webinar industrial data space association: introduction and architecture
TRANSCRIPT
A NEW IDEA FOR SHARING DATA - INTRODUCTION TO INDUSTRIAL DATA SPACEWEBINAR
BY LARS NAGEL, SEBASTIAN STEINBUSS AND THORSTEN HUELSMANN, INDUSTRIAL DATA SPACE ASSOCIATION
INDUSTRIAL DATA SPACE
AN ECONOMIC ASSET
DATA
The key focus for a data-driven economy and
new business models is in linking data.
SENSOR DATAMATERIAL CHARACTERISTICSMOBILITY DATAFINANCIAL DATATECHNICAL DRAWINGS
Interoperability
Data Exchange
»Sharing Economy«
Data CentricServices
Data Ownership
Data Security
Data Value
WITHOUT REGRET
COMPANIES WANT TO LINK DATA
www.industrialdataspace.org // 4
‘‘HOW TO‘‘ DATA ECONOMYUNLEASH THE VALUE OF YOUR DATA
1. Make data available
2. Link with ecosystem partners
3. Control the access to your data
4. Create value
www.industrialdataspace.org
INDUSTRIAL DATA SPACE APPROACH:
// 5
SELF DETERMINED CONTROL OF DATA FLOWS
Endless Connectivity
standard for data flows between
all kinds of data endpoints
Trust between different security domains
Comprehensive security functionsproviding a maximum level of trust
Governance for thedata economy
usage control and enforcementfor data flows
www.industrialdataspace.org // 6
TO DO LISTINDUSTRY 4.0 AND DATA ECONOMY
Everything needs to be secure
• Authentification & Authorisation
• Usage Policies & Usage Enforcement
• Trustworthy Communication
• Security by Design
• Techn. Certification
SECURITY
Connection of every data endpoint
• Integration of existing vocabularies
• Using different data formats
• Connection of clouds and platforms
STANDARDIZEDCONNECTIVITY Data is being traded as an asset
• Clearing & Billing
• Domain specific Broker and Marketplaces
• Use Restrictions and Legal Aspects (Contract Templates, etc.)
DATA MARKETS
Being able to explain, find and understand data
• Data source description
• Brokering
• Vocabulary
ECOSYSTEM OF DATA
Typical tasks can be solved easier with apps
• Processing of Data
• Remote Execution
VALUE ADDING APPS
Trust is the basis of the IDS
• Identitymanagement
• User-certification
TRUST
1 2 3
4 5 6
www.industrialdataspace.org // 7
80+Companies andOrganisations
5Working Groups
20+Use
Cases
1Ecosystem
=
www.industrialdataspace.org // 8
MILESTONES REACHEDAND NEXT STEPS
ARCHITECTURE
Release of thereference architecture
model 2.0 on Hannover Fair
INTERNATIONAL
Members all over theworld, connecting withimportant initiatives,
major european RTOs, intense engagement in
european researchactivities
STANDARD
Foundation of a workinggroup at DIN to
create a DIN specification for the IDS
connector
GO LIVE
Ecosystem potentiallyrunning, first products,
enhancing global adoption
www.industrialdataspace.org // 9
OUR USE CASES MAKE IT HAPPENADOPTION OF INDUSTRIAL DATA SPACE
Build up an ecosystem by integrating further partners (also from different domains)
Setup use cases to validate and implement Industrial Data Space technology
Each member of the associationrealizes a business driven use case
!
!+
++
// 10
JOIN US !LARS NAGEL
MANAGING DIRECTORINDUSTRIAL DATA SPACE ASSOCIATION
WWW.LINKEDIN.COM/IN/LARS-NAGEL-704411B8/
JOSEPH-VON-FRAUNHOFER-STR. 2-444227 DORTMUND | GERMANY
+49 231 9743 [email protected]
@ids_association#industrialdataspace
www.industrialdataspace.orgRessource Hub – Press Area – Blog
// 11
INDUSTRIAL DATA SPACE
BASIC IDEAS OF THEIDS ARCHITECTURE
www.industrialdataspace.org // 12
ARCHITECTURE FOR DATA AND DATA SERVICESAN INFRASTRUCTURE FOR ALL INDUSTRIES AND DOMAINS
AutomotiveElectronics
and IT Logistics Retail and Food Health… (other
Industries)
Smart-Service-Scenarios
Service and product innovations
»Smart Data Services« (alerting, monitoring, data quality etc.)
»Basic Data Services« (information fusion, mapping, aggregation etc.)
Internet of Things ∙ broad band infrastructure ∙ 5G
Real Time Area ∙ sensors, actuators, devices
Arc
hitectu
rele
vel
INDUSTRIAL DATA SPACE
www.industrialdataspace.org // 13
INDUSTRIAL DATA SPACEP2P NETWORK OF TRUSTED DATA
Security
Data
exchange
TrustCertified
Participants
DecentralApproachdistributed architecture
Sovereigntyover data
and services
Data Governance“rules of the game”
Economies of scale
Networking effects
Open Approach
Neutral and user-driven Network
of platformsand services
• All actors oblige
themselves to play by the
rules of Industrial Data
Space
• Actors and technical
components are to be
certified
• We provide usage control
for data and different
tailor-made levels of trust
www.industrialdataspace.org // 14
A TRUSTED PEER TO PEER NETWORKFOR ALL INDUSTRIES TO SHARE DATA
Software components enable all stakeholders (defined roles) to participate in IDS
The quantity of all (external) IDS connectors defines the Industrial Data Space
Internal IDS connectors are used to link data sources in the company, to transform and to improve them.
© Fraunhofer
www.industrialdataspace.org // 15Source: Fraunhofer – IDS Reference Architecture, 2017
INTERACTION OF SYSTEMSBrokerApp
Store
Data Source Connector
Data Provider Data Consumer
Dataset(s) transferred from Provider to Consumer
Metadata Description ofDatasets/Provider/Consumer
Application for specific datamanipulation
Data exchange (active)
App download
Metadata exchange
Data exchange (inactive)
Connector Data Sink
Connector
MetaMeta
MetaMeta
Meta
Peer-to-peernodes
App
Data
Meta
AppApp
App
App
Data
Meta
Connector: Gives access to the Industrial Data Space
Broker: Manages Metadata of Connectors and Participants
AppStore: Provides Apps and Vocabularies
www.industrialdataspace.org // 16
REFERENCE ARCHITECURE OF A CONNECTOR
Execution Core Container: Basic functionality for connectivity
App Store Container: Environment for Custom Apps to extend functionality
Custom Container: Adapter for internal systems
Configuration ManagerEnvironment for Configurations, e.g. Process based, Rules oriented
www.industrialdataspace.org // 17Source: Fraunhofer – IDS Reference Architecture, 2017
REFERENCE ARCHITECURE OF A CONNECTORINDIVIDUAL SETUP WITH APPS
Application Container Management
Core OS
Core IDS Container
API for user defined containers
(e.g. Data Apps, System Adapters)
Virtualization
Mes
sage
Han
dlin
g
Message Router
Message Bus
…
IDS Data Core (e.g. IDS Vocabulary,
GS1 XML)
Data App
(e.g. Protocol Transformation)
Data App
(e.g. Data Transformation)
Data App(e.g.
pseudonymization)
Data App
(e.g. Aggregation)
Data App
(e.g. Analytics)
Data App(e.g. I18N)
www.industrialdataspace.org // 18
DATA EXCHANGE
Big Data Analytics
App (Trusted)
Metatag App
Application Container Management
Core OS
Core IDS Container
Application Container Management (Trusted)
Core OS (Trusted)
Core IDS Container (Trusted)
Data Consumer
Connec-tivity App
Encrypted Connection
Query
Authentication and Authorization
Data
Faci
lity
Qu
ery
Dat
a
Result
InternalInterface
Data Provider
• Data Consumer queries data from Data Provider
• Data Provider validates the query and provides data for Data Consumer
• Data Consumer has access to the result, depending on data visibility
www.industrialdataspace.org // 19
REMOTE DATA PROCESSING
Application Container Management (Trusted)
Core OS (Trusted)
Core IDS Container (Trusted)
Application Container Management (Trusted)
Core OS (Trusted)
Core IDS Container (Trusted)
Data Consumer Data Provider
Connec-tivity App
Encypted Connection
Query
Authentication and Authorization
Result
Faci
lity
Qu
ery
Dat
a
Result
InternalInterface
RemotelyExecuted
App (Trusted)
App provisioning
Data
• Data Consumer queries data from data provider and provides App (e.g. analytics)
• Data Provider queries data and provides data to localy provided App
• The result set leaves the connector of the Data Provider and is availablefor the Data Consumer
www.industrialdataspace.org // 20Source: Fraunhofer – IDS internal documentation, tobe published in Reference Architecture 2018
DATA USAGE CONTROLUSAGE CONTROL VS. ACCESS CONTROL
Usage Control – a generalization of access control
Fine-grained policies specify how data is handled after access has been granted
www.industrialdataspace.org // 21Source: Fraunhofer – IDS internal documentation, tobe published in Reference Architecture 2018
DATA USAGE CONTROLBULDING BLOCKS
Enforcement (technology-dependent components)
Policy Enforcement Point (PEP): intercepts data flows and enforces decision from PDP
Policy Execution Point (PXP): performs actions in the system
Decision and Enforcement (technology-independent components)
Policy Decision Point (PDP): decision engine (e.g., rule based)
Policy Information Point (PIP): provides additional information for decision making
Specification and Management
Policy Management Point (PMP): manages policies and components
Policy Administration Point (PAP): user interface for policy specification (e.g., Policy Editor)
www.industrialdataspace.org // 22Source: Fraunhofer – IDS internal documentation, tobe published in Reference Architecture 2018
DATA USAGE CONTROLTECHNICAL ENFORCEMENT, ORGANIZATIONAL RULES, AND LEGAL CONTRACTS
Usage Control extends, substitutes, and completes organizational rules/legal contracts
Long term: replacement of organizational rules / legal contracts by technical enforcement
www.industrialdataspace.org // 23Source: Fraunhofer – IDS internal documentation, tobe published in Reference Architecture 2018
DATA USAGE CONTROLENFORCEMENT EXAMPLE
PEP and PXP within IDS Connector
PEP controlling data flow
PXP triggering delete action
www.industrialdataspace.org // 24Source: Fraunhofer – IDS internal documentation, tobe published in Reference Architecture 2018
DATA USAGE CONTROLUSAGE CONTROL TECHNOLOGIES IN THE INDUSTRIAL DATA SPACE Integrated Distributed Data Usage Control
Enforcement (IND²UCE)Fraunhofer IESE
Label-based Usage Control (LUCON) Fraunhofer AISEC
Information Flow Tracking (IFT)/ Provenance TrackingFraunhofer IOSB
www.industrialdataspace.org // 25Source: Fraunhofer – IDS Reference Architecture, 2017
IDENTIFICATION PROCESSTHE IDS HANDSHAKE
Prerequisites:Certification ofParticipants and Connectors
Handshake:1. Establish Secure connection
based on IDS X.509 certificates2. Request Self Assessment (IDS InfoModel)3. Validate against Identity Provider4. Check if partner is trustworthy5. Check if provided data is consumable6. Exchange data
www.industrialdataspace.org // 26Source: Fraunhofer – IDS internal documentation, tobe published in Reference Architecture 2018
IDS APITHE IDS PROVIDES AN API FOR YOUR API
www.industrialdataspace.org // 27Source: Fraunhofer – IDS internal documentation, tobe published in Reference Architecture 2018
INDUSTRIAL DATA SPACE INFORMATION MODELHIGH LEVEL VIEW / DOMAINS
www.industrialdataspace.org // 28Source: Fraunhofer – IDS internal documentation, tobe published in Reference Architecture 2018
INDUSTRIAL DATA SPACE INFORMATION MODELDATA PRODUCTS
www.industrialdataspace.org // 29Source: Fraunhofer – IDS internal documentation, tobe published in Reference Architecture 2018
INDUSTRIAL DATA SPACE INFORMATION MODELHERE IS YOUR API
www.industrialdataspace.org // 30
SECURITY PROFILESAPPROACH
1. Use Cases:Driven by Use Cases
2. DimensionsIdentified:• Development• Roles• Communication Abilities• Higher Security Classes
3. Security ProfilesImportant Insights:• 4 Profiles Base Free, Base, Trust, Trust+• All Connectors (not Base Free) can communicate in public IDS• Base Free is public available
Dev
elo
pm
ent
Higher Security Classes
Tru
st+
Tru
st
Bas
e
Bas
e Fr
ee
Public IDSDIY
www.industrialdataspace.org // 31
SECURITY PROFILESBASE FREE, BASE, TRUST, TRUST+
Base Free Base Trust (Managed)Trust+
Reference Development
Open Source IDS Community IDS Community Bound to strong SLAs
Roles Own infrastructure All IDS Roles supported, Billing and Clearing optional
All IDS Roles supported All IDS Roles supported
Communication Abilities
Only private IDS with self signed certificates
Full interoperable, reduced trust
Full interoperable, Free decision of communication
Full interoperable, Free decision of communication, Hardware anchor
Higher Security Classes
Standard Security Level required
Standard Security Level required
High Security Level Higher Security Level
// 32
JOIN US !SEBASTIAN STEINBUSS
LEAD ARCHITECTINDUSTRIAL DATA SPACE ASSOCIATION
WWW.LINKEDIN.COM/IN/SEBASTIAN-STEINBUSS/@SSTEINBUSS
JOSEPH-VON-FRAUNHOFER-STR. 2-444227 DORTMUND | GERMANY
+49 231 97677 [email protected]
@ids_association#industrialdataspace
www.industrialdataspace.orgRessource Hub – Press Area – Blog