Policy Engine

[MBadea17]

Policy Engine (ODRL, REGO) needed to add advanced access control policies to the metadata. Simple white/blacklisting not sufficient. Policy Engine (ODRL, REGO) is needed to bring advanced access control (NOT USAGE) policies into the metadata of the service offerings. This is needed to grant access rights, based on other users attributes / self-descriptions, i.e. jurisdiction, legal form, consistency rules, etc. It would be beneficial to be able to this logic to the Ocean Provider and the metadata. Users metadata will be pulled from Verifiable Credential or decentralized storage (catalogue) and needs to be cryptographically signed.

Source: DeltaDAO

[kaimeinke]

The Rego Policy Engine is now already available on the basis of of the OPA Ecosystem and Open Policy Agents: https://www.openpolicyagent.org/docs/latest/ecosystem/

walt.id successfully demonstrated an integration with ad-hoc created REGO policies, the documentation and a demonstration video can be found here https://www.openpolicyagent.org/docs/latest/ecosystem/#waltid-detail

Utility: This enables service providers to enforce enhanced terms and conditions for access control within the asset self-descriptions to grant conditional access to services. This feature is not only mandatory in Gaia-X to check if consumers are accredited and onboarded properly, it also is important for service providers to ensure that the services can be used in a trustworthy manner and on their conditions.

[kaimeinke]

To add content. The implementation of Verifiable Credentials has been started on the Service Provider side, related to Gaia-X Self-Descriptions, this part is the missing consumer side integration that brings both sides together to enable a trustworthy data ecosystem to enable Compliance by Automation, or as we call it, a more "trustless" ecosystem.