“IDS is not only a technological standard but also a universal legal framework to create data-driven business ecosystems”

This inter­view was ori­gi­nal­ly publis­hed on the TRUSTS pro­ject web­site.

Dear Mr. Stein­buß, thank you very much for taking your time. Just to give our rea­ders a short intro­duc­tion: you are the CTO of the Inter­na­tio­nal Data Spaces Asso­cia­ti­on (IDSA) and respon­si­ble for the orga­niz­a­ti­on of the IDSA working groups as well as the tech­ni­cal deve­lo­p­ment of the IDS, which is a data sharing sche­me inclu­ding a refe­rence archi­tec­tu­re and a set of agree­ments to be used for crea­ting and ope­ra­ting vir­tu­al data spaces. This makes you an expe­ri­en­ced expert with regard to the pos­si­bi­li­ties of effi­ci­ent data usa­ge for busi­nes­ses and all the chal­len­ges that come with it – which alrea­dy leads to my first ques­ti­on:

How can com­pa­nies rea­li­ze a secu­re and effi­ci­ent data exchan­ge?

Sebas­ti­an Stein­buß: For data to be tur­ned into new pro­ducts or smart ser­vices, com­pa­nies must be able to cap­tu­re, store, pro­cess, eva­lua­te, and publish data effi­ci­ent­ly and rea­son­ab­ly, inclu­ding a link to data from others. What pre­vents many com­pa­nies from data sharing is a lack of infra­st­ruc­tures and agree­ments that ensu­re data sov­er­eig­n­ty for both the data pro­vi­der and data con­su­mer. IDSA sol­ved this pro­blem: Tog­e­ther with poli­tics, rese­arch and indus­try, IDSA desi­gned a refe­rence archi­tec­tu­re for secu­re data spaces. The par­ti­ci­pants of such a data space deci­de how they use their data and with whom they exchan­ge it. The IDS stan­dard defi­nes bin­ding rules for data exchan­ge.

How is IDS con­nec­ted to TRUSTS?

Sebas­ti­an Stein­buß: TRUSTS aims at crea­ting a Euro­pean Data Mar­ket based on sov­er­eign, secu­re and trust­worthy data exch­an­ges. The TRUSTS plat­form will act inde­pendent­ly and as a plat­form fede­r­a­tor, while inves­ti­ga­ting the legal and ethi­cal aspects that app­ly on the ent­i­re data value chain, from data pro­vi­ders to data con­su­mers. Still, it is no start from scratch sin­ce it will be based on the IDS refe­rence archi­tec­tu­re.

What makes the IDS refe­rence archi­tec­tu­re so valu­able for the pro­ject?

Sebas­ti­an Stein­buß: The IDS Refe­rence Archi­tec­tu­re Model is con­si­de­red the de fac­to stan­dard for crea­ting and ope­ra­ting data eco­sys­tems. Its approach is to enab­le inter­ope­ra­bi­li­ty through seman­tic data descrip­ti­ons, to crea­te trust bet­ween par­ti­ci­pants through cer­ti­fied secu­ri­ty capa­bi­li­ties, and to estab­lish gover­nan­ce rules for data usa­ge and data flows. The IDS eco­sys­tem allows data flows bet­ween all kinds of end­points (e.g. instan­tia­ti­ons of the Inter­na­tio­nal Data Spaces Con­nec­tor). Seman­tic data descrip­ti­ons pro­vi­ded by data end­points are publis­hed at dedi­ca­ted Meta-Data-Bro­kers, allowing poten­ti­al data con­su­mers to search for and iden­ti­fy data that is rele­vant (seman­ti­cs) and app­li­ca­ble (qua­li­ty) for their par­ti­cu­lar pur­po­se, and to assess in advan­ce data’s afforda­bi­li­ty (pri­ce) and usa­bi­li­ty (restric­tions and obli­ga­ti­ons).

What is an ‘IDS Eco­sys­tem’?

Sebas­ti­an Stein­buß: Our key word is data sov­er­eig­n­ty – the IDS archi­tec­tu­re ensu­res data sov­er­eig­n­ty for tho­se who make data avail­ab­le in data eco­sys­tems. This means that data pro­vi­ders always keep con­trol how it is used. They deci­de who uses their data for how long, for which app­li­ca­ti­on, for how many times and accord­ing to which terms & con­di­ti­ons. The IDS Con­nec­tor acts as a secu­re gate­way for IoT and other data sources. Every con­nec­tor can team up with other con­nec­tors to form a peer-to-peer net­work. As a con­se­quence, data exchan­ge can but does not have to take place via a cloud, in which the data would be stored with a third par­ty pro­vi­der, but direct­ly bet­ween the com­pa­nies invol­ved. A data value chain con­sists of mul­ti­ple peer-to-peer con­nec­tions and all tog­e­ther sum up to a data-dri­ven busi­ness-eco­sys­tem

What makes IDS so spe­cial com­pa­red to simi­lar tech­no­lo­gies? Do any com­pa­ra­ble tech­no­lo­gies exist?

Sebas­ti­an Stein­buß: Par­ti­ci­pants and core com­pon­ents of IDS-based data eco­sys­tems must pro­vi­de a high degree of trust and secu­ri­ty regar­ding the inte­gri­ty, con­fi­den­tia­li­ty and avai­la­bi­li­ty of infor­ma­ti­on exch­an­ged in the IDS. The­re­fo­re, using cer­ti­fied core com­pon­ents as well as employ­ing cer­ti­fied tech­ni­cal and orga­ni­sa­tio­nal secu­ri­ty mea­su­res is man­da­to­ry for par­ti­ci­pa­ting in the IDS. The IDS Cer­ti­fi­ca­ti­on Sche­me defi­nes secu­ri­ty levels for com­pon­ents and the requi­re­ments to be imple­men­ted. IDS is not only a tech­no­lo­gi­cal stan­dard but also a uni­ver­sal legal frame­work to crea­te data-dri­ven busi­ness eco­sys­tems. Key requi­re­ment to make this a rea­li­ty is to have a set of rules and poli­ci­es that govern it in a decen­tra­li­sed way. All the­se rules and poli­ci­es are collec­ted in the IDS Rule Book. It descri­bes the tech­ni­cal, ope­ra­tio­nal, and legal agree­ments to enab­le the IDS eco­sys­tem to be ful­ly working in a real-world sce­n­a­rio. The first edi­ti­on of the Rule Book will be publis­hed this year.

Many thanks for the infor­ma­ti­ve explana­ti­ons and the illus­tra­ti­ons – and espe­cial­ly for taking your time.