Access and usage control

• Access control is a way of limiting access to a system or to physical or virtual resources. In computing, access control is a process by which users are granted access and certain privileges to systems, resources or information.In access control systems, users must present credentials before they can be granted access. In physical systems, these credentials may come in many forms, but credentials that can't be transferred provide the most security.

• Usage Control complements access control with contextual predicates, conditioning the activation of a given privilege, and obligations, i.e., mandatory actions associated to the exercise of a privilege.

• PIP/Directory Service

  Where does the information come from to evaluate the rules from the policies and where to provide it. (Scope, roles, attributes).

• Access Control

• Usage Control

• Policy rules definition language

• Enforcement of policy rules

• Policy administration and management

• Definition of credentials / roles

• Usage Control for data sovereignty

• Blockchain Framework

• HW Wallet

• Explicit-User consent

• Backplane API

• IDSA and GAIA-X standards

• ADVANEO's Trusted Data Hub

• IDS Components: broker, connector, clearing house and app provider

• COSMOPlat

• IDS connector

• RFID sensor

• CoatRack is a third-party backend-to-backend communications framework facilitating API access, monitoring and monetization.

• iSHARE Open Source Authorisation Registry and Authorization exchange structure.

  • Based on the Trust framework validated participants, parties can authorise each other data services (access control).

  • Based on explicit consent, and with licenses that are providing usage control, the licenses organise the usage control from a legal perspective and form the foundation also for technical usage control.

• Deployment of DataSpace Connectors as technical components responsible for the correct sharing of data between a data owner (e.g. wind farm operator) and a data user(e.g. component supplier).

• Integration of the IDSA UPL through a Java Library in DataSpace Connectors for Usage Control Interoperability

• Development, deployment and integration with DataSpace Connectors of a domain-agnostic Wind Farm Ontology WFOnt (https://w3id.org/wfont) for resource description interoperability.

• Development and deployment of a Context-aware policy analysis method that integrated in DataSpace Connectors efficiently ensure policy quality avoiding security breaches in usage control while enhancing its performance.

• A XACML-like architecture comprising PEP, PDP, PAP, PIP functions is implemented for access control.

- Consent Manager: it is a core component of the smashHit platform that includes the functionality regarding the life cycle of the consent certifications. The module interacts closely with the User Administration module since the users are the subject of the contracts. The functions include the consent certification creation, management, consent distribution among the parties.

• Ledger uSelf

• Decentralized SSI solution

• User centric access control to marketplace

Enforcing Data Protection Regulations in Health Care Applications. When a company is processing patient records for the sake of accounting an billing as a service to doctors and insurances, it is thus in the interest of the company to ensure that it complies to those regulations.

CoatRack can facilitate your work if you have existing REST APIs and you want to do one (or more) of the following:

• monitoring the access to your APIs

• authentication/authorization of calls to your APIs via API keys

• monetization of API calls, based on pay-per-call rules or flatrates

• There are many existing usage of the iSHARE Framework already, with data of more than 1,5 million organisations being available today to authorise in line with the data governance act.

KRAKEN project provides a decentralized SSI solution and user centric access control. - SSI mobile app for managing VCs and key material - Ledger USelf broker for SP integration - Backup service allowing the use of sevarl devices

The Ledger uSelf asset (used in KRAKEN project) provides a decentralized SSI solution and user centric access control to the marketplace. The Ledger uSelf comprises an Android SSI mobile app (holders) for users managing VCs issued by trusted entities and key material (decentralized identifiers). Also, it includes a Ledger uSelf broker (server component) for facilitating the SSI integration both with the data providers (isuers) and the Service Providers (verifiers), simplifying the handling of SSI complex protocols and mechanisms. This implementation follows W3C standards and will follow digital wallet specifications from EC (eIDAS regulation).

Through sensors within washing machines laundry data can be collected, which enables companies to offer their consumers a better utilization of washing machines with additional services. This data is sent to COSMOPlat for optimizing washing programs through ML. The optimized washing programs are sent back to the consumers washing machines to save energy, time, and costs, as well as it reduces the carbon footprint and will lead to longer lasting garments.

CoatRack facilitates the monetisation by API access control and monitoring, without determining the data format of content exchanged as long as the services are based on REST calls.

• The Authorisation registry role is a federated role, open to data spaces to set this up specifically for specific data spaces. The role is open for organisations to either set it up themselves, but there is a growing market of market players providing commercial authorisation registry services.

- Maintaining a common, well-known definition of at least the main legal terms in the consents which is accessible to all the different actors is, in our opinion, a must for this kind of system. In our case, we have chosen to base the consent manager on top of an ontology (https://smashhiteu.github.io/smashHitCore/) so that most of the process of defining the consent terms (purpose, roles, personal data categories…) is backed by this well-known model

The use of a SSI SDK already developed by Atos, which simplifies the embedding SSI solution, will be helpful for integrating the SSI solution with marketplace apps or legacy access systems.

Evolution of the FIWARE open source components used in the framework to support ABAC based on claims of Verifiable Credentials supported by issuers of requests is under way.

We have not seen a clear block or feature devoted to manage the consent but we think that this is important in an Access and Usage Control, this is the reason we have added the consent Manager component, to complement the description of the Building Block

User consent could be included in the used VCs. LedgerUSelf is being evolved with SIOPv2 protocol (https://openid.net/specs/openid-connect-self-issued-v2-1_0.html) to allow integration of existing IAM solutions which support federated identity management protocols (OpenID Connect). This will be relevant for integration of such systems in data spaces initiatives like GAIA-X which is proposing SSI solutions based on SIOP and DID Comm protocols.

You can find information in the following document https://smashhit.eu/public-report-d1-3-public-innovation-concept/ The SmashHit Guidelines will be able to find online very soon, currently in progress.

-Kraken project deliverable D3.2 Self-Sovereign Identity Solution Final Release. -DE4A project deliverable D5.8 Final Release of DE4A Self-Sovereign Identity Supporting Framework