Transaction Author Agreement for the IDunion Test Network
This summary is provided to help you understand your obligations when writing to the IDunion Test Network - it does not have any legal effect or replace the full legal text of the Agreement provided below.
This Agreement grants you permission to write data to the IDunion Test Network under certain terms and conditions.
You represent and warrant that the data you are writing do not violate this Agreement or any applicable laws or infringe the rights of any other party.
You understand the data you are writing to the IDunion Test Network is public and may be permanent and there can be no guarantee of erasure. This includes Public Keys.
If it is determined that the data you wrote violated this Agreement, IDunion can take steps to block them from public access.
IDunion makes no promises about the reliability or correctness of the data being stored on the IDunion Test Network or the operation of the IDunion Test Network.
You understand and acknowledge that the IDunion Test Network is operated in a test environment. IDunion may decide at any given point in time to fork and/or otherwise reset the ledger without incurring any liability vis-à-vis you as participant.
~End of Summary~
This Transaction Author Agreement (the “Agreement”) is entered into on the date of acceptance of this Agreement (the “Effective Date”) between IDunion (as defined in the Annex to this Agreement) on the one hand, and you (“Transaction Author” or “you”), being a legal entity, on the other hand. IDunion and Transaction Author are individually referred to herein as a “Party” and collectively as the “Parties”. All capitalized terms used in this Agreement shall have the meanings given to them in section 1. of the Annex to this Agreement.
Any of your Affiliates are also entitled to write data to the IDunion Test Network, provided that you remain fully liable for your Affiliates' compliance with the terms of this Agreement.
By (i) clicking “Accept” or a similar box indicating acceptance, or (ii) writing Transactions to the IDunion Test Network, Transaction Author agrees to be bound by this Agreement and all terms incorporated by reference. The individual accepting this Agreement on behalf of a company or other legal entity represents that he or she has the authority to bind such entity to the terms of this Agreement. IDunion is entitled to rely on the authority of the individual accepting this Agreement on behalf of the respective company or other legal entity.
WHEREAS, the Transaction Author desires to write Transactions to the IDunion Test Network (each a “Transaction”); and
WHEREAS, IDunion intends to grant permission to the Transaction Author to write Transactions to the IDunion Test Network;
1. Operation of the IDunion Test Network
1.1. Transaction Author acknowledges and agrees that IDunion will:
a) Operate the IDunion Test Network as a pilot version; i.e. “as is”, and does not warrant any kind of availability nor any functions;
b) Make available in its discretion updates and/or versions of the IDunion Test Network modified otherwise;
c) Make each Public Key of a Cryptographic Key Pair of the Transaction Author accessible on the IDunion Test Network;
d) Be entitled to discontinue the operation of the IDunion Test Network at any time in its discretion; and
e) Have no obligation to verify or otherwise ensure the accuracy, reliability or completeness of any information or data obtained or derived through the use ofthe IDunion Test Network, as the IDunion Test Network operates on a distributed network and IDunion does not control the information or data written to the IDunion Test Network.
1.2. The Transaction Author acknowledges and agrees as follows:
a) Public Keys and any data and content relating to the Transactions written by the Transaction Author to the IDunion Test Network may remain on the IDunion Test Network (even after termination of this Agreement) unless it is reset;
b) It is the Transaction Author’s responsibility to ensure the merchantability and/or fitness of the IDunion Test Network for its purpose and the accuracy and completeness of all data on the IDunion Test Network. IDunion shall be entitled to rely on the accuracy and completeness of all data on the IDunion Test Network; and
c) The IDunion Test Network may contain bugs or errors. Any participation in, or use of the IDunion Test Network is at the Transaction Author’s risk.
1.3. Transaction Author acknowledges and agrees that IDunion may reset the IDunion Test Network in whole or in part:
a) as per March 31 and September 30 of each year without any prior notice period to the Transaction Author; and
b) at any given point in time if deemed necessary by IDunion, provided that, to the extent possible, IDunion will inform the Transaction Author in advance by posting a notice on IDunion's website at www.idunion.org.
2. Permission to Write to the IDunion Test Network
2.1. IDunion hereby grants to the Transaction Author a non-exclusive, non-assignable, non- sublicensable, royalty free, revocable license to write Authorized Transactions to and use the IDunion Test Network in accordance with this Agreement.
2.2. A Transaction Author may only write to the IDunion Test Network by using an authorized Transaction Endorser.
2.3. Once an initial Transaction has been written to the IDunion Test Network by the Transaction Author (“Initial Transaction”), the Transaction Author is granted permission to make additional Transactions to update the state of a previous Transaction (“Update Transactions”). An Update Transaction does not remove the Initial Transaction which may remain on the IDunion Test Network unless it is reset.
Transaction Author may make Update Transactions only if the Transaction Author was the author of the Initial Transaction. Update Transactions are Transactions and are subject to all the terms of this Agreement.
3. Transaction Author Obligations
In addition to the obligations as listed in section 2 of the Participants' Technical and Organizational Policies attached hereto as Annex, Transaction Author will:
a) Not write Transactions to the IDunion Test Network containing Personal Data;
b) Only write Authorized Transactions to the IDunion Test Network;
c) Ensure that each Authorized Transaction includes a valid digital signature from the Transaction Author and is submitted to an approved Transaction Endorser for endorsement;
d) Comply with any requirements imposed by the Transaction Endorser on the Transaction Author and any Authorized Transactions endorsed by the Transaction Endorser;
e) Check all information displayed on the IDunion Test Network and originating from Authorized Transactions written by the Transaction Author for accuracy and completeness; and
f) In case of any loss or disclosure of a Private Key, or suspicion of misuse of such Private Key, immediately notify all Transaction Endorsers the Transaction Author is cooperating with under this Agreement.
Unless otherwise agreed between the Parties, no fees are due by the Transaction Author under this Agreement for its use of the IDunion Test Network.
5. Term and Termination
5.1. This Agreement commences on the Effective Date and shall remain in force until terminated by either Party pursuant to this Section 5 (Term and Termination).
5.2. Either Party may terminate this Agreement: (i) if the other Party has materially defaulted in the performance of any of its obligations under this Agreement and has not cured such default within fifteen (15) business days of receipt of written notice from the non-defaulting Party of such default, or (ii) immediately in the event of any government sanctions or other legal measures that make it unlawful for Transaction Author to write Transactions to the IDunion Test Network.
5.3. Additionally, Transaction Author may terminate this Agreement upon 30 days’ advance written notice to IDunion.
5.4. Upon termination of this Agreement,
a) The rights granted to the Transaction Author by IDunion under this Agreement automatically terminate and the Transaction Author will cease any and all use of the IDunion Test Network;
b) IDunion remains entitled to use and store any data and content relating to the Transactions written by the Transaction Author to the IDunion Test Network to the extent necessary to comply with legal requirements; and
c) IDunion remains entitled to use and store any data and content relating to the Transactions written by the Transaction Author to the IDunion Test Network to the extent that IDunion continues to operate the IDunion Test Network or any successor ledger, as the technology of the IDunion Test Network does not allow the deletion of the Transaction Author’s data and content while the IDunion Test Network is in operation.
6. Representations, Warranties and Acknowledgements
6.1. Transaction Author by way of an independent guarantee represents and warrants to IDunion:
a) It has all necessary rights and permissions to write Authorized Transactions;
b) The Transactions written by the Transaction Author do not and will not violate any applicable law;
c) The Transactions written by the Transaction Author will not contain data or information that infringes or misappropriates the intellectual property rights of any third party;
d) The Authorized Users designated by the Transaction Author are authorized to act on the Transaction Author’s behalf in writing Transactions to the IDunion Test Network and only these Authorized Users have access to and can use the Cryptographic Key Pair made accessible to them.
6.2. Transaction Author acknowledges and agrees with IDunion that:
e) the IDunion Test Network operates on a distributed network and that IDunion disclaims any responsibilities with respect to access of data from the IDunion Test Network;
f) IDunion does not control the transfer of data between Validator Nodes and over communications facilities, including the internet, and that the IDunion Test Network may be subject to limitations, delays, and other problems inherent to the use of such communications facilities;
g) the IDunion Test Network is not within the scope of application of GDPR, as long as no Personal Data are written to the IDunion Test Network;
h) IDunion may request the modification, at any time, of the terms of this Agreement based on new information, guidance, or Data Protection Laws; and
i) a Steward and/or IDunion may obscure a Transaction or reset the IDunion Test Network in whole or in part if (i) the Steward or IDunion is required to do so by a court order or applicable law, or (ii) the Steward or IDunion has evidence that the Transaction violates the terms of this Agreement or any applicable law.
7. Limitation of Liability
7.1. The Parties shall be mutually liable without limitation only
a) in the event of willful misconduct or gross negligence,
b) within the scope of a representation or warranty given by way of an independent guarantee by the respective Party,
c) in the event that a defect is maliciously concealed,
d) in case of an injury to life, body or health,
e) according to the German Product Liability Law and any other statutory mandatory circumstances of liability.
7.2. In the event of simple negligence in respect of breaches of essential contractual obligations (i.e. those whose fulfilment is necessary to achieve the objective of the agreement), liability of IDunion shall be excluded, while the liability of the Transaction Author shall be limited to typical and foreseeable damage.
7.3. Transaction Author is solely liable without limitation for any of its acts or omissions arising out of any Personal Data that Transaction Author writes to the IDunion Test Network in breach of this Agreement.
7.4. Any liability for damage which is not covered by subsections 7.1. to 7.3. above shall be excluded.
Transaction Author (the "Indemnifying Party") shall defend IDunion against any claim, demand, suit or proceeding made or brought against them by a third party alleging that the Indemnifying Party's data, infringes such third party's intellectual property rights, or arising from Indemnifying Party’s use of the IDunion Test Network, the IDunion Test Network Software or content in an unlawful manner or in violation of this Agreement, (each an "Indemnifiable Claim"), and shall indemnify IDunion from any damages, attorney fees and costs as a result of, or for any amounts paid by, IDunion under a settlement approved by the Indemnifying Party in writing of an Indemnifiable Claim, unless Indemnifying Party is not responsible for the Indemnifiable Claim, and provided IDunion (a) without undue delay gives the Indemnifying Party written notice of the Indemnifiable Claim, (b) gives the Indemnifying Party sole control of the defense and settlement of the Indemnifiable Claim, and (c) gives the Indemnifying Party all reasonable assistance, at the Indemnifying Party’s expense.
9. Governing Law and Forum
This Agreement (and all non-contractual rights and obligations arising under or in connection with this Agreement) is governed by German law, without reference to its conflict of laws principles. For any dispute or lawsuit arising out of or in connection with this Agreement (including all disputes with regard to non-contractual rights and obligations arising out of or in connection with this Agreement), the courts of Frankfurt/Main shall have jurisdiction.
10.1. Severability. If any provision of this Agreement is held invalid, illegal, or unenforceable, the validity, legality, and enforceability of any of the remaining provisions of this Agreement shall not in any way be affected or impaired.
10.2. Transfer of Agreement. Transaction Author is aware that IDunion intends to establish a European Cooperative Society (SCE) with limited liability under the name of IDunion SCE mit beschränkter Haftung (“IDunion SCE”). IDunion SCE will inform Transaction Author about its foundation without undue delay. Transaction Author hereby acknowledges and agrees that upon foundation of IDunion SCE this Agreement shall automatically be transferred with all rights and obligations from IDunion to IDunion SCE.
10.3. Assignment. Subject to section 10.2 above, neither Party will voluntarily, or by operation of law, assign or otherwise transfer this Agreement without the other Party’s express prior written consent which will not be unreasonably withheld, provided that no such consent is required for an assignment or transfer to a wholly or majority owned subsidiary or to a successor in interest by reason of merger or consolidation or sale of all or substantially all of the assets of such Party relating to the subject matter of this Agreement.
10.4. Entire Agreement. This Agreement, including its Annex incorporated into this Agreement by reference, constitutes the entire agreement of the Parties with respect to the subject matter of this Agreement, and supersedes any and all prior agreements and understandings of the Parties, whether written or oral, with respect to such subject matter. This Agreement supersedes all prior Transaction Author Agreements between IDunion and the Transaction Author with respect to the subject matter hereof.
Participants' Technical and Organizational Policies
1.1. “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
1.2. “Authorized Transaction” means exclusively the following Transaction types that are supported for the IDunion Networks: NYM (for writing a DID), ATTRIB (for writing an Attribute), CLAIM_DEF (for writing a Credential Definition), SCHEMA (for writing a Schema), REVOC_REG_DEF (for writing a Revocation Registry Definition), and REVOC_REG_ENTRY (for writing a Revocation Registry Entry).
1.3. “Authorized User” means any individual (i) employed or otherwise engaged by a Participant, and (ii) authorized by the Participant to use or operate the IDunion Networks on Participant's behalf, and (iii) to which the Participant has made accessible a Cryptographic Key Pair for using the IDunion Networks on behalf of the Participant.
1.4. “Cryptographic Key Pair” means a pair of cryptographic keys used for asymmetric cryptography, consisting of a Public Key and a Private Key, which is required for access authentication to the IDunion Networks.
1.5. “Data Protection Laws” means the GDPR and any other data protection and privacy laws, regulations, and regulatory requirements applicable to a party under this Agreement.
1.6. “DID” means a decentralized identifier.
1.7. “GDPR” means the General Data Protection Regulation (EU) 2016/679 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC, and any amendment or replacement to it.
1.8. “IDunion” is the operator of the IDunion Networks, consisting of the following consortium partners:
Robert Bosch GmbH,
Technische Universität Berlin,
Westfälische Hochschule, Gelsenkirchen Bocholt Recklinghausen (durch ihre ausführende Stelle Institut für Internet-Sicherheit),
Stadt Köln – Amt für Informationsbearbeitung,
GS1 Germany GmbH,
YES IDP GmbH,
Deutsche Telekom AG - T-Labs,
ING-DiBa AG, and
DB Systel GmbH.
1.9. “IDunion Ecosystem” means the Executive Board, Supervisory Board, Policy Board, Technical Steering Committee, Advisory Board and any other current or future official board of IDunion SCE.
1.10. “IDunion Networks” means the IDunion Test Network and any other publicly readable distributed ledger with permissioned write access operated now or in future by IDunion, which is based on the open-source frameworks Hyperledger Aries and Hyperledger Indy.
1.11. “IDunion Networks Software” means the software required for the operation of the IDunion Networks, including the software required for the operation of a Validator Node; the IDunion Networks Software may be updated or modified otherwise by IDunion at any given point in time.
1.12. “IDunion Open Source Code” means an open source code approved by the IDunion Ecosystem.
1.13. “IDunion SCE” shall mean a European Cooperative Society (SCE) with limited liability
to be established under the name of IDunion SCE mit beschränkter Haftung.
1.14. “IDunion Test Network” is a publicly readable distributed ledger with permissioned write access operated by IDunion for test purposes, which is based on the open-source frameworks Hyperledger Aries and Hyperledger Indy.
1.15. “Malicious Code” means code, files, scripts, agents or programs appropriate to harm the IDunion Networks, including, for example, viruses, worms, time bombs and Trojan horses.
1.16. “Node” means a Validator Node and any other kind of node operated now or in future on the IDunion Networks.
1.17. “Participant” means any of Transaction Authors, Transaction Endorsers, Stewards and Trustees as participant in the IDunion Networks.
1.18. “Participant Agreement” means any of a Transaction Author Agreement, a Transaction Endorser Agreement, a Steward Agreement or a Trustee Agreement entered into between a Participant and IDunion.
1.19. “Personal Data” means information that relates, directly or indirectly, to a data subject, including without limitation, names, email addresses, postal addresses, identification numbers, location data, online identifiers or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the data subject.
1.20. “Private Key” means the secret component of a pair of cryptographic keys used for asymmetric cryptography and required for access authentication to the IDunion Networks in combination with the Public Key derived from such secret component.
1.21. “Process” or “Processing” means any operation or set of operations which is performed on Transactions data, whether or not by automated means, such as the access, collection, use, storage, disclosure, dissemination, combination, recording, organization, structuring, adaption, alteration, copying, transfer, retrieval, consultation, disposal, restriction, erasure and/or destruction of Transactions data.
1.22. “Public Key” means the published component of a pair of cryptographic keys used for asymmetric cryptography, and required for access authentication to the IDunion Networks in combination with the Private Key from which such published component has been derived.
1.23. “Steward” means an organization approved by IDunion to operate a Validator Node on the basis of a Steward Agreement.
1.24. “Transaction” means a record of any type written to the IDunion Networks.
1.25. “Transaction Author” means an organization admitted by IDunion on the basis of a Transaction Author Agreement to write Authorized Transactions to the IDunion Networks.
1.26. “Transaction Endorser” means an organization admitted by IDunion on the basis of a Transaction Endorser Agreement to endorse Transactions submitted by a Transaction Author to the IDunion Networks.
1.27. “Trustee” means any full member (Vollmitglied) of IDunion SCE whose corporate body (Organträger) or employee has been elected to the Supervisory Board of IDunion SCE. The Trustee’s function is to (i) act as “Trustee” in the IDunion Networks (which includes e.g. the promotion of new Trustees and the implementation and adjustment of the rules of the IDunion Networks) and (ii) perform the obligations under the Trustee Agreement (which includes e.g. the implementation of the decisions of the Supervisory Board of IDunion SCE).
1.28. “Validator Node” means a computer containing any information required for the validation of the rules of consensus of the IDunion Networks and which is able to share its resources with nodes operated by other Stewards within the IDunion Networks.
2. Participants' Obligations
Each Participant will:
2.1. Establish at its own expense all technical prerequisites (hardware, software and telecommunications) in its area of responsibility to use the IDunion Networks in accordance with its respective Participant Agreement;
2.2. Immediately inform IDunion in writing (including e-mail) as soon as it becomes aware of a malfunction of the IDunion Networks or an IT security relevant event with respect to the IDunion Networks;
2.3. Support IDunion in solving technical problems of the IDunion Networks to the extent possible and reasonable;
2.4. Designate its Authorized Users with due diligence;
2.5. Ensure - and be responsible for - compliance with the respective Participant Agreement by all Authorized Users;
2.6. Take appropriate administrative and technical security measures to protect access to the IDunion Networks and to protect the security, confidentiality and integrity of all Transactions originating from the IDunion Networks;
2.7. Ensure strict confidentiality of Private Keys by using security methods for storage of and access to both Private Keys and login data required for access to Private Keys complying with highest industry standards and, in case of the IDunion Test Network, industry standards;
2.8. In case of loss or disclosure of a Private Key, or suspicion of misuse of such Private Key, immediately notify IDunion by e-mail at email@example.com and refrain from any further usage of such Private Key; and
2.9. Verify that all Public Keys allocated to a Participant are publicly accessible on the IDunion Networks.
3. Restrictions of Use
Participant will not
3.1. Write, endorse or validate any Transactions or otherwise use the IDunion Networks or Transactions written to the IDunion Networks in a manner that violates this Agreement or any applicable laws;
3.2. Write, endorse or validate any Transactions containing Personal Data;
3.3. Use the IDunion Networks in a manner that may interfere with the use of the IDunion
Networks by any other Participants;
3.4. Attempt to circumvent security measures of the IDunion Networks or the IDunion Networks Software; and
3.5. Transmit, publish or distribute on or through the IDunion Networks any Malicious Code or other harmful computer software (or material associated with such software).