Introduce best practices document

[juliapampus]

Following ODRL best practices, we should add a document that briefly explains how the protocol could/should be used and how it could be extended, state machine- or vocabulary-wise (on an abstract level). This will help people to understand the intention and scope of these documents beyond the basic README.md.

Possible ToC:

• Introduction
• How to use
• How to extend the negotiation process (e.g., human processes)
• How to extend the transfer process
• How to extend types
  • How to define custom properties
  • When to introduce own messages
• How to write your own binding

[jimmarino]

There appear to be a few issues here:

1. A primer covering the DSP protocol
2. The process for writing binding specifications
3. How to "extend" the DSP protocol

Point 1 could be done by the RAM or another set of documents and they should be explicitly non-normative. @PeterKoen-MSFT, what do you think?

Point 2 is important, but I don't think we should define it at this point because that process will depend on the standards body we submit the current specifications to.

IMO we should never define #3. Conformant implementations are not required to support extending the protocol with custom messages or types, and that touches too much on specific implementation details. It will also break interoperability. If people want to "extend" the protocol, they should create overlay or derivative protocols outside the requirements of the core specifications in a different working group.

Implementations should also not be required to support human workflows. The only capability they should be required to support is the asynchronous messaging specified by the protocol.

Note that this is different than saying people should avoid developing policy or catalog vocabularies. We don't need to do anything, as ODRL and DCAT already define ways of doing this.

[PeterKoen-MSFT]

Point 1 could be covered in the introductory chapters of the new RAM that we are planning and where work will kick off after the summer. It would be a great intro to position the possibility of implementing many different solution architectures and business models on top of the DSP. @ssteinbuss may I ask you to add this to the backlog for the Architecture WG.

On Point 3: I believe that a lot of people wish to extend the protocol because there isn't enough understanding of how their scenarios can be covered by adding vocabularies for policies, data plane selection, etc... This is definitely something where we should consider writing a document. @ssteinbuss is this something that you would like to see in the RAM as well? It could be both: part of the introduction, as well as a closing chapter giving outlook on how to extend the base model to custom solutions.

[gbrost]

I would really like to see good practices how to embed the protocol in real data space implementations. This should include

• Authentication
• Authorization
• Transport security, encryption

[ssteinbuss]

• Include in this repo and add as non-normative to the GitBook thing.

• Mention important aspects, that are not part of the Protocol, but a Dataspace needs to solve

• link to other available resources (e.g. Rulebook related to this issue https://github.com/International-Data-Spaces-Association/ids-specification/issues/23)