> For the complete documentation index, see [llms.txt](https://frameworks.greendealdata.eu/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://frameworks.greendealdata.eu/operational-frameworks/intermediaries-and-operators/identity-authentication-and-authorisation-iaa-services.md).

# Identity, Authentication and Authorisation (IAA) Services

{% hint style="warning" %}
*This section might be updated based on the latest developments in the SAGE consortium, specifically considering WP6, WP7, WP4, and the Techie group, including inputs from T3.1 - GDDS Trust Framework and AAI Federation. Since the project runs till 2028, the final GDDS deliverable is expected to have additional information on these sections.* &#x20;
{% endhint %}

Identity, Authentication and Authorisation is delivered in the GDDS as a shared, federation-level service. It enables participants to be identified, authenticated, and authorised across organisational and national boundaries without each participant having to establish bilateral trust with every other. A participant admitted once is recognised throughout the data space, and access and usage decisions are made enforceable at the point of data exchange. This is what makes federated, sovereignty-preserving data sharing possible at scale.&#x20;

The service covers the full lifecycle of digital identities for both natural persons (for example researchers and data stewards) and legal entities (for example participating organisations and data providers), from registration and onboarding, through authentication and authorisation, to the renewal and revocation of credentials.&#x20;

The service is provided by the intermediaries and operators that sustain the trust fabric of the GDDS, notably the[ Identity Providers, Authorisation Registries, and Participant Registries. ](#user-content-fn-1)[^1]

These are defined as roles, and certain of them are certified roles, under Trust & Participation Governance and the Conformity Framework & Governance Enforcement. The participant-facing lifecycle that this service supports (identification, onboarding, credential issuance, and revocation) is governed under Trust & Participation Governance (see [here](/governnace-frameworks/gdds-rulebook/trust-and-participation-governance.md)).&#x20;

The technical architecture and trust mechanisms underpinning this service, identity and attestation management, authentication and federation standards, access control and authorisation models, and the federation, trust and security mechanisms, are specified in the Technical Framework (see [Data Sovereignty & Trus](/12-data-sovereignty-and-trust.md)t). &#x20;

This Operational Framework section describes only the service and the roles that provide it.&#x20;

[^1]: Note: Add actual organisations who will fulfil these roles?&#x20;
