CX-0050 Framework Agreement Credential v.2.1.0
REVISIONS & UPDATE
- Re-definition of the Framework Agreement structure
ABSTRACT
The Framework Agreement Credential is a Verifiable Credential which confirms that a participant has agreed to the Use Case Framework document (short "Framework"). The following chapters specify the technical documentation and the structure of the Framework Agreement Credential.
1. INTRODUCTION
The data exchange between two participants needs to be legally agreed between them. This is done based on the "Framework" which defines the basic rules for data consumption, storage, transfer and re-usage. Using Decentralized Identifiers for a Self-Sovereign Identity, Verifiable Credentials are used to confirm a participant that he has accepted the "Framework".
1.1 AUDIENCE & SCOPE
AUDIENCE
The standard is relevant for the following roles:
- Core Service Provider as this is the entity being able to issue Framework Agreement Credentials
- Data Provider / Data Consumer as they exchange these Framework Agreement Credential to prove consent to the "Framework"
SCOPE
This section is non-normative
This document covers the specification of the Framework Agreement Credential. It describes
- the structure of the framework agreement credential
- the content of the framework agreement credential
- the field details of the framework agreement credential
What is not in scope is the description or the definition of the "Framework" itself.
1.2 CONTEXT
This section is non-normative
The Framework Agreement Credential is issued by the Core Service Provider to the wallet of the participant and is exchanged by the dataspace client in the course of data exchange. It is an attribute of a participant 1 which presents to another participant 2 that the "Framework" is accepted by participant 1.
The "Framework" document defines the conditions for data exchange. Having agreed to this "Framework" is proved by a verifiable credential issued to this participant. This is done by the Core Service Provider after an appropriate check of the approval of the participant to the "Framework". The exchange of this credential allows participants to validate each other that they have agreed to the conditions defined in the "Framework". The Data Provider can validate that the Data Consumer has agreed to the "Framework".
1.3 CONFORMANCE AND PROOF OF CONFORMITY
This section is non-normative
Sections marked as non-normative, all authoring guidelines, diagrams, examples, and notes in this specification are non-normative. Everything else in this specification is normative.
The key words MAY, MUST, MUST NOT, OPTIONAL, RECOMMENDED, REQUIRED, SHOULD and SHOULD NOT in this document document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.
Core Service Provider
All Core Service Providers providing the issuance of Framework Agreement Credentials MUST ensure that these credentials follow the structure described in section 2.2 Framework Agreement Credential Structure and contain the data according to the linked verifiable credential in section 2.2 Framework Agreement Credential Data Exchange Governance.
All Core Service Providers providing the issuance of Framework Agreement Credentials MUST ensure that the "Framework" document have been agreed correctly by the participants.
To validate these criteria of conformance to the "Framework" the following information MUST be handed to the Conformity Assessment Body by the Core Service Provider:
- the validation / control process of the participants agreement,
- a documentation (e.g. based on Arc42) explaining the architecture, process flows and data structures of the implementation.
1.4 EXAMPLES
Not applicable.
1.5 TERMINOLOGY
This section is non-normative
Not applicable.
2. FRAMEWORK AGREEMENT CREDENTIAL
This section is normative
2.1 Framework Agreement Credential Definition
The Framework Agreement Credential is a verifiable credential proving that the holder of the credential has agreed to the "Framework" document.
It contains the name of the "Framework", a link to "Framework" document and the version of the "Framework" document.
2.2 Framework Agreement Credential Data Exchange Governance
The Framework Agreement Credential Data Exchange Governance is shown and explained in the following:
{
"id": "uuid",
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://w3id.org/catenax/credentials/v1.0.0"
],
"type": ["VerifiableCredential", "DataExchangeGovernanceCredential"],
"issuanceDate": "{issuance date - format: 2024-10-16T00:00:00Z}",
"expirationDate": "{expiration date - format: 2025-10-15T00:00:00Z}",
"issuer": "{did issuer}",
"credentialSubject": {
"id": "{did holder}",
"holderIdentifier": "{bpn}",
"group": "UseCaseFramework",
"useCase": "DataExchangeGovernance",
"contractTemplate": "{URL OF AGREEMENT/CONTRACT TEMPLATE}",
"contractVersion": "{VERSION OF THE AGREEMENT TEMPLATE; format: x.x}"
}
}
Explanation:
-
id
is the uuid of the newly created credential - the uuid is defined by the issuer component -
context
is fix defined for the current used schema - we should already consider that the schema might get updated in future. Ideally we are flexible to have this scenario that the old schema is set to "INACTIVE" and a new schema is used for new created credentials -
type
is fix defined for this specific credential -
issuanceDate
calculated on runtime -
expirationDate
calculated by the issuer component based on defined credential static data expiry date => always not > 12 month -
issuer
holds the issuer did -
credentialSubject
id
holds the customer/holder didholderIdentifier
BPN number of the holdergroup
groupType - fix value "UseCaseFramework"useCase
the linked useCase - in this case Data Exchange Governance Framework agreement is valid for all Catena-X use casescontractTemplate
contractTemplateDocument of the FrameworkcontractVersion
Framework version - important since you can hold the same credential for multiple versions
3 REFERENCES
3.1 NORMATIVE REFERENCES
3.2 NON-NORMATIVE REFERENCES
This section is non-normative
Not applicable.
3.3 REFERENCE IMPLEMENTATIONS
This section is non-normative
Not applicable.
ANNEXES
FIGURES
This section is non-normative
Not applicable.
TABLES
This section is non-normative
Not applicable.