The Dataspace Protocol is a set of specifications designed to facilitate interoperable data sharing between entities governed by usage control and based on Web technologies. These specifications define the schemas and protocols required for entities to publish data, negotiate Agreements, and access data in a data space
I would like to try to map the protocol discussion and focus with my personal view of the world:
Trust setup and negotiation in the IDS (or other data spaces) - Connector centric view
Introduction
To establish trust into data exchange processes, several means of secure deployment, security features and certification aspects can be facilitated:
Secure deployment in a Trusted Execution Environment such as AMD SEV-SNP or Intel SGX (TDX).
Verification via Remote attestation of trust properties towards external parties.
Establishment of Secure Boot via TPM
Verification via Remote attestation of trust properties towards external parties.
Verification of the issued certification level (Such as C5 cloud certification) by verifying the identity properties of a service.
Storage of data on encrypted volumes, storing private keys in HSMs, ...
These means need to be facilitated to establish trust between parties. We assume the data transaction relationships as sketched in the next section:
Assumed data workflow / component interaction
An Identity Provider (IdP) issues trust related claims to IDS Connector. In IDS context, this is currently the combination of CA and DAPS. Trust related claims are issued by the DAPS.
Data Connector A is looking for specific data. Metadata includes:
Connector address offering data offering (Data Connnector B)
Owner
Both parties negotiate a usage contract. This could include:
"Only process on a specific container or processing context"
"Only process in a Trusted Execution Environment"
"Do not forward to another party"
Both connectors set up the data workflow
Data is exchanged.
Trust implications
Several implications arise fom this:
Both parties trust the same IdP (no matter of how centralized or de-centralized). So we have a trust relationship between Connector A/B and the IdP.Identity claims such as certification level or hardware trust anchor support need to be verified between both Data Connectors.
Metadata is potentially untrusted. Metadata and identity claim validation has to be done between Data Connectors.
Both Data Connectors trust that the other parties Data Connector is "trustworthy":
Both Data Connectors are deployed in a secure deployment environment.
Both Data Connectors are configured properly.
Both Data Connectors are not tampered with.
Data Connectors configure data sink and data source to grant access and acquire data for the specified data workflow. Data Connectors have privileged access to data sink and data source. (Remark: This is why in the IDS concepts, we have an overarching trust entity between data services and the Connector Core Services and see this overarching entity as a "Connector".)
Data Service associated with Data Connector A consumes data Data Service defined by Data Connector B. This second trust relationship requires verififcation of negotiated trust properties between services.
Proposal for trust integration
The current protocols are useful and needed. However, trust is omitted from the discussions so far. We believe that trust implication are associated with every step as discussed above. The specification so far is deliberately abstract. But we believe that these topics should at least be addressed in an explanatory section stating that these topics need do be defined in another spec. At some point, some extensions or detailing needs to be done:
Trust related claims need to be verified on Control plane level as well as Data plane level, since both are involded in trustworthy data transer setup and data exchange.
Trust negotiation needs to be part of Data Connector contract negotiation.
Trust negotiation needs to be part of the Data Plane interaction.
I would like to try to map the protocol discussion and focus with my personal view of the world:
Trust setup and negotiation in the IDS (or other data spaces) - Connector centric view
Introduction
To establish trust into data exchange processes, several means of secure deployment, security features and certification aspects can be facilitated:
These means need to be facilitated to establish trust between parties. We assume the data transaction relationships as sketched in the next section:
Assumed data workflow / component interaction
Trust implications
Several implications arise fom this:
Proposal for trust integration
The current protocols are useful and needed. However, trust is omitted from the discussions so far. We believe that trust implication are associated with every step as discussed above. The specification so far is deliberately abstract. But we believe that these topics should at least be addressed in an explanatory section stating that these topics need do be defined in another spec. At some point, some extensions or detailing needs to be done:
I would be happy to hear your thoughts.