Industrial Data Space Association is an industry and user driven initiative to develop a global Industrial Data Space standard and reference architecture which provides data sovereignty. The work bases on use cases and supports certifiable software solutions and business models for the data economy. The Webinar by Lars Nagel and Sebastian Steinbuss gives and overview to the Industrial Data Space initiative and explains the Reference Architecture and ist main components.
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
Webinar Industrial Data Space Association: Introduction and Architecture
1. A NEW IDEA FOR SHARING DATA - INTRODUCTION TO INDUSTRIAL DATA SPACE
WEBINAR
BY LARS NAGEL, SEBASTIAN STEINBUSS AND THORSTEN HUELSMANN, INDUSTRIAL DATA SPACE ASSOCIATION
INDUSTRIAL DATA SPACE
2. AN ECONOMIC ASSET
DATA
The key focus for a data-driven economy and
new business models is in linking data.
SENSOR DATAMATERIAL CHARACTERISTICSMOBILITY DATAFINANCIAL DATATECHNICAL DRAWINGS
4. www.industrialdataspace.org // 4
‘‘HOW TO‘‘ DATA ECONOMY
UNLEASH THE VALUE OF YOUR DATA
1. Make data available
2. Link with ecosystem
partners
3. Control the access
to your data
4. Create value
5. www.industrialdataspace.org
INDUSTRIAL DATA SPACE APPROACH:
// 5
SELF DETERMINED CONTROL OF DATA FLOWS
Endless Connectivity
standard for data flows between
all kinds of data endpoints
Trust between different
security domains
Comprehensive security functions
providing a maximum level of trust
Governance for the
data economy
usage control and enforcement
for data flows
6. www.industrialdataspace.org // 6
TO DO LIST
INDUSTRY 4.0 AND DATA ECONOMY
Everything needs to be secure
• Authentification & Authorisation
• Usage Policies & Usage Enforcement
• Trustworthy Communication
• Security by Design
• Techn. Certification
SECURITY
Connection of every data endpoint
• Integration of existing vocabularies
• Using different data formats
• Connection of clouds and platforms
STANDARDIZED
CONNECTIVITY Data is being traded as an asset
• Clearing & Billing
• Domain specific Broker and
Marketplaces
• Use Restrictions and Legal
Aspects (Contract Templates,
etc.)
DATA MARKETS
Being able to explain, find and
understand data
• Data source description
• Brokering
• Vocabulary
ECOSYSTEM OF DATA
Typical tasks can be solved
easier with apps
• Processing of Data
• Remote Execution
VALUE ADDING APPS
Trust is the basis of the IDS
• Identitymanagement
• User-certification
TRUST
1 2 3
4 5 6
8. www.industrialdataspace.org // 8
MILESTONES REACHED
AND NEXT STEPS
ARCHITECTURE
Release of the
reference architecture
model 2.0 on
Hannover Fair
INTERNATIONAL
Members all over the
world, connecting with
important initiatives,
major european RTOs,
intense engagement in
european research
activities
STANDARD
Foundation of a
workinggroup at DIN to
create a DIN
specification for the IDS
connector
GO LIVE
Ecosystem potentially
running, first products,
enhancing global
adoption
9. www.industrialdataspace.org // 9
OUR USE CASES MAKE IT HAPPEN
ADOPTION OF INDUSTRIAL DATA SPACE
Build up an ecosystem by
integrating further partners (also
from different domains)
Setup use cases to validate and
implement Industrial Data Space
technology
Each member of the association
realizes a business driven use case
!
!
+
+
+
10. // 10
JOIN US
!LARS NAGEL
MANAGING DIRECTOR
INDUSTRIAL DATA SPACE ASSOCIATION
WWW.LINKEDIN.COM/IN/LARS-NAGEL-704411B8/
JOSEPH-VON-FRAUNHOFER-STR. 2-4
44227 DORTMUND | GERMANY
+49 231 9743 619
INFO@INDUSTRIALDATASPACE.ORG
@ids_association
#industrialdataspace
www.industrialdataspace.org
Ressource Hub – Press Area – Blog
12. www.industrialdataspace.org // 12
ARCHITECTURE FOR DATA AND DATA SERVICES
AN INFRASTRUCTURE FOR ALL INDUSTRIES AND DOMAINS
Automotive
Electronics
and IT Logistics Retail and Food Health
… (other
Industries)
Smart-Service-Scenarios
Service and product innovations
»Smart Data Services« (alerting, monitoring, data quality etc.)
»Basic Data Services« (information fusion, mapping, aggregation etc.)
Internet of Things ∙ broad band infrastructure ∙ 5G
Real Time Area ∙ sensors, actuators, devices
Architecturelevel
INDUSTRIAL DATA SPACE
13. www.industrialdataspace.org // 13
INDUSTRIAL DATA SPACE
P2P NETWORK OF TRUSTED DATA
Security
Data
exchange
Trust
Certified
Participants
Decentral
Approach
distributed
architecture
Sovereignty
over data
and services
Data Governance
“rules of
the game”
Economies of
scale
Networking
effects
Open
Approach
Neutral and
user-driven Network
of platforms
and services
• All actors oblige
themselves to play by the
rules of Industrial Data
Space
• Actors and technical
components are to be
certified
• We provide usage control
for data and different
tailor-made levels of trust
15. www.industrialdataspace.org // 15Source: Fraunhofer – IDS Reference
Architecture, 2017
INTERACTION OF SYSTEMS
BrokerApp
Store
Data
Source Connector
Data Provider Data Consumer
Dataset(s) transferred from
Provider to Consumer
Metadata Description of
Datasets/Provider/Consumer
Application for specific data
manipulation
Data exchange (active)
App download
Metadata exchange
Data exchange (inactive)
Connector Data
Sink
Connector
Meta
Meta
Meta
Meta
Meta
Peer-to-peer
nodes
App
Data
Meta
App
App
App
App
Data
Meta
Connector:
Gives access to the
Industrial Data Space
Broker:
Manages Metadata of
Connectors and Participants
AppStore:
Provides Apps and Vocabularies
16. www.industrialdataspace.org // 16
REFERENCE ARCHITECURE OF A CONNECTOR
Execution Core Container:
Basic functionality for connectivity
App Store Container:
Environment for Custom Apps to
extend functionality
Custom Container:
Adapter for internal systems
Configuration Manager
Environment for Configurations,
e.g. Process based, Rules oriented
17. www.industrialdataspace.org // 17Source: Fraunhofer – IDS Reference
Architecture, 2017
REFERENCE ARCHITECURE OF A CONNECTOR
INDIVIDUAL SETUP WITH APPS
Application Container Management
Core OS
Core IDS Container
API for user defined containers
(e.g. Data Apps, System Adapters)
Virtualization
MessageHandling
Message Router
Message Bus
…
IDS Data Core
(e.g. IDS Vocabulary,
GS1 XML)
Data App
(e.g. Protocol
Transformation)
Data App
(e.g. Data
Transformation)
Data App
(e.g.
pseudonymization)
Data App
(e.g. Aggregation)
Data App
(e.g. Analytics)
Data App
(e.g. I18N)
18. www.industrialdataspace.org // 18
DATA EXCHANGE
Big Data
Analytics
App
(Trusted)
Metatag
App
Application Container Management
Core OS
Core IDS
Container
Application Container Management (Trusted)
Core OS (Trusted)
Core IDS
Container
(Trusted)
Data Consumer
Connec-
tivity App
Encrypted Connection
Query
Authentication and
Authorization
Data
Facility
QueryData
Result
Internal
Interface
Data Provider
• Data Consumer queries data from Data Provider
• Data Provider validates the query and provides data for Data Consumer
• Data Consumer has access to the result, depending on data visibility
19. www.industrialdataspace.org // 19
REMOTE DATA PROCESSING
Application Container Management (Trusted)
Core OS (Trusted)
Core IDS
Container
(Trusted)
Application Container Management (Trusted)
Core OS (Trusted)
Core IDS
Container
(Trusted)
Data Consumer Data Provider
Connec-
tivity App
Encypted Connection
Query
Authentication and
Authorization
Result
Facility
QueryData
Result
Internal
Interface
Remotely
Executed
App
(Trusted)
App provisioning
Data
• Data Consumer queries data from data provider and provides App (e.g.
analytics)
• Data Provider queries data and provides data to localy provided App
• The result set leaves the connector of the Data Provider and is available
for the Data Consumer
20. www.industrialdataspace.org // 20Source: Fraunhofer – IDS internal documentation, to
be published in Reference Architecture 2018
DATA USAGE CONTROL
USAGE CONTROL VS. ACCESS CONTROL
Usage Control – a generalization of access control
Fine-grained policies specify how data is handled after access has been granted
21. www.industrialdataspace.org // 21Source: Fraunhofer – IDS internal documentation, to
be published in Reference Architecture 2018
DATA USAGE CONTROL
BULDING BLOCKS
Enforcement (technology-dependent components)
Policy Enforcement Point (PEP): intercepts data
flows and enforces decision from PDP
Policy Execution Point (PXP): performs actions in the system
Decision and Enforcement (technology-independent components)
Policy Decision Point (PDP): decision engine (e.g., rule based)
Policy Information Point (PIP): provides additional information for decision making
Specification and Management
Policy Management Point (PMP): manages policies and components
Policy Administration Point (PAP): user interface for policy specification (e.g., Policy Editor)
22. www.industrialdataspace.org // 22Source: Fraunhofer – IDS internal documentation, to
be published in Reference Architecture 2018
DATA USAGE CONTROL
TECHNICAL ENFORCEMENT, ORGANIZATIONAL RULES,
AND LEGAL CONTRACTS
Usage Control extends, substitutes, and completes organizational rules/legal contracts
Long term: replacement of organizational rules / legal contracts by technical enforcement
23. www.industrialdataspace.org // 23Source: Fraunhofer – IDS internal documentation, to
be published in Reference Architecture 2018
DATA USAGE CONTROL
ENFORCEMENT EXAMPLE
PEP and PXP within IDS Connector
PEP controlling data flow
PXP triggering delete action
24. www.industrialdataspace.org // 24Source: Fraunhofer – IDS internal documentation, to
be published in Reference Architecture 2018
DATA USAGE CONTROL
USAGE CONTROL TECHNOLOGIES IN THE INDUSTRIAL
DATA SPACE
Integrated Distributed Data Usage Control
Enforcement (IND²UCE)
Fraunhofer IESE
Label-based Usage Control (LUCON)
Fraunhofer AISEC
Information Flow Tracking (IFT)/
Provenance Tracking
Fraunhofer IOSB
25. www.industrialdataspace.org // 25Source: Fraunhofer – IDS Reference
Architecture, 2017
IDENTIFICATION PROCESS
THE IDS HANDSHAKE
Prerequisites:
Certification of
Participants and Connectors
Handshake:
1. Establish Secure connection
based on IDS X.509 certificates
2. Request Self Assessment (IDS InfoModel)
3. Validate against Identity Provider
4. Check if partner is trustworthy
5. Check if provided data is consumable
6. Exchange data
26. www.industrialdataspace.org // 26Source: Fraunhofer – IDS internal documentation, to
be published in Reference Architecture 2018
IDS API
THE IDS PROVIDES AN API FOR YOUR API
27. www.industrialdataspace.org // 27Source: Fraunhofer – IDS internal documentation, to
be published in Reference Architecture 2018
INDUSTRIAL DATA SPACE INFORMATION MODEL
HIGH LEVEL VIEW / DOMAINS
28. www.industrialdataspace.org // 28Source: Fraunhofer – IDS internal documentation, to
be published in Reference Architecture 2018
INDUSTRIAL DATA SPACE INFORMATION MODEL
DATA PRODUCTS
29. www.industrialdataspace.org // 29Source: Fraunhofer – IDS internal documentation, to
be published in Reference Architecture 2018
INDUSTRIAL DATA SPACE INFORMATION MODEL
HERE IS YOUR API
30. www.industrialdataspace.org // 30
SECURITY PROFILES
APPROACH
1. Use Cases:
Driven by Use Cases
2. Dimensions
Identified:
• Development
• Roles
• Communication Abilities
• Higher Security Classes
3. Security Profiles
Important Insights:
• 4 Profiles Base Free, Base, Trust, Trust+
• All Connectors (not Base Free) can communicate in public IDS
• Base Free is public available
Development
Higher Security Classes
Trust+
Trust
Base
BaseFree
Public IDSDIY
31. www.industrialdataspace.org // 31
SECURITY PROFILES
BASE FREE, BASE, TRUST, TRUST+
Base Free Base Trust (Managed)Trust+
Reference
Development
Open Source IDS Community IDS Community Bound to strong SLAs
Roles Own infrastructure All IDS Roles supported,
Billing and Clearing
optional
All IDS Roles supported All IDS Roles supported
Communication
Abilities
Only private IDS with
self signed certificates
Full interoperable,
reduced trust
Full interoperable, Free
decision of
communication
Full interoperable, Free
decision of
communication,
Hardware anchor
Higher Security
Classes
Standard Security Level
required
Standard Security Level
required
High Security Level Higher Security Level
32. // 32
JOIN US
!SEBASTIAN STEINBUSS
LEAD ARCHITECT
INDUSTRIAL DATA SPACE ASSOCIATION
WWW.LINKEDIN.COM/IN/SEBASTIAN-STEINBUSS/
@SSTEINBUSS
JOSEPH-VON-FRAUNHOFER-STR. 2-4
44227 DORTMUND | GERMANY
+49 231 97677 428
SEBASTIAN.STEINBUSS@INDUSTRIALDATASPACE.ORG
@ids_association
#industrialdataspace
www.industrialdataspace.org
Ressource Hub – Press Area – Blog