Policies
Policies are used to increase data sovereignty by limiting the access and usage of data. In the following, access and usage policies with their usage in the EDC are described.
Access Policies
BPN Access Policy
This policy allows limiting access to a data offer based on a list of specific BPNs. This translates to the following functionality:
- The data offer creator will be able to create a policy listing all the BPN that can access the data offer
- This means that only the connectors registered in the Catena-X network with the BPN listed in the policy can see the data offer and accept it (for the creation of data contracts and subsequent data exchange)
Examples including a JSON payload for single and multiple BPN are described on this page in the tractus-x EDC repository or in the Connector Kit.
Usage Policies / Contract Policies
Policies are defined based on the W3C ODRL format. This allows a standardized way of formulating policy payloads. It further allows to stack different constraints with the odrl:and
operator. Therefore, every data provider can decide on his or her own under which conditions their data assets are shared in the network.
Since usage or contract policies are highly dependent on the use case, they are described by them in their associated KITs.
Contract Definitions
In the EDC, every policy is connected with a data asset by a contract definition. Details about the endpoint and payload can be found in the Transfer Data sample in the tractus-x EDC repository.
Verifiable Credentials
Verifiable Credentials (VC) are part of the Self-Sovereign Identity (SSI) standard by the W3C. Details about Catena-X specific VCs can be found in the CX - 0016 Company Attribute Verification standard. As mentioned there, it offers a UseCaseFrameworkConditionCX
type allowing a data provider to check if specific conditions, like a signed use case contract as introduced in the Purpose-base Usage Policy section, are agreed. Further technical documentation are presented in the SSI Docu repository.
NOTICE
This work is licensed under the CC-BY-4.0.
- SPDX-License-Identifier: CC-BY-4.0
- SPDX-FileCopyrightText: 2023 BASF SE
- SPDX-FileCopyrightText: 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
- SPDX-FileCopyrightText: 2023 Fraunhofer-Gesellschaft zur Foerderung der angewandten Forschung e.V. (represented by Fraunhofer ISST & Fraunhofer IML)
- SPDX-FileCopyrightText: 2023 German Edge Cloud GmbH & Co. KG
- SPDX-FileCopyrightText: 2023 Mercedes Benz AG
- SPDX-FileCopyrightText: 2023 Robert Bosch Manufacturing Solutions GmbH
- SPDX-FileCopyrightText: 2023 SAP SE
- SPDX-FileCopyrightText: 2023 Siemens AG
- SPDX-FileCopyrightText: 2023 T-Systems International GmbH
- SPDX-FileCopyrightText: 2023 ZF Friedrichshafen AG
- SPDX-FileCopyrightText: 2023 Contributors to the Eclipse Foundation
- Source URL: https://github.com/eclipse-tractusx/eclipse-tractusx.github.io/tree/main/docs-kits/kits/Industry%20Core%20Kit (latest version)