# BDI Technical Roles

## 1. Introduction

The building block aims to define BDI's technical roles, including Identity Provider, Identity Broker, Association Administrator, Data Owner, Data Service Provider, and Data Consumer. Each role plays a crucial part in managing identity, data control, and service provision within BDI's framework.

## 2. Purpose of this building block

The purpose of this building block is to define the technical roles in BDI.

## 3. Concepts

The technical roles of the BDI are given and explained below.

<table><thead><tr><th width="374">Role</th><th>Description</th></tr></thead><tbody><tr><td><strong>Identity Provider</strong></td><td>The Identity Provider-role is fulfilled by a legal entity whose tooling identifies and authenticates humans (and specifically, Human Data Consumers representing Data Consumers).</td></tr><tr><td><strong>Identity Broker</strong></td><td>The Identity Broker-role is fulfilled by a legal entity that provides Data Service Providers access to different Identity Providers, and that offers humans the option to choose with which Identity Provider to identify and authenticate themselves.</td></tr><tr><td><strong>Association Administrator</strong></td><td>Functionary responsible for operating the services of a BDI Association reporting to its Members.</td></tr><tr><td><strong>Data Owner</strong></td><td><p>The data Owner is a legal entity who:</p><ul><li>Has control over data and access to data</li><li>Controls decisions on Data Sovereignty and Trust Sovereignty</li><li>Controls authorization policies, representation rules, professional qualification verification of staff and contractors</li><li>Controls subscription to the Event Pub/Sub Service, and publishing of events to subscribers</li><li>Controls discovery and endpoints</li><li>Controls roles assumed by entity</li></ul></td></tr><tr><td><strong>Data Service Provider</strong></td><td>A Data Service Provider that acts under supervision and on behalf of the Data Owner</td></tr><tr><td><strong>Data Consumer</strong></td><td><ul><li>Requests access to data and/or Representation Register and/or Professional Qualification Register of the Data Owner</li><li>Controls discovery and endpoints</li><li>Requests subscription to Event Pub/Sub Service of the Data Owner, receives and evaluates events.</li></ul></td></tr></tbody></table>

## 4. Implementation Considerations

Implementation of the basic BDI mechanisms assumes the existence of these technical roles.

## 5. Interactions with other building blocks

<a href="../trust-kit/digital-identity" class="button secondary">Digital Identity</a> <a href="../trust-kit/authentication" class="button secondary">Authentication</a> <a href="../trust-kit/authorisation-oauth-2.0-ar-dm-+-xacml-policies" class="button secondary">Authorization</a> <a href="../trust-kit/association-register-1" class="button secondary">Association Register</a>

## 6. Further reading

<https://framework.ishare.eu/is/framework-and-roles>

<https://dssc.eu/space/BVE/357075333/Data+Sovereignty+and+Trust>

<https://framework.ishare.eu/is/functional-requirements-per-role>