A NEW IDEA FOR SHARING DATA - INTRODUCTION TO INDUSTRIAL DATA SPACEWEBINAR

BY LARS NAGEL, SEBASTIAN STEINBUSS AND THORSTEN HUELSMANN, INDUSTRIAL DATA SPACE ASSOCIATION

INDUSTRIAL DATA SPACE

AN ECONOMIC ASSET

DATA

The key focus for a data-driven economy and

new business models is in linking data.

SENSOR DATAMATERIAL CHARACTERISTICSMOBILITY DATAFINANCIAL DATATECHNICAL DRAWINGS

Interoperability

Data Exchange

»Sharing Economy«

Data CentricServices

Data Ownership

Data Security

Data Value

WITHOUT REGRET

COMPANIES WANT TO LINK DATA

www.industrialdataspace.org // 4

‘‘HOW TO‘‘ DATA ECONOMYUNLEASH THE VALUE OF YOUR DATA

1. Make data available

2. Link with ecosystem partners

3. Control the access to your data

4. Create value

www.industrialdataspace.org

INDUSTRIAL DATA SPACE APPROACH:

// 5

SELF DETERMINED CONTROL OF DATA FLOWS

Endless Connectivity

standard for data flows between

all kinds of data endpoints

Trust between different security domains

Comprehensive security functionsproviding a maximum level of trust

Governance for thedata economy

usage control and enforcementfor data flows

www.industrialdataspace.org // 6

TO DO LISTINDUSTRY 4.0 AND DATA ECONOMY

Everything needs to be secure

• Authentification & Authorisation

• Usage Policies & Usage Enforcement

• Trustworthy Communication

• Security by Design

• Techn. Certification

SECURITY

Connection of every data endpoint

• Integration of existing vocabularies

• Using different data formats

• Connection of clouds and platforms

STANDARDIZEDCONNECTIVITY Data is being traded as an asset

• Clearing & Billing

• Domain specific Broker and Marketplaces

• Use Restrictions and Legal Aspects (Contract Templates, etc.)

DATA MARKETS

Being able to explain, find and understand data

• Data source description

• Brokering

• Vocabulary

ECOSYSTEM OF DATA

Typical tasks can be solved easier with apps

• Processing of Data

• Remote Execution

VALUE ADDING APPS

Trust is the basis of the IDS

• Identitymanagement

• User-certification

TRUST

1 2 3

4 5 6

www.industrialdataspace.org // 7

80+Companies andOrganisations

5Working Groups

20+Use

Cases

1Ecosystem

=

www.industrialdataspace.org // 8

MILESTONES REACHEDAND NEXT STEPS

ARCHITECTURE

Release of thereference architecture

model 2.0 on Hannover Fair

INTERNATIONAL

Members all over theworld, connecting withimportant initiatives,

major european RTOs, intense engagement in

european researchactivities

STANDARD

Foundation of a workinggroup at DIN to

create a DIN specification for the IDS

connector

GO LIVE

Ecosystem potentiallyrunning, first products,

enhancing global adoption

www.industrialdataspace.org // 9

OUR USE CASES MAKE IT HAPPENADOPTION OF INDUSTRIAL DATA SPACE

Build up an ecosystem by integrating further partners (also from different domains)

Setup use cases to validate and implement Industrial Data Space technology

Each member of the associationrealizes a business driven use case

!

!+

++

// 10

JOIN US !LARS NAGEL

MANAGING DIRECTORINDUSTRIAL DATA SPACE ASSOCIATION

WWW.LINKEDIN.COM/IN/LARS-NAGEL-704411B8/

JOSEPH-VON-FRAUNHOFER-STR. 2-444227 DORTMUND | GERMANY

+49 231 9743 619INFO@INDUSTRIALDATASPACE.ORG

@ids_association#industrialdataspace

www.industrialdataspace.orgRessource Hub – Press Area – Blog

// 11

INDUSTRIAL DATA SPACE

BASIC IDEAS OF THEIDS ARCHITECTURE

www.industrialdataspace.org // 12

ARCHITECTURE FOR DATA AND DATA SERVICESAN INFRASTRUCTURE FOR ALL INDUSTRIES AND DOMAINS

AutomotiveElectronics

and IT Logistics Retail and Food Health… (other

Industries)

Smart-Service-Scenarios

Service and product innovations

»Smart Data Services« (alerting, monitoring, data quality etc.)

»Basic Data Services« (information fusion, mapping, aggregation etc.)

Internet of Things ∙ broad band infrastructure ∙ 5G

Real Time Area ∙ sensors, actuators, devices

Arc

hitectu

rele

vel

INDUSTRIAL DATA SPACE

www.industrialdataspace.org // 13

INDUSTRIAL DATA SPACEP2P NETWORK OF TRUSTED DATA

Security

Data

exchange

TrustCertified

Participants

DecentralApproachdistributed architecture

Sovereigntyover data

and services

Data Governance“rules of the game”

Economies of scale

Networking effects

Open Approach

Neutral and user-driven Network

of platformsand services

• All actors oblige

themselves to play by the

rules of Industrial Data

Space

• Actors and technical

components are to be

certified

• We provide usage control

for data and different

tailor-made levels of trust

www.industrialdataspace.org // 14

A TRUSTED PEER TO PEER NETWORKFOR ALL INDUSTRIES TO SHARE DATA

Software components enable all stakeholders (defined roles) to participate in IDS

The quantity of all (external) IDS connectors defines the Industrial Data Space

Internal IDS connectors are used to link data sources in the company, to transform and to improve them.

© Fraunhofer

www.industrialdataspace.org // 15Source: Fraunhofer – IDS Reference Architecture, 2017

INTERACTION OF SYSTEMSBrokerApp

Store

Data Source Connector

Data Provider Data Consumer

Dataset(s) transferred from Provider to Consumer

Metadata Description ofDatasets/Provider/Consumer

Application for specific datamanipulation

Data exchange (active)

App download

Metadata exchange

Data exchange (inactive)

Connector Data Sink

Connector

MetaMeta

MetaMeta

Meta

Peer-to-peernodes

App

Data

Meta

AppApp

App

App

Data

Meta

Connector: Gives access to the Industrial Data Space

Broker: Manages Metadata of Connectors and Participants

AppStore: Provides Apps and Vocabularies

www.industrialdataspace.org // 16

REFERENCE ARCHITECURE OF A CONNECTOR

Execution Core Container: Basic functionality for connectivity

App Store Container: Environment for Custom Apps to extend functionality

Custom Container: Adapter for internal systems

Configuration ManagerEnvironment for Configurations, e.g. Process based, Rules oriented

www.industrialdataspace.org // 17Source: Fraunhofer – IDS Reference Architecture, 2017

REFERENCE ARCHITECURE OF A CONNECTORINDIVIDUAL SETUP WITH APPS

Application Container Management

Core OS

Core IDS Container

API for user defined containers

(e.g. Data Apps, System Adapters)

Virtualization

Mes

sage

Han

dlin

g

Message Router

Message Bus

…

IDS Data Core (e.g. IDS Vocabulary,

GS1 XML)

Data App

(e.g. Protocol Transformation)

Data App

(e.g. Data Transformation)

Data App(e.g.

pseudonymization)

Data App

(e.g. Aggregation)

Data App

(e.g. Analytics)

Data App(e.g. I18N)

www.industrialdataspace.org // 18

DATA EXCHANGE

Big Data Analytics

App (Trusted)

Metatag App

Application Container Management

Core OS

Core IDS Container

Application Container Management (Trusted)

Core OS (Trusted)

Core IDS Container (Trusted)

Data Consumer

Connec-tivity App

Encrypted Connection

Query

Authentication and Authorization

Data

Faci

lity

Qu

ery

Dat

a

Result

InternalInterface

Data Provider

• Data Consumer queries data from Data Provider

• Data Provider validates the query and provides data for Data Consumer

• Data Consumer has access to the result, depending on data visibility

www.industrialdataspace.org // 19

REMOTE DATA PROCESSING

Application Container Management (Trusted)

Core OS (Trusted)

Core IDS Container (Trusted)

Application Container Management (Trusted)

Core OS (Trusted)

Core IDS Container (Trusted)

Data Consumer Data Provider

Connec-tivity App

Encypted Connection

Query

Authentication and Authorization

Result

Faci

lity

Qu

ery

Dat

a

Result

InternalInterface

RemotelyExecuted

App (Trusted)

App provisioning

Data

• Data Consumer queries data from data provider and provides App (e.g. analytics)

• Data Provider queries data and provides data to localy provided App

• The result set leaves the connector of the Data Provider and is availablefor the Data Consumer

www.industrialdataspace.org // 20Source: Fraunhofer – IDS internal documentation, tobe published in Reference Architecture 2018

DATA USAGE CONTROLUSAGE CONTROL VS. ACCESS CONTROL

Usage Control – a generalization of access control

Fine-grained policies specify how data is handled after access has been granted

www.industrialdataspace.org // 21Source: Fraunhofer – IDS internal documentation, tobe published in Reference Architecture 2018

DATA USAGE CONTROLBULDING BLOCKS

Enforcement (technology-dependent components)

Policy Enforcement Point (PEP): intercepts data flows and enforces decision from PDP

Policy Execution Point (PXP): performs actions in the system

Decision and Enforcement (technology-independent components)

Policy Decision Point (PDP): decision engine (e.g., rule based)

Policy Information Point (PIP): provides additional information for decision making

Specification and Management

Policy Management Point (PMP): manages policies and components

Policy Administration Point (PAP): user interface for policy specification (e.g., Policy Editor)

www.industrialdataspace.org // 22Source: Fraunhofer – IDS internal documentation, tobe published in Reference Architecture 2018

DATA USAGE CONTROLTECHNICAL ENFORCEMENT, ORGANIZATIONAL RULES, AND LEGAL CONTRACTS

Usage Control extends, substitutes, and completes organizational rules/legal contracts

Long term: replacement of organizational rules / legal contracts by technical enforcement

www.industrialdataspace.org // 23Source: Fraunhofer – IDS internal documentation, tobe published in Reference Architecture 2018

DATA USAGE CONTROLENFORCEMENT EXAMPLE

PEP and PXP within IDS Connector

PEP controlling data flow

PXP triggering delete action

www.industrialdataspace.org // 24Source: Fraunhofer – IDS internal documentation, tobe published in Reference Architecture 2018

DATA USAGE CONTROLUSAGE CONTROL TECHNOLOGIES IN THE INDUSTRIAL DATA SPACE Integrated Distributed Data Usage Control

Enforcement (IND²UCE)Fraunhofer IESE

Label-based Usage Control (LUCON) Fraunhofer AISEC

Information Flow Tracking (IFT)/ Provenance TrackingFraunhofer IOSB

www.industrialdataspace.org // 25Source: Fraunhofer – IDS Reference Architecture, 2017

IDENTIFICATION PROCESSTHE IDS HANDSHAKE

Prerequisites:Certification ofParticipants and Connectors

Handshake:1. Establish Secure connection

based on IDS X.509 certificates2. Request Self Assessment (IDS InfoModel)3. Validate against Identity Provider4. Check if partner is trustworthy5. Check if provided data is consumable6. Exchange data

www.industrialdataspace.org // 26Source: Fraunhofer – IDS internal documentation, tobe published in Reference Architecture 2018

IDS APITHE IDS PROVIDES AN API FOR YOUR API

www.industrialdataspace.org // 27Source: Fraunhofer – IDS internal documentation, tobe published in Reference Architecture 2018

INDUSTRIAL DATA SPACE INFORMATION MODELHIGH LEVEL VIEW / DOMAINS

www.industrialdataspace.org // 28Source: Fraunhofer – IDS internal documentation, tobe published in Reference Architecture 2018

INDUSTRIAL DATA SPACE INFORMATION MODELDATA PRODUCTS

www.industrialdataspace.org // 29Source: Fraunhofer – IDS internal documentation, tobe published in Reference Architecture 2018

INDUSTRIAL DATA SPACE INFORMATION MODELHERE IS YOUR API

www.industrialdataspace.org // 30

SECURITY PROFILESAPPROACH

1. Use Cases:Driven by Use Cases

2. DimensionsIdentified:• Development• Roles• Communication Abilities• Higher Security Classes

3. Security ProfilesImportant Insights:• 4 Profiles Base Free, Base, Trust, Trust+• All Connectors (not Base Free) can communicate in public IDS• Base Free is public available

Dev

elo

pm

ent

Higher Security Classes

Tru

st+

Tru

st

Bas

e

Bas

e Fr

ee

Public IDSDIY

www.industrialdataspace.org // 31

SECURITY PROFILESBASE FREE, BASE, TRUST, TRUST+

Base Free Base Trust (Managed)Trust+

Reference Development

Open Source IDS Community IDS Community Bound to strong SLAs

Roles Own infrastructure All IDS Roles supported, Billing and Clearing optional

All IDS Roles supported All IDS Roles supported

Communication Abilities

Only private IDS with self signed certificates

Full interoperable, reduced trust

Full interoperable, Free decision of communication

Full interoperable, Free decision of communication, Hardware anchor

Higher Security Classes

Standard Security Level required

Standard Security Level required

High Security Level Higher Security Level

// 32

JOIN US !SEBASTIAN STEINBUSS

LEAD ARCHITECTINDUSTRIAL DATA SPACE ASSOCIATION

WWW.LINKEDIN.COM/IN/SEBASTIAN-STEINBUSS/@SSTEINBUSS

JOSEPH-VON-FRAUNHOFER-STR. 2-444227 DORTMUND | GERMANY

+49 231 97677 428SEBASTIAN.STEINBUSS@INDUSTRIALDATASPACE.ORG

@ids_association#industrialdataspace

www.industrialdataspace.orgRessource Hub – Press Area – Blog