Admission

This admission process describes the steps that all parties MUST take to be admitted to the iSHARE network. For Certified Parties, including Participant Registry, additional steps are required and are described below. The process is the responsibility of, and facilitated by, the Participant Registry (or the Scheme Owner). The process of onboarding and admission can be delegated to a Participant administrator. During rollout, existing JWT flows remain supported; VCs are an additional, optional path for parties that implement them.

Admission of prospective iSHARE participants includes:

• A potential Adhering Party wants to start fulfilling one or more adhering role(s) in the network.

• A potential Certified Party wants to start fulfilling one or more certified roles(s) in the network.

• An already adhering and/or Certified Party wants to expand its current role(s) by one or more roles (s) in the network.

Goal

The goal of the admission process is to let prospective participants join the iSHARE Network in a simple and controlled way. A controlled admission process is important to warrant trust in the iSHARE Trust Framework. It provides assurance that all parties signing an accession agreement fulfil the scheme's accession criteria.

Admission criteria

To be admitted to the iSHARE network as a participant, prospective participants MUST comply with several criteria*:

• Provide a signed iSHARE accession agreement, including Terms of Use;

• Provide a valid Party Identifier.

• Irrespectively, a party identifier compliant with the iSHARE DID method MUST be automatically derived from the identification credential (PKI certificate or signed token);

• Provide an eIDAS Qualified Certificate for advanced or qualified eSeals or onboard using an iSHARE certified Identity Provider where allowed;

• Provide a successful test report of the iSHARE conformance test tool.

* Data spaces MAY require additional admission criteria (consult Data Space Governing Body).

The above table shows the Onboarding/ Admission criteria and the Onboarding parties involved.

X = required.

* The assessment framework is available below. Data space may apply its own assessment framework for adhering parties and extend the iSHARE Assessment Framework for certified parties

Assessment framework

The following file holds the assessment framework for Certified Parties.

Responsibilities

Several parties have responsibilities and tasks in the admission process:

• The Participant Registry MUST facilitate the onboarding process while safeguarding the integrity and trust.

• For Participant Registries supporting VCs, they MUST issue compliant VCs to participants requesting onboarding as well as reissuance and revocation of VCs throughout the participant life cycle.

• The Participant Registry MAY delegate its onboarding responsibilities to another party if required; however, it remains responsible and in contact for its participants and the Scheme Owner, as it is the certified party for onboarding.

• The Scheme Owner MUST onboard/admit the participants playing the role of a Participant Registry. The Scheme Owner MAY admit other participants in the iSHARE network until further notice;

• The prospective participant MUST implement what is necessary for complying and maintaining compliance with the relevant admission criteria of being a participant in specified role(s).

• Before submitting any claims or registering additional attributes for a participant, the Participant Registry MUST process and verify all mandatory admission and validation requirements as defined by the framework. This ensures that all registered claims are based on verified participant records and compliant admission procedures.

Sequence

1. An authorised representative of the prospective participant registers with a Participant Registry and provides the Participant Registry with:

   1. Primary contact details: name, role, e-mail;

   2. Description of the intended activities for participating and onboarding in this data space/ecosystem and use of the iSHARE framework;

   3. At least one acceptable, valid legal entity identifier as required by the Participant Registry (nationally or internationally recognised unique identifier which can be verified).

2. The Participant Registry checks whether there are potential impediments that could block the completion of the admission process for the prospective participant:

   1. E.g. previous exclusions from a Data space/iSHARE network in the recent past.

3. The Participant Registry MUST facilitate testing and certification of the prospective participant.

   1. The Participant Registry MAY provide testing material and documentation on the test environment: certificates, keys, SDKs, etc..

   2. For prospective Certified Parties, it MUST include role-specific non-technical requirements.

4. The prospective participant formally requests admission to the particular data space by providing:

   1. An iSHARE accession agreement signed by an authorised representative of the prospective participant;

   2. The eSEAL digital certificate (public key) that will be used (if applicable, see table above);

   3. An iSHARE conformance test tool report.

   4. Any other requirements for admission to the particular data space (such as a signed NDA);

   5. For a prospective Certified Party: The level of assurance for which the prospective Certified Party wants to be certified, accompanied by a filled-in Assessment Framework (and related evidence) to prove that the operational processes of the prospective Certified Party comply with the indicated level of assurance.

   6. For prospective Certified Parties, additional verification may be required.

      1. The prospective Certified Party can request a signed NDA from the Participant Registry before providing the Assessment Framework and related evidence.

5. The Participant Registry verifies the acceptance of the prospective participant's admission request and its conformance with the admission criteria.

   1. For prospective Adhering Parties, the Participant Registry has 5 working days, unless otherwise stated/agreed, to verify the acceptance of the prospective participant’s admission request and its conformance with the admission criteria;

   2. For prospective Certified Parties, the Participant Registry has 30 days, unless otherwise stated/agreed, to verify the acceptance of the prospective participant's admission request and its conformance with the admission criteria, but aims to respond as soon as possible.

6. The Participant Registry records the participant’s status in the Participant Registry.

7. Once the participant has been accepted, the Participant Registry communicates the verified acceptance to the new Participant, and in the case of Verifiable Credentials issues a ParticipantCredential to the Party.

Criteria for participation

All participants must be assessed on adherence to the criteria set for participation in this admission process. To accommodate step-by-step onboarding, the following criteria are available.

Legal adherence

• Legal adherence: The Participant has signed the iSHARE Accession Agreement, including the iSHARE Terms of Use.

• No legal adherence: The Participant has not yet signed the necessary agreements.

Compliance

Compliance includes multiple aspects of participation, such as technical and operational adherence.

• Compliance: Compliance was verified by verifying that all the requirements of onboarding are fulfilled, including the successful test report of the Conformance Test Tool (CTT) for technical compliance.

• No compliance: Compliance has not been verified. Note that this indication will limit the available options for data sharing for this participant.