Usage Control

Transparency and self-determination in data handling

The exchange of data between business partners and their processing have increased tremendously over the last few years. In digital value creation, companies repeatedly face the challenge of how to protect their sensitive and business-critical data. Additional requirements such as data protection apply, specified for example by lawmakers. Data sovereignty is essential for trusted digital value creation in compliance with the rules. Comprehensive data sovereignty requires methods and technologies to ensure transparency and informational self-determination in data handling. This essentially encompasses the formalization of usage restrictions (policies) to describe the conditions and requirements for data handling, their organizational and technical enforcement (usage control), and the traceability of data usage (provenance tracking). Usage control extends the classic access control mechanisms and thereby constitutes a paradigm shift in data handling.

The usage control technology is already implemented in the Base Connector and Trusted Connector, and can be used directly. Usage control can be easily integrated by other connectors. The self-descriptions of connectors (including metadata, usage restrictions) are automatically indexed by the broker. A policy editor (Policy Administration Point, PAP) can be used to specify the usage restrictions. Usage restrictions are created based on ODRL (Open Digital Rights Language), and are understood by any usage control technology.

Aside from the technologies to enforce usage restrictions, there are technologies for the traceability of data usage (provenance tracking). They enable the monitoring and transparent representation of data usage.

Usage Control Software

 

LUCON

The standard framework in the Trusted Connector for data usage control within International Data Spaces.

 

MY DATA Control Technologies

MY DATA Control Technologies is a progressive technical implementation for data usage control that is available for all connectors.

 

A domain-specific programming language for the implementation of data usage control in data processing applications.

 

Data Provenance

Cross-connector logging and visualization of data flows and data processing.

Further Documents

 

IDSA webinar series 2018

The webinar lasting about 57 minutes presents the data usage control concept in IDS and the corresponding technologies.

 

Usage Control in the IDS

This document describes the implementation of data usage control in the IDS. It covers the language for the specification of usage restrictions, the various technologies for data usage control and provenance tracking, and their technical integration possibilities. The document is subject to ongoing further development and currently available in version 2.