# Roles

{% hint style="info" %}
***This page must be considered part of the iSHARE Framework***

*This page is considered normative and is therefore compliant with RFC 2119.*
{% endhint %}

One of the iSHARE Trust Framework's core features is its description of functional roles. These roles represent the different ways organisations can interact with each other. To assure federation of all aspects, and no single points of ‘failure’ or ‘power’ in the structure, all roles are defined and can be executed by multiple parties.

### Role definition

The principle of a role is that its execution can be done by the same legal entity, but the interface specification assures that always level playing field / federation is possible. The Trust Framework introduces two core role types: "Adhering Parties" and "Certified Parties”

**"Adhering parties"** directly engage with data and include:

* [Entitled party](https://dev.ishare.eu/version-2.1.1/entitled-party/getting-started): Organisations with rights to access specific services or data.
* [Service Provider:](https://dev.ishare.eu/version-2.1.1/service-provider-role/getting-started) Organisations offering services for consumption.
* [Service Consumer](https://dev.ishare.eu/version-2.1.1/service-consumer-role/getting-started): Organisations using services provided by service providers.

**"Certified Parties"** are certified to facilitate trusted exchanges between Adhering Parties. They encompass these specific roles:

* [Participant Registry (former name: iSHARE Satellite)](https://gitlab.com/ishare-foundation/cab/developer-portal/-/blob/v2.1.1/ishare-participant-registry-role/getting-started.md): Organisations responsible for onboarding participants and trust assurance.
* [Authorisation Registry](https://dev.ishare.eu/version-2.1.1/authorisation-registry-role/getting-started): Organisations providing Authorisation registry services.
* [Identity Provider](https://dev.ishare.eu/version-2.1.1/identity-provider/getting-started): Organisations offering identification services for humans.
* Identity Broker: Organisations serving as intermediaries between Service Providers and Identity Providers.

### Role identifiers

In certain situations, a role identifier is used to identify the [role(s) of a participant](https://framework.ishare.eu/main-aspects-of-the-ishare-trust-framework/framework-and-roles). For this purpose, the Trust Framework specifies the following identifiers:

| Role identifier                                         | Role                                                |
| ------------------------------------------------------- | --------------------------------------------------- |
| ServiceConsumer                                         | Service Consumer                                    |
| ServiceProvider                                         | Service Provider                                    |
| EntitledParty                                           | Entitled Party                                      |
| AuthorisationRegistry                                   | Authorisation Registry                              |
| IdentityProvider                                        | Identity Provider                                   |
| IdentityBroker                                          | Identity Broker                                     |
| ParticipantRegistry (former identifier iShareSatellite) | Participant Registry (former name iSHARE Satellite) |