App Store

Secure platform for distributing Data Apps; features different search options (e.g. by functional or non-functional properties, pricing model, certification status, community ratings, etc.).


Organization formally applying for being certified by the Certification Body.


The process of verifying whether a requesting party is allowed to access a resource or system.


Broker Service Provider

Intermediary managing a metadata repository that provides information about the Data Sources available in the International Data Spaces; multiple Broker Service Providers may be around at the same time, maintaining references to different, domain-specific subsets of Data Endpoints.

Building Block

Building blocks are fundamental components that can be implemented and combined in order to achieve functional data spaces. A building block encompasses at least the basic specifications, and evolves in maturity with more detailed specifications, with sample implementations or templates, and with the instructions, training, testing and support elements that are required to facilitate the delivery of the essential ingredients of data spaces.


Certificate Authority

Trusted third-party entity issuing digital certificates (e.g., x509 certificates); may host services to validate certificates issued. (see Identity Provider)

Certification Body

Governance body certifying components and entities seeking admission to the International Data Spaces; aside from having the final word on granting or denying a certificate, it is responsible for maintaining the Certification Scheme (including its catalog of requirements), overseeing and approval of Evaluation Facilities, and ensuring compatibility of evaluation procedures carried out by Evaluation Facilities.

Certification Scheme

Scheme defining the processes, roles, targets, and criteria involved in the certification of components and entities; maintained by the Certification Body.

Clearing House

Intermediary providing clearing and settlement services for all financial and data exchange transactions within the International Data Spaces.


Dedicated communication server for sending and receiving data in compliance with the general Connector specification; different types of Connectors can be distinguished (Base Connector vs. Trusted Connector, or Internal Connector vs. External Connector).


Description of a Connector participating in the IDS for being read by other IDS Participants; created by theData Provider or Data User as the first step of the Connector configuration process; contains information such as the name of the Connector provider or the name of the maintainer, as well as information about the content and type of the data offered or requested, about data communication interfaces, and about usage policies and contracts.




Data App

Self-contained, self-descriptive software package that is distributed via the App Store and deployed inside a Connector; provides access to data and data processing capabilities; the interface of a Data App is semantically described by the IDS Vocabulary.

Data Asset

Content exposed for exchange via Data Endpoints according to a parametrized Data Service interface; Data Assets are expected to be focused, homogeneous, and consistent over time with regard to granularity, coverage, context, data structure, and conceptual classification.

Data Consumer

Core Participant in the International Data Spaces requesting and using data provided by a Data Provider.

Data Endpoint

Data interface for data publication (Data Source) and data consumption (Data Sink), respectively.

Data Exchange Agreement

Contractual agreement between a Data Provider and a Data Consumer regarding the exchange of data in the International Data Spaces.

Data Operation

Method or operation with defined functionality to be invoked on a Data Endpoint.

Data Owner

Core Participant having complete control over the data it makes available in the International Data Spaces; defines the terms and conditions of use of its data.

Data Provider

Core Participant exposing Data Sources via a Connector; a Data Provider may be an enterprise or other organization, a data marketplace, an individual, or a “smart thing”.

Data Sink

Data Endpoint consuming data uploaded and offered by a Data Provider.

Data Source

Data Endpoint exposing data for being retrieved or subscribed to by a Data Consumer.

Data Sovereignty

The capability of an entity (natural person or corporate) of being entirely self-determined with regard to its data.

Demilitarized Zone

A Demilitarized Zone is an IT system (or a part of an IT system) with controlled access.

  • Shortcut: DMZ


Dynamic Attribute Provisioning Service

Issues Dynamic Attribute Tokens (DATs) to verify dynamic attributes of Participants or Connectors.

Dynamic Attribute Token

A JSON Web Token containing signed dynamic attributes for Participants and Connectors.


Evaluation Facility

Governance body providing services related to the certification of components and entities (certification targets) seeking admission to the International Data Spaces; responsible for detailed technical evaluation of targets in consistence with the Certification Scheme and its catalog of requirements; reports evaluation results to the Certification Body.



Concept defining the rights and duties (“rules of the game”) for formal data management, ensuring quality and trust throughout the International Data Spaces; mission critical to the International Data Spaces, as a central supervisory authority is missing.

Graduation Scheme

Structure that consists of rules, processes and evaluation criteria to assess the maturity level of an open source project.


Identity Provider

Intermediary offering services to create, maintain, manage and validate identity information of and for Participants in the International Data Spaces.

Identity Verification

The process of verifying the validity of a supplied identity proof.


IDS Information Model

Set of vocabularies and related schema information for the semantic description of International Data Spaces entities (e.g., Data Endpoints or Data Apps), data provenance, or licensing information; the core IDS Vocabulary is domain-independent; it can be extended and/or reference third-party vocabularies to express domain-specific aspects.

See also:

IDS Communication Protocol

  • IDS-G specification IDSCP (current V.2)

  • Shortcut: IDSCP

IDS Testbeds

Deployments of the IDS Reference Test Bed (with or without modifications), made by third-party organizations that are interested in experimenting with IDS-based solutions. Listed on IDS Reference Test Bed repository.

IDS Deployment Scenario

IDS Deployment Scenario is any implementation made with IDS-compliant components that allows sovereign data sharing (as defined by IDSA), is built with the intention to resolve a problem by means of secure and sovereign data sharing and is adequately documented to enable others to follow the same path. Repository


IDSA Graduation Scheme

Set of rules, processes and evaluation criteria to assess the maturity level of a IDS-related open source project. See IDS Graduation Scheme

IDSA Graduated

The projects that are in the third grade according to the criteria defined in IDS Graduation Scheme See projects page.

IDSA Incubating

The projects that are in the second grade according to the criteria defined in IDS Graduation Scheme See projects page.

IDSA Sandbox

The projects that are in the first grade according to the criteria defined in IDS Graduation Scheme See projects page.

IDSA Portfolio of Building Blocks

Is the catalog of building blocks that lists various components and frameworks that are developed according to IDS principles.


The IDSA Technical Steering Committee.

IDSA-Working Groups

The IDSA Working Groups.


Information Model

  • Information Model The data model of the IDS. It defines all classes, attributes and entities known to the actors in the IDS.

International Data Spaces

Distributed network of Data Endpoints (i.e., instantiations of the International Data Spaces Connector), allowing secure exchange of data and guaranteeing Data Sovereignty.

  • Shortcut: IDS

International Data Spaces Association

Association for the development and maintenance of the IDS-RAM and associated standards, see Executive Summary and IDSA Homepage.

  • Shortcut: IDSA

IDS Reference Architecture Model

Data Exchange and Data Sharing are essential for Data-Driven Business-Ecosystems, as well as the need for Data Sovereignty. The International Data Spaces Reference Architecture Model (IDS-RAM) defines fundamental concepts for Data Sovereignty, Data Sharing and Data Exchange. Focusing on the generalization of concepts, functionality, and overall processes involved in the creation of a secure “network of trusted data”, the IDS-RAM resides at a higher abstraction level than common architecture models of concrete software solutions do. The document provides an overview supplemented by dedicated architecture specifications defining the individual components of the International Data Spaces

The model is made up of five layers: The Business Layer specifies and categorizes the different roles which the Participants of the International Data Space can assume, and it specifies the main activities and interactions connected with each of these roles. The Functional Layer defines the functional requirements of the International Data Spaces, plus the concrete features to be derived from these. The Process Layer specifies the interactions taking place between the different components of the International Data Spaces; it provides a dynamic view of the Reference Architecture Model. The Information Layer defines a conceptual model which makes use of linked-data principles for describing both the static and the dynamic aspects of the International Data Spaces’s constituents. The System Layer is concerned with the decomposition of the logical software components, considering aspects such as integration, configuration, deployment, and extensibility of these components.

In addition, the Reference Architecture Model comprises three perspectives that need to be implemented across all five layers: Security, Certification, and Governance. The Security Perspective defines the common security measures for the International Data Spaces and the concepts for Data Usage Control. The Certification Perspective describes the IDS Certification Scheme as a foundation for every interaction in the IDS. The Governance Perspective describes the Responsibilities of the Roles in the IDS.


JSON Web Token



Meta Data Broker

Minimum Viable Data Space (MVDS)

A minimum viable data space (MVDS) is a combination of components to initiate a data space with just enough features to be usable for secure and sovereign data exchange.




Stakeholder in the International Data Spaces, assuming one or more of the predefined roles; every Participant is given a unique identity by the Identity Provider.

Participant Information Service


Security Profile

Defined set of a Connector’s security properties; specifies several security aspects (e.g., isolation level, attestation, or authentication), expressing the minimum requirements a Data Consumer must meet to be granted access to the Data Endpoints exposed.

System Adapter

Data App used for integration of custom Data Sources and legacy systems with a Connector.


Technical Due Diligence

see Technical Due Diligence)


Usage Contract

Set of rules and conditions regarding one or more transactions in the International Data Spaces.

Usage Control

Usage Policy

Set of rules specified by the Data Owner restricting usage of its data; covers aspects like time-to-live or forwarding conditions (e.g., anonymization or scope of usage); transmitted along with the respective data, and enforced while residing on the Connector of the Data Consumer.


Vocabulary Hub

Server providing maintenance facilities for editing, browsing and downloading vocabularies and related documents; mirrors a set of external third-party vocabularies ensuring seamless availability and resolution.

Last updated

© 2016 – 2024 | All Rights Reserved | International Data Spaces Association