A simple proof of concept of the process to build and sign a Self-Description using the Gaia-X Compliance Service.
The main contribution of this repository is demonstrating how to programmatically build Gaia-X Self-Description documents, which are then validated by the Gaia-X Lab Compliance API. We leverage the fact that Let’s Encrypt is able to issue free certificates signed by a valid Trust Anchor, ensuring compliance without incurring extra costs.
- A Linux server with sudo access that has ports 80 and 443 exposed to the Internet.
- A public DNS domain that points to the IP address of the previous Linux server.
- Docker.
- Taskfile.
- The prerequisites above.
- Node 18+.
First you need to update the configuration to match your environment. Copy the file .env.default from this repository to .env and, at least, update the following variables:
| Variable | Description |
|---|---|
CERTBOT_DOMAIN |
The domain name of your server for which you want to generate the Let's Encrypt certificate. |
CERTBOT_EMAIL |
The email of the owner of the domain name. |
RESOURCE_OPENAPI_SPEC |
This variable should point to an OpenAPI schema that describes the HTTP API that you want to model as a Gaia-X Resource. |
To simplify the process, we recommend creating a shell alias that will run the Docker container with the correct parameters. You can create this alias by copying and pasting the command generated by the following task, which first builds the Docker image:
$ task build-show-runner-alias
[...]
📋 Copy and paste the following command to create the alias:
alias gaia-x='docker run --rm -it -p 80:80 -p 443:443 [...]'You should run the commands the rest of commands in this guide from the directory where the .env file is located.
Request the certificates with the following command:
$ gaia-x get-certsThis will generate the certificates and store them in the certs folder.
Generate the DID with the following command:
$ gaia-x build-didGenerate the Verifiable Credentials with the following command:
$ gaia-x build-credentialsYou can now build submit the resulting Verifiable Presentation to the Compliance API:
$ gaia-x build-vpAlternatively, you can create a container image that will generate the Verifiable Presentation and submit it to the Compliance API every time it is run:
$ gaia-x build-credential-server-imageThis will create a file named image.tar in the current directory. You can load this image into your Docker daemon with the following command:
$ docker load -i image.tarYou can now run the container with the following command:
docker run -it --rm -p 443:443 gaiax-credential-serverInstall the dependencies and request the certificates with the following commands:
$ npm install
$ sudo task get-certsThis will generate the certificates and store them in the certs folder.
Generate the DID with the following command:
$ task build-didGenerate the Verifiable Credentials with the following command:
$ task build-credentialsYou can now build submit the resulting Verifiable Presentation to the Compliance API:
$ task build-vpAlternatively, you can create a container image that will generate the Verifiable Presentation and submit it to the Compliance API every time it is run:
$ task build-credential-server-imageThis will build a Docker image named gaiax-credential-server. You can now run the container with the following command:
$ docker run -it --rm -p 443:443 gaiax-credential-server| Reference | Description |
|---|---|
| Gaia-X GitLab | A GitLab organization that contains the repositories for the software implementations and documentation materials of Gaia-X. |
| Gaia-X Glossary | A comprehensive list of Gaia-X terms. |
| Gaia-X Digital Clearing House | A closer look at the services required to achieve Gaia-X compliance. |
| Gaia-X Digital Clearing House Status | Public instances of the Gaia-X Digital Clearing House, including availability and status metrics. |
| Gaia-X Trust Framework | Detailed documentation of the minimal set of rules to be part of Gaia-X Ecosystem. |
| Simplified Gaia-X credentials usage flow | A diagram that shows how the Notary, Compliance Service and Registry fit together in the process of building and signing Gaia-X credentials (i.e., self-descriptions). |
| deltaDAO/self-description-signer | The original repository that served as an inspiration and reference for this proof of concept. |