Selecteer een stuk tekst om voor te lezen   Click to listen highlighted text! Selecteer een stuk tekst om voor te lezen

Policies

In operational data spaces, policies relate to role, (authenticated) organization, and order-dependent authorization of access to data elements.

Example 1: shipments

A container unloaded from a maritime vessel in a port carries several shipments. Each of these shipments has to be declared to customs for import, including all kinds of information about the buyer, producer, trader, price, and other details of the goods, the final destination, and so on.

 

Example 2: container pick-up

A transport company receives an order from the trader to pick up a specific container at the container terminal and transport it to the trader’s warehouse. The transport company and its driver only need a very limited sub-set of information to execute the order.

 

What policies define

The trader’s Authorization Register holds policies that define:

  • the role of transport company for containers, most likely standardized in the community;
  • the data subset this role may access, most likely standardized in the community;
  • and the rule to which this access is limited
    • Transport companies that are registered in the trader’s systems

 

Pre-registration

The order for a pre-registered transport company to pick up a specific container is created in the IT systems of the trader: pre-registration is a standard practice in order to verify the company and register basic data for invoicing and payment. The role of ‘transport for containers’ is added to the registration.

 

Gaining authorization and access

The combination of a registered, authenticated entity with the correct role connected to the order to transport a specific container leads to an authorization to gain access to a specific sub-set of the available data on this container. The Authorization Register’s policies combined with the instance information in the IT systems create the fine-grained access control required.

 

XACML

As a policy language, XACML is suited to these tasks but requires rigorous standardization and good tools for evaluation and maintenance to be effective and practical in real-world applications. Development of these standard roles is parts of the BDI Framework deployment.

 

ODRL

As a policy mechanism in data trading, ODRL allows for machine-readable policies for data usage, supporting automation of contract negotiation. In the BDI framework, this is related to data licenses. In operational data spaces, the policies for data usage (data licenses) are in most cases not used for contract negotiation but for standardizing terms and conditions, such as ‘privacy protected’ or ‘commercially confidential’.

Click to listen highlighted text!