Configuration of data sovereignty check

[DanielaWuensch]

Description

As of today (Catena-X Release 24.05), the data sovereignty check is based on a fix set of credentials and purposes, which are copied to the application. However, there is no online connection to the ODRL repository or the policy hub forseen. Based on Governance process defined in feature https://github.com/eclipse-tractusx/sig-release/issues/583, new purposes and credentials might be added. Therefore, it should be possible to configure the data sovereignty check in a way that an online connection to the ODRL repo or policy hub is implemented to check the current set of purposes and credentials at runtime before a data consumer application starts the negotiation. This allows applications to use the standardized purposes and credentials as basis and enable data providers/data consumers to add additional custom specific purposes, which they bilateral agreed on. Furthermore, it eases the update process from Catena-X release to Catena-X release if additional purposes are added or depricated.

Acceptance Criteria

Decide and document how any application can do an online retrieval of valid purposes and credentials during runtime Adapt the policy hub or the ODRL repo accordingly Define in a KIT the best practice how an app can use the pre-defined purposes and credentials as basis to add customer specific purposes to be used during runtime of negotiations

Impact

Prerequisite: Governance process: https://github.com/eclipse-tractusx/sig-release/issues/583 Availability of APIs in policy hub

Additional information

• [x] I'm willing to contribute to this feature

[DanielaWuensch]

Labels: "SSI" and "data sovereignty" will be added as soon as they exist

[DanielaWuensch]

to be refined if API in repo and additional APIs in policy hub are required

[jjeroch]

@DanielaWuensch Can you please add the acceptance criteria and where the implementation is needed. This is not clear from the description. With that a pre-discussion with committers is almost impossible.. Thanks.

[DanielaWuensch]

@jjeroch : I updated Acceptance criteria and additional description. Do you still see the flag "open decision"? Who should decide what by when?

[stephanbcbauer]

was presented in open planning ⇾ please clearify with related components

[stephanbcbauer]

Was presented in the open planning ⇾ open decision label can be deleted. ⇾ no implementation effort for policy hub ⇾ “just” testing

[stephanbcbauer]

Hello @jjeroch , @DanielaWuensch , @evegufy

Since the feature is a 24.08 feature and the development phase is coming to an end, we need a status on the feature.

• [ ] Currently you are assigned (Responsible) → Is this correct? If not, please assign the correct contact person
• [ ] Please check whether the status (backlog, work in progress ...) is set correctly
• [ ] Please check whether there is an assignment to a committee or expert group (supported-by) to be found on the board
• [ ] Please comment on the current status of the feature
• [ ] Are all SubTasks (issues from other repositories that deal with the feature) linked? → The easiest way is to mention the feature here in the issue (via the ID) so we can see which teams/repositories are involved.

If you need any clarification, please get in touch, thank you very much. Stephan