International-Data-Spaces-Association/IDS-G

Definition of DataspaceRegistrationService

ssteinbuss opened this issue · 3 comments

A DataspaceRegistrationService was not described so far, see also the comment in #72 .

Lets continue the discussion here.

    I have thought about the necessity of a distinct registration service, too. My work-around was to mentally merge it with the IdentityProvider in the sense that a participant can be either `in` (it has an IDS identity) or `out` (the IdentityProvider refuses to create an identity proof)...

Originally posted by @sebbader in #72 (comment)

A Data Space Registration Service is responsible for the following functions:

  • Providing the set of policies governing the membership in the data space
  • Mechanism to check compliance with the membership policies
  • Issuing & revocation of membership credentials
  • Verification service for issued membership credentials
  • Revocation list of revoked membership credentials
  • Membership List or a mechanism to discover other participants (e.g. starting point for a discovery protocol, or URI of a central/federated catalog, member directory, etc...).

Regarding membership list: It should be discussed, how members are exposed. IMHO an automatic exposure of membership, thus participants, might not be the best idea.

The exact specification and functionality of the member directory should be an implementation detail fitting the needs of the dataspace and not being a normative prescription from IDSA. There are for sure going to be many variations as to technology used, security concerns, visibility of member status, etc...
What we need to define in IDSA is for what functions the Data Space Registration Service is responsible, but not how to implement those.