Use Gaia-X compliance credentials in policy enforcement

[YassirSellami]

Feature Request

Participants should be able to use Gaia-x compliance credentials as policy enforcement for contract negotiation or access control.
This should apply to compliance credentials regardless of the credential subject type (participant or service).
In order to identify these credentials the property credentialSubject.type can be used with the value gx:compliance
As prerequisite, an integrity verification should also be performed in order to know if the subject Verifiable credential (the vc which have been certified as compliant) have been changed or not, which can be done as follows:

• Resolve the id the credential subject, canonize it using the JSON Canonicalization Scheme described here: RFC8785
• Perform a hash on the result using the algorithm provided in the credential subject in the verifiable credential credentialSubject.integrity, a sha256 at this time
• Compare the result from above with the value of the integrity present in the credential

An example of a compliance credential subject:
"credentialSubject": [ { "type": "gx:compliance", "id": "did:web:wizard.lab.gaia-x.eu:development:api:credentials:2d37wbGvQzbAQ84yRouh2m2", "integrity": "sha256-00c7d91bf67242164d72656e1036361f5b9833e3a06fceeea9a1c058ea139777" } ]
A complete VC can be found here

Which Areas Would Be Affected?

For the integrity verification:

• Create a new credential verifier in the identity hub
  For the verification of the presence of the credential or not:
• Create a constraint function in this repository (eclipse-edc/TrustFrameworkAdoption)

Why Is the Feature Desired?

To make it easier for participant in a dataspace to only communicate with gaia-x compliant credential holders

Solution Proposal

A Pull request is already available for the constraint function part.

Type of Issue

New feature

[github-actions]

Thanks for your contribution 🔥 We will take a look asap 🚀