Configuration of data sovereignty check

DanielaWuensch commented 7 months ago

Description

As of today (Catena-X Release 24.05), the data sovereignty check is based on a fix set of credentials and purposes, which are copied to the application. However, there is no online connection to the ODRL repository or the policy hub forseen. Based on Governance process defined in feature https://github.com/eclipse-tractusx/sig-release/issues/583, new purposes and credentials might be added. Therefore, it should be possible to configure the data sovereignty check in a way that an online connection to the ODRL repo or policy hub is implemented to check the current set of purposes and credentials at runtime before a data consumer application starts the negotiation. This allows applications to use the standardized purposes and credentials as basis and enable data providers/data consumers to add additional custom specific purposes, which they bilateral agreed on. Furthermore, it eases the update process from Catena-X release to Catena-X release if additional purposes are added or depricated.

Acceptance Criteria

Decide and document how any application can do an online retrieval of valid purposes and credentials during runtime Adapt the policy hub or the ODRL repo accordingly Define in a KIT the best practice how an app can use the pre-defined purposes and credentials as basis to add customer specific purposes to be used during runtime of negotiations

Impact

Prerequisite: Governance process: https://github.com/eclipse-tractusx/sig-release/issues/583
APIs and Content updated in policy hub https://policy-hub.int.catena-x.net/api/policy-hub/swagger/index.html
Process clear how the policy hub can be used in productive environment of Catena-X

Additional information

[x] I'm willing to contribute to this feature

DanielaWuensch commented 7 months ago

Labels: "SSI" and "data sovereignty" will be added as soon as they exist

DanielaWuensch commented 7 months ago

to be refined if API in repo and additional APIs in policy hub are required

jjeroch commented 7 months ago

@DanielaWuensch Can you please add the acceptance criteria and where the implementation is needed. This is not clear from the description. With that a pre-discussion with committers is almost impossible.. Thanks.

DanielaWuensch commented 7 months ago

@jjeroch : I updated Acceptance criteria and additional description. Do you still see the flag "open decision"? Who should decide what by when?

stephanbcbauer commented 7 months ago

was presented in open planning ⇾ please clearify with related components

stephanbcbauer commented 7 months ago

Was presented in the open planning ⇾ open decision label can be deleted. ⇾ no implementation effort for policy hub ⇾ “just” testing

stephanbcbauer commented 5 months ago

Hello @jjeroch , @DanielaWuensch , @evegufy

Since the feature is a 24.08 feature and the development phase is coming to an end, we need a status on the feature.

[ ] Currently you are assigned (Responsible) → Is this correct? If not, please assign the correct contact person
[ ] Please check whether the status (backlog, work in progress ...) is set correctly
[ ] Please check whether there is an assignment to a committee or expert group (supported-by) to be found on the board
[ ] Please comment on the current status of the feature
[ ] Are all SubTasks (issues from other repositories that deal with the feature) linked? → The easiest way is to mention the feature here in the issue (via the ID) so we can see which teams/repositories are involved.

If you need any clarification, please get in touch, thank you very much. Stephan

jjeroch commented 3 months ago

@stephanbcbauer coming back to your question: Online connection to the policy hub is already available, if functional enhancements are requested happy to have them but need to receive the detailed requirement. Currently no requirement existing For now removing the release tag based on your email request

DanielaWuensch commented 3 months ago

@evegufy : Please check and sync with Daniela about it.

matbmoser commented 3 months ago

Added open decision to be decided in the end of the planning

evegufy commented 3 months ago

Was presented in the open planning ⇾ open decision label can be deleted. ⇾ no implementation effort for policy hub ⇾ “just” testing

@DanielaWuensch is this comment still valid and no there's no implementation effort for policy hub also for R24.12 ⇾ “just” testing? In case there should be an implementation change needed, we'd need a requirement as @jjeroch mentions here already: https://github.com/eclipse-tractusx/sig-release/issues/584#issuecomment-2251937643

cc: @MaximilianHauer

DanielaWuensch commented 3 months ago

@evegufy : I got the link to the current implementation of the policy hub and need to check what information I got as of today. Based on this I will add to this ticket what is needed from Policy hub.

MaximilianHauer commented 2 months ago

would propose to remove the Prep 24.12 flag and set it back to inbox to show that it is still in draft

DanielaWuensch commented 2 months ago

@MaximilianHauer : In case nothing needs to be done in policy hub, i will close the issue. The investigation of the policy hub in different landscapes is still ongoing. So no action required from you right now.

MaximilianHauer commented 1 week ago

@DanielaWuensch could you update the labels that we do not close this on fault as we do a cleanup currently.

eclipse-tractusx / sig-release