[DPP] Data Sovereignty checks performed

[matbmoser]

Data Sovereignty Checks:

• [x] The provider of the connector MUST ensure the consumption of data via the DSP protocol adhering to the released version of CX-0018 standard. For example, using the Eclipse Data Space Connector on Tractus X.
  • [x] The application MUST ensure that the consumer of the data is uniquely identifiable through its associated BPN-L.
  • [x] This BPN-L must be used by this application to identify the data.
• [x] The application MUST use the BPN-L of consumer of the data when consuming data via the DSP connector (e.g. EDC or managed EDC).
• [x] A user of an application MUST be enforced to act within the constraints of the framework agreement by appropriate means (legal, technical,...).
• [x] To agree to one or multiple contract offers for a queried data asset, the selection of the appropriate offer MUST be done through the consuming application ensuring to follow company-defined rules and regulations for a user of that application.

We are using EDC: 0.7.0

Policy Configuration Guide: https://github.com/eclipse-tractusx/digital-product-pass/blob/main/docs/data-sovereignty/PolicyConfigGuide.md

[matbmoser]

This guide to be released: https://github.com/catenax-ng/tx-digital-product-pass/blob/71f7a5533e0c4fa34d0016121ce254c146f29c81/docs/data-sovereignty/PolicyConfigGuide.md

Contains all the explanation how the policy configuration is done!

[matbmoser]

Waiting for app to be available in INT

[matbmoser]

Test passed in INT!

[matbmoser]

All the points are fulfilled, requesting today the data sovereignty review... The framework agreement was requested in the portal and approved. Also the usage purpose needs to match in the configuration.

[matbmoser]

Policy configured:

{
   "@context": {
      "odrl": "http://www.w3.org/ns/odrl/2/",
      "cx-policy": "https://w3id.org/catenax/policy/"
   },
   "@type": "PolicyDefinitionRequest",
   "@id": "cx-policy",
   "policy": {
      "@type": "Policy",
      "profile": "cx-policy:profile2405",
      "odrl:permission": [
         {
            "odrl:action": "USE",
            "odrl:constraint": {
               "@type": "LogicalConstraint",
               "odrl:and": [
                  {
                     "@type": "Constraint",
                     "odrl:leftOperand": "cx-policy:Membership",
                     "odrl:operator": {
                        "@id": "odrl:eq"
                     },
                     "odrl:rightOperand": "active"
                  },
                  {
                     "@type": "Constraint",
                     "odrl:leftOperand": "cx-policy:FrameworkAgreement",
                     "odrl:operator": {
                        "@id": "odrl:eq"
                     },
                     "odrl:rightOperand": "circulareconomy:1.0"
                  },
                  {
                     "@type": "Constraint",
                     "odrl:leftOperand": "cx-policy:UsagePurpose",
                     "odrl:operator": {
                        "@id": "odrl:eq"
                     },
                     "odrl:rightOperand": "cx.circular.dpp:1"
                  }
               ]
            }
         }
      ],
      "odrl:obligation": [],
      "odrl:prohibition": []
   }
}

[matbmoser]

Policy selection modal is enabled:

If user selects a policy which he is not allowed the backend will send this error:

[matbmoser]

In case is the allowed one it will let it work.

[matbmoser]

Tested runned and documented.