International Data Spaces
International Data Spaces

MY DATA Control Technologies

General information about MY DATA Control Technologies

MY DATA Control Technologies is a technical implementation of data sovereignty representing an essential component for informational self-determination. The software is based on the IND²UCE framework for data usage control developed by Fraunhofer. MY DATA Control Technologies enforces data sovereignty through intervention in security-related data flows in the connector. This enables the fine-grained masking and filtering of data flows in the connector. Compared to classic access control systems, MY DATA Control Technologies can enforce partial filtering and masking of the data, context and situation-specific restrictions, and limitations on the intended use. Here the compliance with data sovereignty due to changes in data flows is controlled by a policy.

Core functions of MY DATA Control Technologies

MY DATA Control Technologies consists of three core functions:

MY DATA Control Enforcement: MY DATA Control Technologies offers control points for the enforcement of usage restrictions. These are easy to integrate into target systems (such as connectors). Connectors have already been prepared and are easy to extend with MY DATA Control Technologies. Controlled by the usage restrictions, these connectors can filter and mask data. Compliance with the usage restrictions is checked and enforced during all data processing in the connector.
MY DATA Control Technologies also offers the possibility of executing actions by means of additional (external) components, such as notification by e-mail. The functionality of the control points and execution of actions can be extended with plugins.

MY DATA Control Policies: New data usage restrictions can be created at runtime. Among other things, time and frequency-based usage (“Data may only be processed in the connector 5 times within one day”), situation-based usage (“Sensitive data may only be accessed during working hours”), and mask-based usage (“Personal data are masked for the service provider”) can be configured. The MY DATA Control Technologies policies support all usage restrictions that can be defined within International Data Spaces and can be created in a policy editor.

MY DATA Control Management: MY DATA Control Technologies combines the administration of data sovereignty requirements and technical components in a central administration interface. Administration of the policies within the International Data Spaces is realized through the connector.

The modular and component-based structure of MY DATA Control Technologies enables an extension of the functionality (including data modification, execution of actions, and information procurement) in future. MY DATA Control Technologies offers an own software development kit for this purpose, enabling linking and interaction with other systems (such as DAPS, directory services, e-mail).

MY DATA ODRL PAP

A policy editor for the preparation of usage restrictions, for example a Policy Administration Point (PAP) in the XACML terminology, assists data originators and data providers with specifying their conditions and requirements for the use of data. Policy editors generally have a graphical user interface and offer various levels of assistance depending on the user’s state of knowledge. The International Data Spaces lab offers an ODRL policy editor in order to express various usage restrictions within the International Data Spaces.

MY DATA ORDL PAP Screenshot

Difference compared to other IDS usage control technologies

MY DATA Control Technologies has various advantages compared to other usage control technologies available within the IDS. In principle, it is universal in application and not tied to any specific technology. The MY DATA Control Technologies components can be addressed via REST regardless of the technology. The components can also be installed on all operational levels, for example in the operating system, connector, app, and message broker. Thus data can be protected along the entire chain. MY DATA Control Technologies has already proven itself in practice and has a TRL of 8+. Unlike those of other technologies, the MY DATA Control Technologies policies can also refer to the content of messages and even modify this when needed. We are also fully compatible with all known ODRL policies within the IDS. The ODRL policy editor developed by us also facilitates the straightforward specification of policies within the IDS. External systems can be used for decision making by the decision component. The framework is easily extendable in this point, as in many others, so it can be optimally integrated into existing target systems.

Integration into IDS

MY DATA Control Technologies is integrated with the help of the Interceptor design pattern (Interception Pattern) or explicitly called. When Apache Camel for example is used to implement a connector, this can be realized with a Camel Interceptor. In concrete terms, this means the data flow is interrupted and checked by MY DATA Control Technologies during a data transfer between two components. This means checking compliance with and the enforcement of the specified usage restrictions, and where applicable initiating further measures (monitoring, notification, modification). Aside from the Camel Interceptor, there is a usage control app that not only processes the data transfers of the Camel Interceptor but can also be manually built into a route for data processing. Both components are available to you directly for straightforward integration.

Interceptor Pattern

License

MY DATA Control Technologies is free for non-commercial use (such as research). Fraunhofer IESE offers a volume-based licensing model for commercial use. Contact the colleagues at Fraunhofer IESE (see contact information) for a concrete offer and additional services (such as the integration of MY DATA Control Technologies into a connector, integration into apps or your software).

Further information about MY DATA Control Technologies

Further information about MY DATA Control Technologies is found on the MY DATA Control Technologies homepage:

Developers will find more information here:

MY DATA Control Technologies is based on the research results of the data usage control research area which is found under the acronym IND²UCE: