# RFC042 | Document property | Value | | ------------------------------ | ----- | | Issue reference | #1+ | | Document status \[draft/final] | Draft | ## Background and rationale With [RFC028](https://gitlab.com/ishare-foundation/cab/rfc/-/blob/main/RFC%20Documents/RFC028/README.md) iSHARE has move to a federated model. This has led to changes in terminology being used for roles throughout the iSHARE Trust Framework and other iSHARE documentation or assets. Additionally, other initiatives like [IDSA](https://internationaldataspaces.org/) and the [DSSC](https://dssc.eu/),and new regulations like the [Data Governance Act](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act) have introduced terminology as well. ## Proposed change ### Purpose This RFC aims to clarify the terminology used for [roles in iSHARE](https://framework.ishare.eu/main-aspects-of-the-ishare-trust-framework/framework-and-roles) and map its alignment to the terminology used with other initiatives and regulations. It proposes the renaming of two iSHARE roles and proposes changes to align and clarify documentation. ### Description and principles It’s important to acknowledge that iSHARE provides a role framework that can be applied to legal entities. The roles should not be confused with the naming of technological solutions that are required to fulfill those roles. The iSHARE Framework does provide specifications on which technological aspects a role should implement (security requirements, API requirements), but it doesn’t specify what solution(s) should fulfill those. The following table presents the current names of iSHARE roles, in the second column in *bold* roles that will be renamed with the implementation of this RFC and in further columns a comparison with other initiative. When drafting this impact analysis, we concluded that it was not possible to create a one-on-one mapping between iSHARE defined roles and roles used in other initiatives. This is caused by the fact that all initiatives have a different approach and look on the topic. Nevertheless the community involved in data space in general and trust in particular would benefit from an overview of how the different initiatives use roles as a concept, what the particular roles mean in all frameworks and how they are related to each other. The following table can form a starting point for such an analysis. #### Adhering roles | [Current name in iSHARE](https://framework.ishare.eu/main-aspects-of-the-ishare-trust-framework/framework-and-roles) | New name | Other names currently in use for this role | In [IDSA](https://docs.internationaldataspaces.org/ids-knowledgebase/v/ids-ram-4/layers-of-the-reference-architecture-model/3-layers-of-the-reference-architecture-model/3-1-business-layer/3_1_1_roles_in_the_ids) | In [Dataspace Protocol](https://docs.internationaldataspaces.org/ids-knowledgebase/v/dataspace-protocol/overview/model) | In [Data Governance Act](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained) | In the [DSSC Blueprint](https://dssc.eu/space/BVE/357073672/DSSC+Glossary) | | -------------------------------------------------------------------------------------------------------------------- | ---------------- | ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | Service Consumer | Service Consumer | Data Consumer, Data User, Data Recipient | Data Consumer | Participant, fulfilling their technical requirements using a ParticipantAgent | *Data user* | [Data product consumer](https://dssc.eu/space/bv15e/766062077/5+Data+Products+and+Transactions) | | Service Provider | Service Provider | Data Provider, Data Node | Data Provider | Participant, fulfilling their technical requirements using a ParticipantAgent | *Data holder* | Can be [Data product owner](https://dssc.eu/space/bv15e/766062077/5+Data+Products+and+Transactions) or [Data product provider](https://dssc.eu/space/bv15e/766062077/5+Data+Products+and+Transactions) | | Entitled Party | Entitled Party | Data Owner, Data Holder | Data Owner | *Not present* | Can be *Data subject* or *data holder* | Can be [Data product owner](https://dssc.eu/space/bv15e/766062077/5+Data+Products+and+Transactions) or [Data rights holder](https://dssc.eu/space/BVE/357073819/6+Data+products+and+transactions) | #### Certified roles | [Current name in iSHARE](https://framework.ishare.eu/main-aspects-of-the-ishare-trust-framework/framework-and-roles) | New name | Other names currently in use for this role | In [IDSA](https://docs.internationaldataspaces.org/ids-knowledgebase/v/ids-ram-4/layers-of-the-reference-architecture-model/3-layers-of-the-reference-architecture-model/3-1-business-layer/3_1_1_roles_in_the_ids) | In [Dataspace Protocol](https://docs.internationaldataspaces.org/ids-knowledgebase/v/dataspace-protocol/overview/model) | In [Data Governance Act](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained) | In the [DSSC Blueprint](https://dssc.eu/space/BVE/357073672/DSSC+Glossary) | | -------------------------------------------------------------------------------------------------------------------- | ------------------------ | ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Identity Provider | Identity Provider | Human Identity Provider | *Not present* | *Not present* | *Not present* | Not explicitly mentioned, but can be seen as a [Trust anchor](https://dssc.eu/space/BVE/357073860/9+Identity+and+trust) | | Identity Broker | Identity Broker | -- | *Not present* | *Not present* | *Not present* | *Not present* | | Authorisation Registry | Authorisation Registry | -- | *Not present* | *Not present* | Part of a data intermediation service | Not explicitly mentioned, but can be seen as a [Participant Agent Services](https://dssc.eu/space/bv15e/766061973/4+Data+Space+Services) | | Satellite | **Participant Registry** | -- | *Not present* | Not present, this role will likely fulfill it’s technical requirements by using a Dataspace Registry (similar to the iSHARE Satellite reference implementation) | *Competent Authorities* for both *data intermediation services* and *data altruism organisations* | A combination and/or parts of [Data Space Registry, Registry, Validation & Verification Service, Compliance Service, Notary, Intermediary, Federation Services, Data Space Intermediary, Conformity Assessment Body, Common Intermediary](https://dssc.eu/space/bv15e/777333342/Alphabetical+List+of+All+Defined+Terms+in+Blueprint+v1.5) | #### Other relevant roles These roles are necessary in the framework and data spaces context however, they are not necessarily registered as participants. The roles will still be essential to enable trusted data sharing and governance around it. | [Current name in iSHARE](https://framework.ishare.eu/main-aspects-of-the-ishare-trust-framework/framework-and-roles) | New name | Other names currently in use for this role | In [IDSA](https://docs.internationaldataspaces.org/ids-knowledgebase/v/ids-ram-4/layers-of-the-reference-architecture-model/3-layers-of-the-reference-architecture-model/3-1-business-layer/3_1_1_roles_in_the_ids) | In [Dataspace Protocol](https://docs.internationaldataspaces.org/ids-knowledgebase/v/dataspace-protocol/overview/model) | In [Data Governance Act](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained) | In the [DSSC Blueprint](https://dssc.eu/space/BVE/357073672/DSSC+Glossary) | | -------------------------------------------------------------------------------------------------------------------- | ------------------------------ | ------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Scheme Owner | Scheme owner | -- | *Not present* | *Not present* | *Not present*\* | [(Data Space) Support Organisation](https://dssc.eu/space/bv15e/777333342/Alphabetical+List+of+All+Defined+Terms+in+Blueprint+v1.5) | | Satellite Administrator | **Participant Administrator** | -- | Certification Body And Evaluation Facilities | *Not present, this role will likely fulfill it’s technical requirements by using a Dataspace Registry (similar to the iSHARE Satellite reference implementation)* | Operational part of Competent Authorities | [Validation & Verification Service, Compliance Service, Notary, Intermediary, Federation Services, Common Intermediary](https://dssc.eu/space/BVE/357073860/9+Identity+and+trust) | | Satellite | **Data Space Governance Body** | Data Space Coordinator, Scheme Satellite, Data Space Governance Authority | Dataspace Authority | Dataspace Authority | May be considered equivalent to European Data Innovation Board (EDIB) | [(Data space) governance authority](https://dssc.eu/space/BVE/357073747/2+Core+Concepts) | \* In context of Data Governance Act European Commission could be considered Scheme owner (of Data Governance) ## Impact on the ecosystem This RFC: * Renames the current role of `iSHARE Satellite` to **Participant Registry (certified role)**. This role is fulfilled by the legal entity that is responsible for the operational processes as defined in a data space. This is a certified role and the `Participant Registry` must be certified by the `Scheme Owner`. * Introduces the role of **Data Space Governance Body (other role)**. This is a role (currently assumed to be taken by the `Satellite`) which is responsible for data space, including the defining, evolving & maintaining and governing of participant lifecycle processes. This role can be fulfilled by a legal entity or by a non legal entity (a group of parties with a certain governance). For reference, the definition of data spaces can be based on the [iSHARE Data Space Template](https://template.ishare.eu/) and this body is responsible for defining, evolving and governing the building blocks there in. Legal entities can have both roles simultaneously, or a `Data Space Governance Body` could use (contract) a legal entity to fulfill the role of `Participant Registry`. To clarify that this role is not a formal part of the trust framework (although a relevant role), the role will be labeled as `Other relevant role`. To align with the deprecation of the term `Satellite`, the role of `Satellite Administrator` will be renamed to: * **Participant Administrator (other role)**: This can be a party (contractually) working under `Participant Registry`, facilitating the operational process execution. Note this is not a formal role, however, a `Satellite/Participant Registry` may choose to outsource parts of their execution responsibilities to a 3rd party: the `Participant Administrator`. From the framework perspective, the Participant Registry remains liable and responsible even for the outsourced parts. These changes will be reflected in relevant documentations and communications going forward. Impact on the assets maintained by iSHARE Foundation is given in the next section. Participants are requested to adopt the updated naming conventions in their documentations and communications. ## Impact iSHARE Foundation (Scheme Owner) iSHARE Foundation will review all current assets and work on consistent use of roles as defined in this RFC. As the roles are heavily used throughout all of the documentation, the overall impact of this RFC is large. The following assets are impacted: * The [iSHARE Trust Framework](https://framework.ishare.eu) * The [developer documentation](https://dev.ishare.eu) (as an extension of the iSHARE Trust Framework) * The OpenAPI definitions on [Swaggerhub](https://app.swaggerhub.com/search?owner=iSHARE) * Example implementation in [Postman Collections](https://dev.ishare.eu/demo-and-testing/postman.html) * Code that is published on Github: * [iSHARE Satellite reference implementation](https://github.com/iSHAREScheme/iSHARESatellite) * [iSHARE.NET service consumer core components](https://github.com/iSHAREScheme/iSHARE.NET) * [Python iSHARE package](https://github.com/iSHAREScheme/python-ishare) * [iSHARE code snippets](https://github.com/iSHAREScheme/code-snippets) * [Reference implementation for Authorization Registry](https://github.com/iSHAREScheme/AuthorizationRegistry) * [Reference implementation for Service Provider](https://github.com/iSHAREScheme/ServiceProvider) * The implementation of the iSHARE satellite for iSHARE as the Scheme Owner on and * The [public website](https://www.ishare.eu) * Internal documentation * [Authorization Registry test implementation](https://ar.isharetest.net/) * The [Conformance Test Tool](https://ctt.isharetest.net/admin/account/login), tests listed on * iSHARE test satellite (used for conformance testing): * iSHARE test certificate authority: [EJBCA Public Web](https://ca7.isharetest.net:8442/ejbca/) * [Support site](https://support.ishare.eu): a document will be created to explain the relationship between roles models of different initiatives The following assets are NOT impacted: * Code that is published on Github: * [eSEAL certificate procurement guide](https://github.com/iSHAREScheme/eSEALsGuide) * [iSHARE Change Management documentation](https://changes.ishare.eu) ## Implementation ### Release schedule The expected implementation time is around 2-3 months after deciding on the implementation of this RFC. ### Communication The implementation of this RFC will be actively communicated with the community.