Webinar Industrial Data Space Association: Introduction and Architecture

A NEW IDEA FOR SHARING DATA - INTRODUCTION TO INDUSTRIAL DATA SPACE
WEBINAR
BY LARS NAGEL, SEBASTIAN STEINBUSS AND THORSTEN HUELSMANN, INDUSTRIAL DATA SPACE ASSOCIATION
INDUSTRIAL DATA SPACE

AN ECONOMIC ASSET
DATA
The key focus for a data-driven economy and
new business models is in linking data.
SENSOR DATAMATERIAL CHARACTERISTICSMOBILITY DATAFINANCIAL DATATECHNICAL DRAWINGS

Interoperability
Data Exchange
»Sharing Economy«
Data Centric
Services
Data Ownership
Data Security
Data Value
WITHOUT REGRET
COMPANIES WANT TO LINK DATA

www.industrialdataspace.org // 4
‘‘HOW TO‘‘ DATA ECONOMY
UNLEASH THE VALUE OF YOUR DATA
1. Make data available
2. Link with ecosystem
partners
3. Control the access
to your data
4. Create value

www.industrialdataspace.org
INDUSTRIAL DATA SPACE APPROACH:
// 5
SELF DETERMINED CONTROL OF DATA FLOWS
Endless Connectivity
standard for data flows between
all kinds of data endpoints
Trust between different
security domains
Comprehensive security functions
providing a maximum level of trust
Governance for the
data economy
usage control and enforcement
for data flows

TO DO LIST
INDUSTRY 4.0 AND DATA ECONOMY
Everything needs to be secure
• Authentification & Authorisation
• Usage Policies & Usage Enforcement
• Trustworthy Communication
• Security by Design
• Techn. Certification
SECURITY
Connection of every data endpoint
• Integration of existing vocabularies
• Using different data formats
• Connection of clouds and platforms
STANDARDIZED
CONNECTIVITY Data is being traded as an asset
• Clearing & Billing
• Domain specific Broker and
Marketplaces
• Use Restrictions and Legal
Aspects (Contract Templates,
etc.)
DATA MARKETS
Being able to explain, find and
understand data
• Data source description
• Brokering
• Vocabulary
ECOSYSTEM OF DATA
Typical tasks can be solved
easier with apps
• Processing of Data
• Remote Execution
VALUE ADDING APPS
Trust is the basis of the IDS
• Identitymanagement
• User-certification
TRUST
1 2 3
4 5 6

80+
Companies and
Organisations
5
Working Groups
20+
Use
Cases
1
Ecosystem
=

MILESTONES REACHED
AND NEXT STEPS
ARCHITECTURE
Release of the
reference architecture
model 2.0 on
Hannover Fair
INTERNATIONAL
Members all over the
world, connecting with
important initiatives,
major european RTOs,
intense engagement in
european research
activities
STANDARD
Foundation of a
workinggroup at DIN to
create a DIN
specification for the IDS
connector
GO LIVE
Ecosystem potentially
running, first products,
enhancing global
adoption

OUR USE CASES MAKE IT HAPPEN
ADOPTION OF INDUSTRIAL DATA SPACE
Build up an ecosystem by
integrating further partners (also
from different domains)
Setup use cases to validate and
implement Industrial Data Space
technology
Each member of the association
realizes a business driven use case
!
!
+
+
+

// 10
JOIN US
!LARS NAGEL
MANAGING DIRECTOR
INDUSTRIAL DATA SPACE ASSOCIATION
WWW.LINKEDIN.COM/IN/LARS-NAGEL-704411B8/
JOSEPH-VON-FRAUNHOFER-STR. 2-4
44227 DORTMUND | GERMANY
+49 231 9743 619
INFO@INDUSTRIALDATASPACE.ORG
@ids_association
#industrialdataspace
Ressource Hub – Press Area – Blog

// 11
INDUSTRIAL DATA
SPACE
BASIC IDEAS OF THE
IDS ARCHITECTURE

ARCHITECTURE FOR DATA AND DATA SERVICES
AN INFRASTRUCTURE FOR ALL INDUSTRIES AND DOMAINS
Automotive
Electronics
and IT Logistics Retail and Food Health
… (other
Industries)
Smart-Service-Scenarios
Service and product innovations
»Smart Data Services« (alerting, monitoring, data quality etc.)
»Basic Data Services« (information fusion, mapping, aggregation etc.)
Internet of Things ∙ broad band infrastructure ∙ 5G
Real Time Area ∙ sensors, actuators, devices
Architecturelevel

P2P NETWORK OF TRUSTED DATA
Security
Data
exchange
Trust
Certified
Participants
Decentral
Approach
distributed
architecture
Sovereignty
over data
and services
Data Governance
“rules of
the game”
Economies of
scale
Networking
effects
Open
Approach
Neutral and
user-driven Network
of platforms
and services
• All actors oblige
themselves to play by the
rules of Industrial Data
Space
• Actors and technical
components are to be
certified
• We provide usage control
for data and different
tailor-made levels of trust

A TRUSTED PEER TO PEER NETWORK
FOR ALL INDUSTRIES TO SHARE DATA
 Software components enable
all stakeholders (defined
roles) to participate in IDS
 The quantity of all (external)
IDS connectors defines the
Industrial Data Space
 Internal IDS connectors are
used to link data sources in
the company, to transform
and to improve them.
© Fraunhofer

www.industrialdataspace.org // 15Source: Fraunhofer – IDS Reference
Architecture, 2017
INTERACTION OF SYSTEMS
BrokerApp
Store
Data
Source Connector
Data Provider Data Consumer
Dataset(s) transferred from
Provider to Consumer
Metadata Description of
Datasets/Provider/Consumer
Application for specific data
manipulation
Data exchange (active)
App download
Metadata exchange
Data exchange (inactive)
Connector Data
Sink
Connector
Meta
Meta
Meta
Meta
Meta
Peer-to-peer
nodes
App
Data
Meta
App
App
App
App
Data
Meta
Connector:
Gives access to the
Industrial Data Space
Broker:
Manages Metadata of
Connectors and Participants
AppStore:
Provides Apps and Vocabularies

REFERENCE ARCHITECURE OF A CONNECTOR
Execution Core Container:
Basic functionality for connectivity
App Store Container:
Environment for Custom Apps to
extend functionality
Custom Container:
Adapter for internal systems
Configuration Manager
Environment for Configurations,
e.g. Process based, Rules oriented

Architecture, 2017
REFERENCE ARCHITECURE OF A CONNECTOR
INDIVIDUAL SETUP WITH APPS
Application Container Management
Core OS
Core IDS Container
API for user defined containers
(e.g. Data Apps, System Adapters)
Virtualization
MessageHandling
Message Router
Message Bus
…
IDS Data Core
(e.g. IDS Vocabulary,
GS1 XML)
Data App
(e.g. Protocol
Transformation)
Data App
(e.g. Data
Transformation)
Data App
(e.g.
pseudonymization)
Data App
(e.g. Aggregation)
Data App
(e.g. Analytics)
Data App
(e.g. I18N)

DATA EXCHANGE
Big Data
Analytics
App
(Trusted)
Metatag
App
Application Container Management
Core OS
Core IDS
Container
Application Container Management (Trusted)
Core OS (Trusted)
Core IDS
Container
(Trusted)
Data Consumer
Connec-
tivity App
Encrypted Connection
Query
Authentication and
Authorization
Data
Facility
QueryData
Result
Internal
Interface
Data Provider
• Data Consumer queries data from Data Provider
• Data Provider validates the query and provides data for Data Consumer
• Data Consumer has access to the result, depending on data visibility

REMOTE DATA PROCESSING
Core OS (Trusted)
Core IDS
Container
(Trusted)
Core OS (Trusted)
Core IDS
Container
(Trusted)
Data Consumer Data Provider
Connec-
tivity App
Encypted Connection
Query
Authentication and
Authorization
Result
Facility
QueryData
Result
Internal
Interface
Remotely
Executed
App
(Trusted)
App provisioning
Data
• Data Consumer queries data from data provider and provides App (e.g.
analytics)
• Data Provider queries data and provides data to localy provided App
• The result set leaves the connector of the Data Provider and is available
for the Data Consumer

www.industrialdataspace.org // 20Source: Fraunhofer – IDS internal documentation, to
be published in Reference Architecture 2018
DATA USAGE CONTROL
USAGE CONTROL VS. ACCESS CONTROL
 Usage Control – a generalization of access control
 Fine-grained policies specify how data is handled after access has been granted

DATA USAGE CONTROL
BULDING BLOCKS
 Enforcement (technology-dependent components)
 Policy Enforcement Point (PEP): intercepts data
flows and enforces decision from PDP
 Policy Execution Point (PXP): performs actions in the system
 Decision and Enforcement (technology-independent components)
 Policy Decision Point (PDP): decision engine (e.g., rule based)
 Policy Information Point (PIP): provides additional information for decision making
 Specification and Management
 Policy Management Point (PMP): manages policies and components
 Policy Administration Point (PAP): user interface for policy specification (e.g., Policy Editor)

DATA USAGE CONTROL
TECHNICAL ENFORCEMENT, ORGANIZATIONAL RULES,
AND LEGAL CONTRACTS
 Usage Control extends, substitutes, and completes organizational rules/legal contracts
 Long term: replacement of organizational rules / legal contracts by technical enforcement

DATA USAGE CONTROL
ENFORCEMENT EXAMPLE
PEP and PXP within IDS Connector
PEP controlling data flow
PXP triggering delete action

DATA USAGE CONTROL
USAGE CONTROL TECHNOLOGIES IN THE INDUSTRIAL
DATA SPACE
 Integrated Distributed Data Usage Control
Enforcement (IND²UCE)
Fraunhofer IESE
 Label-based Usage Control (LUCON)
Fraunhofer AISEC
 Information Flow Tracking (IFT)/
Provenance Tracking
Fraunhofer IOSB

Architecture, 2017
IDENTIFICATION PROCESS
THE IDS HANDSHAKE
Prerequisites:
Certification of
Participants and Connectors
Handshake:
1. Establish Secure connection
based on IDS X.509 certificates
2. Request Self Assessment (IDS InfoModel)
3. Validate against Identity Provider
4. Check if partner is trustworthy
5. Check if provided data is consumable
6. Exchange data

IDS API
THE IDS PROVIDES AN API FOR YOUR API

INDUSTRIAL DATA SPACE INFORMATION MODEL
HIGH LEVEL VIEW / DOMAINS

DATA PRODUCTS

HERE IS YOUR API

SECURITY PROFILES
APPROACH
1. Use Cases:
Driven by Use Cases
2. Dimensions
Identified:
• Development
• Roles
• Communication Abilities
• Higher Security Classes
3. Security Profiles
Important Insights:
• 4 Profiles Base Free, Base, Trust, Trust+
• All Connectors (not Base Free) can communicate in public IDS
• Base Free is public available
Development
Higher Security Classes
Trust+
Trust
Base
BaseFree
Public IDSDIY

SECURITY PROFILES
BASE FREE, BASE, TRUST, TRUST+
Base Free Base Trust (Managed)Trust+
Reference
Development
Open Source IDS Community IDS Community Bound to strong SLAs
Roles Own infrastructure All IDS Roles supported,
Billing and Clearing
optional
All IDS Roles supported All IDS Roles supported
Communication
Abilities
Only private IDS with
self signed certificates
Full interoperable,
reduced trust
Full interoperable, Free
decision of
communication
Full interoperable, Free
decision of
communication,
Hardware anchor
Higher Security
Classes
Standard Security Level
required
Standard Security Level
required
High Security Level Higher Security Level

// 32
JOIN US
!SEBASTIAN STEINBUSS
LEAD ARCHITECT
INDUSTRIAL DATA SPACE ASSOCIATION
WWW.LINKEDIN.COM/IN/SEBASTIAN-STEINBUSS/
@SSTEINBUSS
JOSEPH-VON-FRAUNHOFER-STR. 2-4
44227 DORTMUND | GERMANY
+49 231 97677 428
SEBASTIAN.STEINBUSS@INDUSTRIALDATASPACE.ORG
@ids_association
#industrialdataspace
Ressource Hub – Press Area – Blog

Webinar Industrial Data Space Association: Introduction and Architecture

More Related Content

What's hot

Similar to Webinar Industrial Data Space Association: Introduction and Architecture

More from Thorsten Huelsmann

Recently uploaded

Webinar Industrial Data Space Association: Introduction and Architecture