Admission
This admission process describes the steps that all parties MUST take to be admitted to the iSHARE network. For Certified Parties including Participant Registry, additional steps are required and are described below. The process is the responsibility of, and facilitated by, the Participant Registry (or the Scheme Owner). The process of onboarding and admission can be delegated to a Participant administrator.
Admission of prospective iSHARE participant includes:
A potential Adhering Party wants to start fulfilling one or more adhering role(s) in the network.
A potential Certified Party wants to start fulfilling one or more certified roles(s) in the network.
An already Adhering and/or Certified Party wants to expand its current role(s) by one or more role(s) in the network.
Goal
The goal of the admission process is to let prospective participants join the iSHARE Network in a simple and controlled way. A controlled admission process is important to warrant trust in the iSHARE Trust Framework. It provides assurance that all parties signing an accession agreement fulfil the scheme's accession criteria.
Admission criteria
To be admitted to the iSHARE network as a full participant (Service Provider or Service Consumer), prospective participants MUST comply with several criteria*:
Provide a signed iSHARE accession agreement including Terms of Use;
Provide a valid Party Identifier;
Irrespectively, an party identifier compliant to the iSHARE DID method MUST be automatically derived from the identification credential (PKI certificate or Signed token);
Provide an eIDAS Advanced or Qualified Electronic Seal (eSEAL) digital certificate (public key) or onboard using an iSHARE certified Identity Provider where allowed;
Provide a successful test report of iSHARE conformance test tool.
* Data spaces MAY require additional admission criteria (consult Data Space Governing Body).
Valid party identifier
X
X
X
X (only for Service providers)
X
X
X
X
X
Advanced / Qualified eSeal
X (only for Service Providers or Service Consumers that use machine to machine communication)
X
X
Register with an iSHARE certified Identity Provider
X (for Service Consumers or Entitled Parties without Qualified eSeal)
Onboarded by
Participant Registry*
Participant Registry*
Scheme Owner
Assessment framework**
X
X
The above table shows the Onboarding/ Admission criteria and the Onboarding parties involved.
X = required.
* The onboarding procedures can be delegated to one/multiple Participant Administrators.
** The assessment framework is available below. Data space may apply their own assessment framework for adhering parties and extend the iSHARE Assessment Framework for certified parties
Assessment framework
The following file holds the assessment framework for Certified Parties.
Responsibilities
Several parties have responsibilities and tasks in the admission process:
The Participant Registry MUST facilitate the onboarding process while safeguarding the integrity and trust;
The Participant Registry MAY delegate its onboarding responsibilities to another party if required, however it still remains responsible and contact for its participants and the Scheme Owner as it is the certified party for onboarding;
The Scheme Owner MUST onboard/admit the participants playing the role of a Participant Registry. The Scheme Owner MAY admit other participants in the iSHARE network until further notice.
The prospective participant MUST implement what is necessary for complying and maintaining compliance with the relevant admission criteria of being participant in specified role(s).
Sequence
An authorised representative of the prospective participant registers with a Participant Registry and provides the Participant Registry with:
Primary contact details: name, role, e-mail;
Description of the intended activities for participating and onboarding in this data space/ecosystem and use of iSHARE framework;
At least one acceptable valid legal entity identifier as required by the Participant Registry (nationally or internationally recognised unique identifier which can be verified).
The Participant Registry checks whether there are potential impediments that could block the completion of the admission process for the prospective participant:
E.g. previous exclusions from a Data space/iSHARE network in the recent past.
The Participant Registry MUST facilitate testing and certification of the prospective participant.
The Participant Registry MAY provide testing material and documentation on the test environment: certificates, keys, SDKs, etc.;
For prospective Certified Parties it MUST include role-specific non-technical requirements.
The prospective participant formally requests admission to the particular data space by providing:
An iSHARE accession agreement signed by an authorised representative of the prospective participant;
The eSEAL digital certificate (public key) that will be used (if applicable, see table above);
An iSHARE conformance test tool report;
Any other requirements for admission to the particular data space (such as for instance a signed NDA);
For a prospective Certified Party: The level of assurance for which the prospective Certified Party wants to be certified, accompanied by a filled in Assessment Framework (and related evidence) to prove that the operational processes of the prospective Certified Party comply with the indicated level of assurance.
For prospective Certified Parties additional verification may be required.
The prospective Certified Party can request a signed NDA from the Participant Registry before providing the Assessment Framework and related evidence.
The Participant Registry verifies the acceptance of the prospective participant's admission request and its conformance with the admission criteria;
For prospective Adhering Parties the Participant Registry has 5 working days, unless otherwise stated/agreed, to verify the acceptance of the prospective participant’s admission request and its conformance with the admission criteria;
For prospective Certified Parties the Participant Registry has 30 days, unless otherwise stated/agreed, to verify the acceptance of the prospective participant's admission request and its conformance with the admission criteria, but aims to respond as soon as possible.
The Participant Registry records the participant’s status in the Participant Registry.
Once the participant has been accepted, the Participant Registry communicates the verified acceptance to the new Participant.
Levels of participation
This section is under review through an RFC. Following this section is currently not recommended.
In order to lower initial barriers for participation, a prospective participant may join the data space/iSHARE network without meeting all criteria. A possible situation could occur where a party wishes to join as a participant, but is not able to meet all technical requirements for data exchange. Instead, the participant will delegate this to an intermediary party (for example, a data hub) that will provide technical data exchange services.
Identity verification level
Verified according to publicly available trusted resources
The identity of the party can be verified (eg. to an internationally verifiable source)
Verified by Participant Registry
Although this option is not generally recommended, this denotes that the participant is explicitly trusted by the Participant Registry that recorded the participants admission.
Legal adherence
Legal adherence
The Participant has signed an Accession Agreement and Terms of Use
No legal adherence
The Participant is trusted by the Participant Registry. Note that this indication MAY limit the available options for data sharing for this participant within the data space/iSHARE network due to a lower level of legal assurance.
Technical compliance
Full technical compliance
Technical compliance was verified by providing a successful test report of iSHARE certification tool.
No technical compliance
Technical Compliance has not been verified. Note that this indication will limit the available options for data sharing for this participant within the iSHARE network, because the participant must use another (compliant) participant to handle exchanges on his behalf.
Last updated