflows for federations. Furthermore, it contains functionalities for sample service orchestration and provisioning as well as compliance monitoring based on EUCS metrics.

  • Portal (POR)
  • Workflow Engine (WFE)
  • Continuous Automated Monitoring (CAM)
  • Orchestration (ORC)
Why Here?

The project started with the goal to create reference open-source-code for organizations to be operating within Federations in data ecosystems. All code has been published under the Apache License 2.0 and all technical specifications or other documents have been published under CC-BY from the very beginning.

Every interested party can use the XFSC toolbox to build apps and services that match the requirements in their respective Federation or organization. This is because requirements towards the specific tools may diverge depending on the industry in question. For instance, an automotive Federation might have very different requirements than an insurance Federation. Through the development of open-source code, interested parties can build services based on the XFSC open-source code and contribute back to the project. Through this open-source implementation, all Participants and interested Gaia-X supporters can improve and continuously adapt the services developed under the XFSC umbrella to meet the Federations’ needs.

Several other initiatives with a similar scope for decentralized federated eco system such as the EDC project are already under the governance of Eclipse. In EDC, the connector focuses on data exchange and a few "federation services" around, whereas XFSC provides a richer set of federation services.

Future Work

Functionalities:

Further Alignment with the core specifications disseminated by the Gaia-X AISBL is a key objective (Architecture Document, Trust Framework) for the further evolution of XFSC.

Moreover, further functionalities have been specified in a second specification phase focusing on the area of “Identity & Trust”:

  • W3C OCM
  • AIP 2.0
  • OpenID4VC
  • Schema Registry
  • W3C compatibility
  • Cloud PCM
  • TRAIN-Extension
  • Consent Manager
  • Self-Description Extension for Attestation References
  • EBSI

Community Uptake:

There have already been several Hackathons conducted to kick-start the community uptake. Further Event Participations & Hackathons are planned for 2023, e.g. Tech-X, XFSC Tech Workshops, Bitkom Forum Open Source 2023, Hackathon am Ring 2023, Rebooting the Web of Trust.

Project Scheduling

Initial Contribution is already in place. Code is ready for migration whenever approval is given. At the moment we are mainly working on a contractual basis due to the funding guidelines. With the migration we plan to open the development process for the community. Meanwhile, community members have already contributed bug reports, feature requests and discussion comments.

Committers
Carsten Stoecker (This committer does not have an Eclipse Account)
Ricky Thiermann (This committer does not have an Eclipse Account)
Georg Greve (This committer does not have an Eclipse Account)
Kalin Canov (This committer does not have an Eclipse Account)
Hossein Rafieekhah (This committer does not have an Eclipse Account)
Steffen Schulze (This committer does not have an Eclipse Account)
Matija Cankar (This committer does not have an Eclipse Account)
Sebastian Steinbuss (This committer does not have an Eclipse Account)
Christian Banse (This committer does not have an Eclipse Account)
Nico Haas (This committer does not have an Eclipse Account)
Christoph Lange-Bever (This committer does not have an Eclipse Account)
Anja Strunk (This committer does not have an Eclipse Account)
Cristina Pauna (This committer does not have an Eclipse Account)
Interested Parties
  • Bundesdruckerei/ Health-X project
  • TrueOcean/ Marispace-X project
  • RIP Software SE/ iEco project
  • Software AG/ AMS project
  • carTRUST
  • Fraunhofer
  • Stackable
  • WOBCOM
  • Embeteco
  • Datarella/ MoveID project
  • Airbus Defence and Space GmbH/ Cooperants project
  • d-fine GmbH/ EuroDaT project
  • IONOS/ Health-X project
  • Fraunhofer/ Possible project
  • Capgemini/ MERLOT project
  • VTT
  • BMW/ Catena-X
  • IDSA
  • Gaia-X Hub Austria
  • K-BusinessCom AG
  • Delta DAO
  • OSB Alliance / SCS Project
  • Gaia-X Hub Germany
  • Wobcom
  • EDC project
Initial Contribution

The toolbox consists of several micro services forming the initial 13 XFSC components. All code has been published already under Apache License 2.0, thus no code ownership is to be considered.

All code has derived from open technical specifications: https://gaia-x.gitlab.io/technical-committee/federation-services/federation-service-specifications/ 

The existing community mainly circles around the implementation partners that have implemented the code on a contractual basis. Most of the code has undergone QA, for some services the QA is still ongoing.

Authentication/ Authorization

Personal Credential Manager

Organization Credential Manager

Trust Services API

Notarization Service

Federated Catalogue

  • Description of Code: developed with Java, Spring Boot framework, Spring Security, Tomcat, Keycloak, PostgreSQL, Neo4J, Apache Jena, RDF/JSONLD processing tools. Mainly accessible through REST API; simple partial HTML frontend for demonstration and testing.
  • Community: Fraunhofer FIT, T-Systems International
  • Repository: https://gitlab.com/gaia-x/data-infrastructure-federation-services/cat

Self-Description Tooling

Data Contract Service

Data Exchange Logging Service

Workflow Engine

  • Description of Code: developed using JavaScript and built on the Node.js runtime, low-code workflow engine. Fork of the popular node.red project with added features, microservice architecture, enhanced user interface, GUI generator with JSON data
  • Community: original node-red contributors, LEANEA GmbH (former Sys4it)
  • Repository: https://gitlab.com/gaia-x/data-infrastructure-federation-services/GXFS_OAW

Continuous Automated Monitoring

  • Description of Code: The CAM consists out of Go-based microservices with a gRPC-based communication suite between them. Its core functionality is based on the OpenSource compliance checking tool Clouditor (https://github.com/clouditor/clouditor) and is released as Apache 2.0.
  • Community: Fraunhofer AISEC
  • Repository: https://gitlab.com/gaia-x/data-infrastructure-federation-services/cam

Portal

Orchestration

A first list of third-party libraries can be provided upon request.

Source Repository Type