Building dataspaces

Frameworks, Models and Certification for Dataspaces

Guides to get started building a dataspace

There is not one fixed way to build a dataspace but two organisations provide useful options.

Use case playbook

IDSA

• Getting started: How to build a dataspace?

• Business Models

• Define your use case

• IDSA user group

• Many videos here 

DSSC

• • • Getting started: Dataspaces 101

    • Blueprint for development

    • Business Model building block

    • Use case development building block

    • Governance building block

    • Legal building block

Establishing the rulebook, the mandatory rules and optional guidelines for your dataspace

• IDSA rulebook

• Sitra rulebook

• Dataspace Governance Patterns

• Contractual framework

Open source components

Open source components (Eclipse connector, IDSA test bed Eclipse Dataspace Protocol  Eclipse Decentralised Claims Protocol) 

• IDSA Certification & ISO 27001 alignment)

• Contractual framework DSSC

What is the International Dataspaces Reference Architecture Model (IDS-RAM)?

The International Data Spaces Reference Architecture Model (IDS-RAM) is an abstract model for a generalised dataspace, representing the overall principles of operation, and layers of functionality any dataspace can be expected to encapsulate. It is specific to the International Data Spaces Association (IDSA) vision of dataspaces, but is general enough to be useful for understanding a dataspace of any variety.

Figure 3. Layers of the Reference Architecture Model (RAM) by IDSA

The IDS-RAM looks at 3 perspectives on a dataspace that capture the overarching principles of how a dataspace operates:

Governance

Frameworks and policies to manage data sharing agreements, enforce compliance, and oversee the membership and operations of the dataspace

Certification

Processes and standards for certifying participants and components to verify that any particular implementation encodes the high level conceptual model and ensure compliance with IDS security and interoperability requirements

Security

Measures to protect data during exchange, including encryption, secure communication protocols, identity management, audits and access controls

The IDS-RAM covers 5 layers of a dataspace. These layers group the functions a dataspace provides:

Business layer

Defines the roles and responsibilities of participants in a dataspace, including data owners, data consumers and intermediaries. It also outlines the value proposition, business model, and contractual agreements that govern sharing.

Functional layer

Describes the core services and processes that enable data exchange, data usage control, and data lifecycle management. It includes services for identity management, establishment of trust, data processing and data storage.

Process layer

Focuses on how data is shared, managed and utilised as well as the interactions between participants and the sequence of activities required to complete a data transaction.

Information layer

Defines the structure and semantics of the data exchanged, including data models, metadata, vocabularies, and ontologies that facilitate interoperability and consistent interpretations of data throughout the dataspace.

System layer

Describes the required technical infrastructure, including software components, communication protocols, security mechanisms, data connectors, data endpoints, and integration solutions throughout the dataspace.

What is dataspace certification? What are the benefits?

Certifications provide evidence that a dataspace has met specific requirements as assessed by an independent accredited certification body. As a dataspace matures and grows, a variety of certifications are often sought by participating entities. These certifications may apply to all participants, or may be sought by individual participants. The International Data Spaces Association (IDSA) specifies certifications for both participants and components in a dataspace and at different levels. IDSA certifications tend to closely align with other international certifications such as:

• ISO 27001 for information security management (which is highly compatible and reusable with IDS certification)

• ISO 9001 for quality management systems

• ISO 27701 for privacy information management.

The numerous benefits of dataspace certifications include:

Trust and credibility

According to the IDSA, “[t]he foundation of IDS is trust, which is established through a rigorous, transparent certification process.” IDS certification signals to all data owners, consumers, and other stakeholders that the dataspace adheres to established standards and protocols.

Security assurance

Certified dataspaces are rigorously evaluated for their security measures, reducing the risk of data breaches and unauthorised access. Documentation and setups from ISO 27001 security certifications can be reused within IDS certification.

Regulatory compliance

Certification helps ensure that dataspaces comply with relevant legal and regulatory requirements, minimising legal risks.

Interoperability

Certification promotes the use of standardised protocols, making it easier for different systems and organisations to exchange data within the dataspace.

Data sovereignty

Certification enforces data sovereignty, allowing providers to maintain control over how their data is used and shared.

Operational efficiency

Certified dataspaces follow best practices, improving the efficiency of data management and exchange processes.

Market differentiation

Certification distinguishes a dataspace as a trusted and reliable environment, which can attract more participants.

Facilitating innovation

Certified dataspaces increase the willingness of participants to share data. Certification also ensures provision of a secure environment for collaboration, enabling participants to innovate with confidence.

What are the levels and types of certification?

International Data Space (IDS) certifications provide a structured and progressive approach to signalling levels of trustworthiness in a maturing dataspace with different types and different levels of certifications.

Operational Environment Certification

Figure 5. Participants in IDS can signal one of 6 levels of trustworthiness of the operational environment of the dataspace when all participants‘ demonstrate organisational processes and environments meet one of the three levels of trust and one of the three levels of assurance. Source: IDS-RAM

Component Certification

All IDS components, including hardware, IDS connectors, metadata brokers, apps and services, and the app store can be certified at varying levels.

Figure 6. Components of an IDS can be recognised as being compliant at 6 different levels of trustworthiness depending on compliance with the 3 levels of trust and the 3 levels of assurance. Source: IDS-RAM (recoloured for clarity)