Comment on page
Access and usage control
This building block guarantees enforcement of data access and usage policies defined as part of the terms and conditions established when data resources or services are published (see ‘Publication and Services Marketplace’ building block below) or negotiated between providers and consumers. A data provider typically implements data access control mechanisms to prevent misuse of resources, while data usage control mechanisms are typically implemented on the data consumer side to prevent misuse of data. In complex data value chains, both mechanisms are combined by prosumers. Access control and usage control rely on identification and authentication.
- Access control is a way of limiting access to a system or to physical or virtual resources. In computing, access control is a process by which users are granted access and certain privileges to systems, resources or information.In access control systems, users must present credentials before they can be granted access. In physical systems, these credentials may come in many forms, but credentials that can't be transferred provide the most security.
- Usage Control complements access control with contextual predicates, conditioning the activation of a given privilege, and obligations, i.e., mandatory actions associated to the exercise of a privilege.
- PIP/Directory ServiceWhere does the information come from to evaluate the rules from the policies and where to provide it. (Scope, roles, attributes).
Enforces different data access and usage policies that ensure trustworthiness of data sharing and exchange between participants.
- CoatRack is a third-party backend-to-backend communications framework facilitating API access, monitoring and monetization.
- Deployment of DataSpace Connectors as technical components responsible for the correct sharing of data between a data owner (e.g. wind farm operator) and a data user(e.g. component supplier).
- Integration of the IDSA UPL through a Java Library in DataSpace Connectors for Usage Control Interoperability
- Development, deployment and integration with DataSpace Connectors of a domain-agnostic Wind Farm Ontology WFOnt (https://w3id.org/wfont) for resource description interoperability.
- Development and deployment of a Context-aware policy analysis method that integrated in DataSpace Connectors efficiently ensure policy quality avoiding security breaches in usage control while enhancing its performance.
- Consent Manager: it is a core component of the smashHit platform that includes the functionality regarding the life cycle of the consent certifications. The module interacts closely with the User Administration module since the users are the subject of the contracts. The functions include the consent certification creation, management, consent distribution among the parties.
Enforcing Data Protection Regulations in Health Care Applications. When a company is processing patient records for the sake of accounting an billing as a service to doctors and insurances, it is thus in the interest of the company to ensure that it complies to those regulations.
CoatRack is a third-party backend-to-backend communications framework facilitating API access, monitoring and monetization. CoatRack is a framework to manage backend-to-backend communication via REST services, consisting of: distributed, lightweight API gateways and a centralized web application to generate and manage those API gateways.
CoatRack can facilitate your work if you have existing REST APIs and you want to do one (or more) of the following:
- monitoring the access to your APIs
- authentication/authorization of calls to your APIs via API keys
- monetization of API calls, based on pay-per-call rules or flatrates
- PEP and PDP functions are implemented by API gateways available in the FIWARE Catalogue. The extended version of the Kong API gateway via plugins is recommended.
- Implementation of PAP functions used to manage policies as well as the API to access such policies by PDP functions are implemented by the Keyrock component or any Authorization Registry compliant with iSHARE specifications.
- Portfolio of pioneer use cases relying on the i4Trust framework and the referred access control mechanisms.
KRAKEN project provides a decentralized SSI solution and user centric access control. - SSI mobile app for managing VCs and key material - Ledger USelf broker for SP integration - Backup service allowing the use of sevarl devices

The Ledger uSelf asset (used in KRAKEN project) provides a decentralized SSI solution and user centric access control to the marketplace. The Ledger uSelf comprises an Android SSI mobile app (holders) for users managing VCs issued by trusted entities and key material (decentralized identifiers). Also, it includes a Ledger uSelf broker (server component) for facilitating the SSI integration both with the data providers (isuers) and the Service Providers (verifiers), simplifying the handling of SSI complex protocols and mechanisms. This implementation follows W3C standards and will follow digital wallet specifications from EC (eIDAS regulation).
In the truzzt box your documents are always available for you and you are always in control, not even truzzt has access to your personal documents. As a verified user of your truzzt box you always know who you are dealing with, you only buy from real, verified merchants and personal data will always remain encrypted and safe. Besides. The truzzt box will automatically adapt to your usage with its artificial intelligence.
Companies and organizations as users of the Resilience and Sustainability Dataspace benefit from the data-based approach of a digital infrastructure to integrate decentralized information in a protected virtual space. With this infrastructure users are either able to apply already implemented services or to develop new services supporting our users in order to gain new insights and knowledge about. In the end, this enables users to seamlessly build their own trustworthy resilience and sustainability ecosystems.
Through sensors within washing machines laundry data can be collected, which enables companies to offer their consumers a better utilization of washing machines with additional services. This data is sent to COSMOPlat for optimizing washing programs through ML. The optimized washing programs are sent back to the consumers washing machines to save energy, time, and costs, as well as it reduces the carbon footprint and will lead to longer lasting garments.
- Maintaining a common, well-known definition of at least the main legal terms in the consents which is accessible to all the different actors is, in our opinion, a must for this kind of system. In our case, we have chosen to base the consent manager on top of an ontology (https://smashhiteu.github.io/smashHitCore/) so that most of the process of defining the consent terms (purpose, roles, personal data categories…) is backed by this well-known model
User consent could be included in the used VCs. LedgerUSelf is being evolved with SIOPv2 protocol (https://openid.net/specs/openid-connect-self-issued-v2-1_0.html) to allow integration of existing IAM solutions which support federated identity management protocols (OpenID Connect). This will be relevant for integration of such systems in data spaces initiatives like GAIA-X which is proposing SSI solutions based on SIOP and DID Comm protocols.
Last modified 4mo ago