Organizational Agreements

Certification

Trust is the essential element in data spaces to overcome the reluctance to share data for fear of misuse and security concerns.

Functional requirements are an element of trust and are investigated from the functional perspective, clarifying responsibilities and mechanisms in Chapter 3. This chapter discusses the operational implications using IDS Certification as an example.

Chapter 3 mentions two important aspects: The first is the data space authority (DSA), which ensures trust in a data space. The second is the system enabling it, the attribute-based trust mechanism, which is based on the fundamental concepts of trust anchor and trust framework. The first term refers to the entity that issues certifications about an attribute, the second to the rules imposed by the trust anchor to comply with its policies in order to be eligible for its attribute verification. Deciding which trust anchors and trust frameworks and, therefore which rules and procedures to use for issuing and validating attributes, is the task of the data space authority.

Based on the trust framework(s) selected, each data space specifies the minimum set of attributes that a participant must meet to be considered a trusted party (see also the data space self-description mentioned in Chapter 3). Based on this, each new potential member has to provide these attributes in its participant self-description to be accepted.

The DSSD must also contain clear information on which trust anchors and trust frameworks are acceptable as roots of trust within the data space, so a potential participant can decide whether to trust the data space and its members.

The example of IDS Certification

For the scenario described above, the IDS Certification Scheme developed by the IDSA is one available trust framework.

The trust anchor of this framework is called certification body and is a neutral party issuing certification for specific attributes. The responsibility for the certification body is taken on by a part of the IDSA head office and by additional experts hired specifically for this purpose. There are two attributes in the IDS Certification trust framework: component certification and operational environment certification.

Component certification concerns all components described in the IDS-RAM, both essential and non-essential, and ensures their required functionality and security. Operational environment certification refers to the trustworthiness of the physical environment in which the components run, as well as the processes and organizational rules there.

Both types of certifications have different options to meet the data sharing needs of companies. These options refer to the trust levels, which reflect the extent of functionalities and requirements covered, and to the assurance levels, which refers to the method to evaluate compliance. The simplest assurance levels are based on a self-assessment mechanism, while the more advanced assurance levels require a third-party assessment of components or operational environments. This third-party compliance check is performed by the evaluation facilities, which are specifically approved to offer this service. The approval process is defined by the IDSA certification working group.

All the details on the IDS Certification scheme, the trust and assurance levels for component certification and operational certification, the certification criteria, and the process to approve the evaluation facilities are provided in Chapter 4.