direct naar de inhoud

Roles, The Breakdown

In the iSHARE network, there are six roles and the foundation that governs the network and the trust in the network. Here you can read about each of the roles:

Adhering Roles

Service or Data Consumer

The Service or Data  Consumer-role is fulfilled by a legal entity who is entitled to consume data, as provided by a Service Provider, based on authorization by the Data Owner. This legal entity is in need of the result of a service.

For example, an energy supplier consuming the smart energy meter data from an office building; or a trucking company that needs to know its optimal route and Estimated Time of Arrival from a shipping agent.

A Service Consumer can be represented by a machine (its system) or a human (e.g. the trucker), fittingly called the Machine Service Consumer and the Human Service Consumer.

Data owner (before Entitled Party)

The Data Owner role is fulfilled by a legal entity that has one or more rights to a service provided by a Service Provider. These rights, or entitlements, are established in a legal relationship between the data owner and the Service Provider. 

The Data owner, Service Consumer and Service Provider-roles can be fulfilled by the same entity – i.e. a legal entity that consumes a service based on its own entitlements to this service (for example, the trucking company’s entitlement to request Estimated Time of Arrival- and optimal route information) – but this is not necessary. 

Legal entities that are entitled to a service can delegate other entities to consume this service on its behalf: the legal entity consuming the service, then, does so on the basis of another entity’s entitlements. In such use cases, as always, the Service Consumer consumes a Service Provider’s service on the basis of the Data Owners entitlements, but the Service Consumer-role is fulfilled by another entity than the Data Owner role.

Service or Data Provider

The Service Provider-role is fulfilled by a legal entity that provides a service, in the form of data, for consumption by a Service Consumer. This legal entity provides the result of a service that Service Consumer(s) need; for example the party that uses a truck’s time and location to calculate and communicate the truck’s optimal route and Estimated Time of Arrival.

Certified parties

Authorization Registry 

The Authorisation Registry-role is fulfilled by a legal entity that provides solutions for Adhering Parties for the storage of delegation- and authorisation information. An Authorisation Registry: 

  • Can hold information on delegations to Service Consumers; i.e. information indicating what parts of the rights of an Entitled Party are delegated to a Service Consumer.
  • Can check, on the basis of this information, whether a machine representing a legal entity is authorised to take delivery of a service;
  • Can confirm whether this is the case to the Service Provider. 

As a result, Adhering Parties can outsource tasks concerning the management of authorisation and delegation information to an Authorisation Registry instead of implementing their own tooling.

Identity Provider 

The Identity Provider-role is fulfilled by a legal entity whose tooling identifies and authenticates entities (humans or machines). An Identity Provider:

  • Provides identifiers for humans;
  • Issues credentials (i.e. a password or electronic keycard) to humans;
  • On the basis of this identification information, identifies and authenticates humans for Service Providers. 
  • Holds information on authorisations of humans representing a Service Consumer; i.e. information indicating which humans are authorised to act on a Service Consumer’s behalf.
  • Can check, on the basis of this information, whether a human representing a legal entity is authorised to take delivery of a service;
  • Can confirm whether this is the case to the Service Provider.

As a result, Service Providers can outsource identification and authentication of humans, as well as tasks concerning the management of authorisation and delegation information of humans, to an Identity Provider instead of implementing their own tooling.

Identity Broker 

Different humans might hold identifiers at different Identity Providers. Also, Service Providers might need to connect to several Identity Providers. To make sure Service Providers do not need a relationship with each Identity Provider individually, an Identity Broker is introduced. The Identity Broker-role is fulfilled by a legal entity that provides Service Providers access to different Identity Providers, and that offers humans the option to choose with which Identity Provider to identify and authenticate themselves throughout the iSHARE Scheme.

As a result, if Service Providers choose to outsource identification and authentication to more than one Identity Provider, they can connect to an Identity Broker instead of to several Identity Providers.

Scheme Owner

A central role, not part of the basic iSHARE framework, is that of the Scheme Owner. The Scheme Owner role is fulfilled by iSHARE Foundation, and its network of participants, operating properly. How exactly? This is found under the detailed Operational descriptions

The Scheme Owner plays a fundamental role in any iSHARE use case. Every participant to the iSHARE Scheme must have a relation with the Scheme Owner through the legal framework (Terms of Use and Adhering Contract), and can check at the Scheme Owner whether other parties participate in the iSHARE Network. These are prerequisites, however, which is why the Scheme Owner does not play a direct role (and is not depicted) in any of the use cases. 

The Scheme Owner is responsible for admission of the Scheme Administrators (iSHARE Satellites) and the overall maintenance of the iSHARE scheme, including the iSHARE Scheme participants’ distributed registry (iSHARE Registry).

Please refer to the detailed Functional descriptions for details on how the Scheme Owner facilitates and federates trust in the iSHARE Scheme. 


The iSHARE satellite role is the core item of the iSHARE trust network, as core coordinator and governance body in a data space. Organisations acting as Satellite onboard participants into the iSHARE Distributed Ledger. Also pointed as a Scheme Administrator. 

The iSHARE Satellite is the role of Scheme Administrator in the entire scheme allowing all stages of participants

To register all the participants in the data space and ensure that the coverage by the legal framework is digitally verifiable the iSHARE participant register node (iSHARE Satellite), build in a Distributed Ledger across all data spaces using iSHARE, the core component.

Within the iSHARE Node (which is in line with the IDS ParIS Role), data space administrators can register participants with 

  • Their unique ID (EORI numbers in line with EU Identification) and 
  • EIDAS identification and public key. 
  • Register signed Terms of Use and possible additional terms and 
  • Additionally checking the Chamber of Commerce documentation to assure that the contract is legally signed

The administration of participants we have the webinterface on the Satellite Node or API’s to it for automated registration:

To allow for automated participant discovery in data spaces there are a few end-points defined that provide a few key insights for data spaces to operate: 

Parties End-point
Retrieve data from a selection of parties available in the data space or in a subset of the data space. It will look like this /parties/? .

to retrieve data from single participants in the iSHARE Satellite, the call will look like this /parties/EU.EORI.identifierOfTheParticipant.
Every node implementation is equipped with API’s and with that can serve within the data space as the single source for party information with the performance level to the data space

Details of the processes by the Satellite are available on our Wiki