Glossary

Authorization Register

Holds authorization policies for one or more data owners on access to data
Also known as AR-DM, Authorization Register Data Management

BDI Association

Legal entity that serves as an operational anchor for both federated trust/authentication and local onboarding
A BDI Association is the ‘root association’ for its members

BDI Association Administrator

Functionary responsible for operating the services of a BDI Association

BDI Association Register

BDI Authentication Processor

Standard software to make APIs BDI compliant
Processing of part of protocol: client assertion to token

Business Partners

Members of other BDI Associations than the root BDI Association

Business Partner Reputation model

Data Consumer

Requests access to data and/or Representation Register and/or Professional Qualification Register of the data owner
Controls discovery and endpoints
Requests subscription to data owner’s Event Pub/Sub Service, receives and evaluates events

Data Licenses

Descriptions of the terms and conditions for using data
Either in free form text or in ODRL

Data Owner

Has control over data and access to data,
Controls decisions on Data Sovereignty and Trust Sovereignty
Controls authorization policies, representation rules, professional qualification verification of staff and contactors
Controls subscription to the Event Pub/Sub Service and publishing of events to subscribers
Controls discovery and endpoints
Controls roles assumed by entity

Data Service Provider

A service provider that acts under the supervision and on behalf of the data owner

Edge agreements

Standards on interacting with entities and/or persons that have IT systems that are less mature or not BDI-compliant.
Processes, technology, terms and conditions, liabilities

Event Pub/Sub Service

Accepts subscription to the data owner’s Event Pub/Sub Service
Publishes events to subscribers of topics
Holds proof of the (standard) roles the legal entity assumes

Member

Legal entity as member of a root BDI Association

Outsider

Member of a BDI Association other than the root

Policies

XACML definitions of access policies to data elements

Preferred Business Partners

Outsiders
Those who have agreed to the specific terms and conditions of the local BDI Association, which maintains its own Business Partner Reputation Model

Professional Qualifications Register

Holds proof of the professional (verifiable) credentials of natural persons in relation to them acting as a representative of a legal entity

Representation Register

Holds proof of the mandate of natural persons acting as a representative of a specific legal entity
Holds proof of the mandate of organizations acting as a representative of a specific legal entity

Visitor

Outsider with a better reputation score than a set minimum

=====================

Data Governance Act

The Data Governance Act defines specific roles. The match with BDI roles is defined.

Data holder

‘Data holder’ means a legal entity, including public sector bodies and international organizations, or a natural person who is not a data subject with respect to the specific data in question, which, in accordance with applicable Union or national law, has the right to grant access to or to share certain personal data or non-personal data. BDI uses the term data owner for this role.

Data user

‘Data user’ means a natural or legal person who has lawful access to certain personal or non-personal data and has the right, including under Regulation (EU) 2016/679 in the case of personal data, to use that data for commercial or non- commercial purposes. BDI uses the term data consumer for this role.

Data intermediation service

‘Data intermediation service’ means a service which aims to establish commercial relationships for the purposes of data sharing between an undetermined number of data subjects and data holders on the one hand and data users on the other, through technical, legal or other means, including for the purpose of exercising the rights of data subjects in relation to personal data, excluding at least the following:

services that obtain data from data holders and aggregate, enrich or transform the data for the purpose of adding substantial value to it and license the use of the resulting data to data users, without establishing a commercial relationship between data holders and data users;
services that focus on the intermediation of copyright-protected content;
services that are exclusively used by one data holder in order to enable the use of the data held by that data holder, or that are used by multiple legal persons in a closed group, including supplier or customer relationships or collaborations established by contract, in particular those that have as a main objective to ensure the functionalities of objects and devices connected to the Internet of Things;
data sharing services offered by public sector bodies that do not aim to establish commercial relationships;

Clause 3 c shows that the roles of Data Service Provider, Authorization Register, Association Register are not a data intermediation service as defined by the DGA.

Public sector body

‘Public sector body means’ the state, regional, or local authorities, bodies governed by public law, or associations formed by one or more such authorities, or one or more such bodies governed by public law;

Bodies governed by public law

‘Bodies governed by public law’ means bodies that have the following characteristics:

they are established for the specific purpose of meeting needs in the general interest and do not have an industrial or commercial character;
they have legal personality;
they are financed, for the most part, by the state, regional, or local authorities, or other bodies governed by public law, are subject to management supervision by those authorities or bodies, or have an administrative, managerial, or supervisory board, more than half of whose members are appointed by the state, regional, or local authorities, or by other bodies governed by public law;