iSHARE enables distributed trust in agriculture data spaces through the iSHARE Trust Ledger and i4Trust components. The iSHARE Trust Ledger registers verified organizations and digitally verifies their credentials and authorizations. It retrieves pointers to authorizations and data offerings. The iSHARE framework includes a shared international legal framework, distributed ledger, and authorization registry standard and service providers to facilitate trusted data sharing across sectors, data spaces, and geographies in a federated and distributed manner.
iSHARE Enabling Distributed Trust in Agriculture data spaces
1. iSHARE
Enabling Distributed Trust in
Agriculture data spaces
with the iSHARE Trust Ledger and i4Trust components
AgGateway Mid-Year Meeting
Gerard van der Hoeven / Executive Director iSHARE
Foundation / gerard@ishare.eu
Thursday June 2nd, 2022
iSHARE.eu
Copyright 2022 / iSHARE Foundation
7. 7
What if you could build on a digitally
verifiable Trust Anchor ..
8. 8
And with that foundation authorize business to only that
data set with those conditions that you want. Dynamically,
Digitally Verifiable, Controllable and Traceable
10. 10
Data agnostic Bringing:
Data Sovereignty and
Trust
in Data Sharing
in Data Spaces
Federated and
Distributed
Non Profit Trust Framework
11. 11
Live since 2018 Growing 100x this year
Trust Framework
Data of over 1,5 Mln
businesses
Trusted by Governments
Reaching + 100.000
participants this year
Compliant with Gaia, IDSa
12. iSHARE Core Elements
12
Shared International Legal Framework
Covering data handing and use of licences
Distributed Ledger for registration of Verified Organisations
(Participants in data spaces) ,
Digitally Verify Credentials and Authorizations
and retreive pointers to Authorizations and Data offering.
Authorization registry standard and service providers.
iSHARE Satellite ( IDSA ParIS )
- Register Participants (DLT)
- signed contracts
- certificates
- capabilities end-point
- authorization end-point
iSHARE Legal framework for
confidential business data sharing
- Tested and proven legal framework
for one to many data sharing,
governed by the iSHARE Foundation
iSHARE.eu
13. the iSHARE ledger is cross cutting
sectors, data spaces and geographies...
13
Dutch
Logistics
Belgian
Logistics
Building
Sector
Agri
Sector
Energy
Sector
Data sharing between dataspaces is enabled by the distributed iSHARE Register of participants
14. 14
Metadata &
Discovery Services
Trusted
Exchange
Data Models &
formats
Data Exchange
API
Provenance &
Traceability
Access & Usage
Control/Policies
Identity Management
Publication &
Marketplace Services
Data Usage
Accounting
Operational
Agreements
Organizational
Agreements
Business
Agreements
Data
Interoperability
Data Sovereignty
and Trust
Data
Value Creation
Data Spaces
Governance
Technology Building Blocks
Bringing building blocks for Data Spaces
opendei.eu
15. Federated Data Space Core Roles
15
All IDPs complying with
the EIDAS framework
or ISHARE Framework
in case intercontinental
Service providers or
own implementation
with the open source
components from
iSHARE or i4Trust.
16. Use case examples of pragmatic data
spaces
16
Climate agreement reporting Prediction of arrival of goods Food value chain reporting
18. Design principles of this data space
18
Metadata &
Discovery Services
Trusted Exchange
Data Models &
formats
Data Exchange API
Provenance &
Traceability
Access & Usage
Control/Policies
Identity
Management
Publication &
Marketplace Services
Data Usage
Accounting
Operational
Agreements
Organizational
Agreements
Business
Agreements
Data
Interoperability
Data Sovereignty
and Trust
Data
Value Creation
Data Spaces
Governance
Technology Building Blocks
19. Reality example : Climate Agreement
Reporting
19
Data Space Logistics
International Legal Framework governed by iSHARE Foundation
GOVT needs the
energy
consumption data
from organization P
who grows plants
and received a
grant.
20. Reality example : Climate Agreement
Reporting
20
Data Space or Domain
International Legal Framework governed by iSHARE Foundation
GOVT checks in
the iSHARE
satellite where P
has data available
for his need.
21. Reality example : Climate Agreement
Reporting
21
Data Space or Domain
International Legal Framework governed by iSHARE Foundation
GOVT requests the
data from the data
provider, EDSN
22. Reality example : Climate Agreement
Reporting
22
Data Space or Domain
International Legal Framework governed by iSHARE Foundation
EDSN checks if
parties are trusted
and where
Authorizations are
stored.
23. Reality example : Climate Agreement
Reporting
23
Data Space or Domain
International Legal Framework governed by iSHARE Foundation
Then checks if
there is an
authorization to
share the data with
GOVT at the
Autorization
Register
24. Reality example : Climate Agreement
Reporting
24
Data Space or Domain
International Legal Framework governed by iSHARE Foundation
P gets the
message that
GOVT requires
authorization to a
data set for a
periode and gives
that.
25. Reality example : Climate Agreement
Reporting
25
Data Space or Domain
International Legal Framework governed by iSHARE Foundation
Then shares the
data, according to
the standard and
the Gaia-X
principles.
26. Use case success factors to start the Ag
dataspace
27
Start with existing
confidential
business data data
of many
organizations with
a launching data
consumer
Start with simple
data services ( like
max 10 fields in a
single service)
with a clear
definition, with
impactful use.
Build on the
iSHARE trust
foundation from
the start, instead
of waiting till the
end.
Don’t reinvent the
wheel, but utilize
i4Trust
components
(FIWARE & iSHARE)
28. We take you by the hand in i4Trust.org
29
▪ 9 month customized mentoring programme, which include:
▪ Experiments implementation
▪ Mentoring support for workforce re/up-skilling
▪ Support on legal, operational, technical and business
▪ Support on i4Trust technology framework
▪ Financial support. Bottom-Up Experiments will be granted with a lump sum that will
range in between €72,000.00 to €120,000.00
30. Who can apply?
31
Criteria/Legal Status SME Slightly Bigger
Headcount in Annual
Work Unit (AWU)
less than 250 less than 500
Annual turnover less or equal to 50 million EUR OR
annual balance sheet total less or
equal to 43 million €.
less or equal to 100 million EUR OR annual
balance sheet total less or equal to 86 million
€.
* Included as fully operational in the S3 catalogue when signing the SGA
https://s3platform.jrc.ec.europa.eu/digital-innovation-hubs-catalogue
■ Bottom-Up Experiments Consortia
i4Trust Bottom-Up Experiments have to be proposed by a consortium,
including, at least:
■ 3 SMEs or slightly bigger companies
■ 1 DIH*
31. How to apply?
32
https://i4trust-open-call.fundingbox.com/
Complete all the sections that are marked with A RED
ASTERISK.
Fill out all the required fields.
From May 10,2021
To September 9, 2021*
*Tentative dates
Support:
i4Trust Community Helpdesk:
https://spaces.fundingbox.com/spaces/i4trust-
open-call-helpdesk
By email:
i4trust.helpdesk@funidngbox.com
32. Get in touch for more details
iSHARE.eu
And via this to get to the portals for your key
interest
• Developers (postman collections etc)
https://dev.ishare.eu
https://github.com/iSHAREScheme
• Legal and scheme details
https://ishareworks.atlassian.net
• Community forum
https://forum.ishare.eu
Or by reaching out to our team:
• Gerard van der Hoeven
Director
gerard@ishare.eu
+31651523935
• Rajiv Rajani
CTO
rajiv@ishare.eu
+31617962003
33
33. 34
iSHARE
. e u
iSHARE has received funding from the Dutch Topsector Logistics,
as part of the Ministry of Infrastructure and Water.
Lets accelerate ag data spaces .. together
34. 35
iSHARE
. e u
iSHARE has received funding from the Dutch Topsector Logistics,
as part of the Ministry of Infrastructure and Water.
37. Verifiable credentials and iSHARE
• iSHARE is already evolved version of verifiable credentials, where participants not only
share credentials but also data which is verifiable and non-repudiable
– Using the PKI infrastructure participants get their verified credentials from known and
trusted authorities
– Using the PKI key issued by trusted authorities, they not only sign their identity tokens
to authenticate themselves but also can sign the data they share with other
participants
– With the coverage under iSHARE legal framework the recevier of the data has option
of legal recourse when incorrect data is shared with them
– With iSHARE satellites which are distributed and federated, participants can validate
the adherance to iSHARE framework before sharing the data and/or requesting data
38
38. External data authorisations principles in
iSHARE
• Data stays at the source
• Authorisations are given by the data owner
on attributes of a data set at a Service
Provider.
• Authorisations go with Usage Licences for
the shared data.
• Data owners select their own Authorisation
service provider or have their own
Authorisation service
• With signed and verifiable authorisation
evidence participants can share data in
confidence
39
39. .. enabling cross data space discovery
and trust.
40
iSHARE foundation
Scheme Owner (SO)
Framework
(specifications)
Certifies satellites
Satellite of satellites
SO APIs
Participant Register
SO APIs
Participant Register
SO APIs
Participant Register
SO APIs
Participant Register
SO APIs
Participant Register
41. With federated trust governance accross
multiple data spaces
Executive
Board
Trust
Governance
Standard
Management
Supervisory
Board
Council of
Participants
Council of
Sponsors
Change
Advisory Board
L/O F/T
Appoint
Supervise
Advice
Advice
iSHARE Foundation (Scheme Owner)
Operational
Strategic
Represent Represent
Satellite
Data Space
Adoption
Data Space
Standard
Management
Supervisory
Board
Council of
Participants
(Council of)
Sponsors
Change
Advisory Board
L/O F/T
Appoint
Appoint
Supervise
Advice
Advice
Data Space
Operational
Optional
Satellite
Data Space
Adoption
Data Space
Standard
Management
Supervisory
Board
Council of
Participants
(Council of)
Sponsors
Change
Advisory Board
L/O F/T
Appoint
Appoint
Supervise
Advice
Advice
Data Space
Operational
Optional
Satellite
Data Space
Adoption
Data Space
Standard
Management
Supervisory
Board
Council of
Participants
(Council of)
Sponsors
Change
Advisory Board
L/O F/T
Appoint
Appoint
Supervise
Advice
Advice
Data Space
Operational
Optional
Satellite
Data Space
Adoption
Data Space
Standard
Management
Supervisory
Board
Council of
Participants
(Council of)
Sponsors
Change
Advisory Board
L/O F/T
Appoint
Appoint
Supervise
Advice
Advice
Data Space
Operational
Optional
…
Marketing
Metadata &
Discovery Services
Trusted Exchange
Data Models &
formats
Data Exchange API
Provenance &
Traceability
Access & Usage
Control/Policies
Identity
Management
Publication &
Marketplace Services
Data Usage
Accounting
Operational
Agreements
Organizational
Agreements
Business
Agreements
Data
Interoperability
Data Sovereignty
and Trust
Data
Value Creation
Data Spaces
Governance
Technology Building Blocks
Metadata &
Discovery Services
Trusted Exchange
Data Models &
formats
Data Exchange API
Provenance &
Traceability
Access & Usage
Control/Policies
Identity
Management
Publication &
Marketplace Services
Data Usage
Accounting
Operational
Agreements
Organizational
Agreements
Business
Agreements
Data
Interoperability
Data Sovereignty
and Trust
Data
Value Creation
Data Spaces
Governance
Technology Building Blocks
Metadata &
Discovery Services
Trusted Exchange
Data Models &
formats
Data Exchange API
Provenance &
Traceability
Access & Usage
Control/Policies
Identity
Management
Publication &
Marketplace Services
Data Usage
Accounting
Operational
Agreements
Organizational
Agreements
Business
Agreements
Data
Interoperability
Data Sovereignty
and Trust
Data
Value Creation
Data Spaces
Governance
Technology Building Blocks
Metadata &
Discovery Services
Trusted Exchange
Data Models &
formats
Data Exchange API
Provenance &
Traceability
Access & Usage
Control/Policies
Identity
Management
Publication &
Marketplace Services
Data Usage
Accounting
Operational
Agreements
Organizational
Agreements
Business
Agreements
Data
Interoperability
Data Sovereignty
and Trust
Data
Value Creation
Data Spaces
Governance
Technology Building Blocks
42
42. And goverance of taxonomy, interoperability
and value creation per data space.
Satellite
Data Space
Adoption
Data Space
Standard
Management
Supervisory
Board
Council of
Participants
(Council of)
Sponsors
Change
Advisory Board
L/O F/T
Appoint
Appoint
Supervise
Advice
Advice
Data Space
Operational
Optional
Metadata &
Discovery Services
Trusted Exchange
Data Models &
formats
Data Exchange API
Provenance &
Traceability
Access & Usage
Control/Policies
Identity
Management
Publication &
Marketplace Services
Data Usage
Accounting
Operational
Agreements
Organizational
Agreements
Business
Agreements
Data
Interoperability
Data Sovereignty
and Trust
Data
Value Creation
Data Spaces
Governance
Technology Building Blocks
43
43. Core principles of iSHARE Trust Network
• Federated Network of Trusted Parties
– Onboarding and validation of parties
by independent iSHARE Satellites in
data spaces and segments.
– Joint legal framework to assure trust
– Governance by participants
• Data Providing based on Data Sovereignity
– Only based on explicit policies by data
owners data is shared by data
providers.
– Policies allow for attribute level
authorization
– Data stays at the source
– Only secure interaction with EIDAS
based keys.
44
• iSHARE is data model agnostic so enables
organisations to collaborate on the same
organisation trust level on different data
models and architectures.
• Federated governance
– Data spaces have full independency in
adding additional legal requirements
– Onboarding participants
• Cross data space discovery and trust
– DLT is allowing for validation of trust
level of participants in the network
– International and cross domain by
default, with pointers to the
specifications.
44. iSHARE is the Trust Framework for Data
Sovereignty en Sharing in Data Spaces
45
iSHARE is the cross sector trust
framework enabling data spaces to
work in line with Gaia-X principles
and on IDS archtecture with the
iSHARE federated components
Participant Register and
Authorization Register.
Data exchange is always validated
against the federated trust network
register. The register is linked to
EIDAS and always validates machine
identities in every transaction.
But also validates data agreements
registered by iSHARE satellite
operators. In line with Gaia principles
And in every transaction of data
sharing the data sharer checks with
the policies in the federated iSHARE
policy service / authorization register.
In line with the Gaia Architecture.
Currently with data of over 45.000
companies in the trust network.
45. iSHARE is the Trust Framework for Data
Sovereignty en Sharing in Data Spaces
• Providing the legal and operational
governance and procedures for trust in
data spaces
• Enabling data spaces to focus on
applications and collaboration.
46
• iSHARE Satellites are PARis role in IDSa
• Enabling
– Participant registration
– Participant contracting
– Participant certificate registration
• iSHARE trust network is DLT based, so
every satellite has access to the entire
network!
46. Data Pointers in the iSHARE Satellite for
data spaces
47
Endpoint for who is in the data space
Endpoint for the definition JSON for
the OPENDEI fields
47. Data Pointers in the iSHARE Satellite for
participants
48
Endpoint for the data sources;
- Single endpoint + standard
- Array [ JSON ] of endpoints +
standard
- Marketplace pointer
Endpoint for the Authorization
Registry
- Single AR
- Multiple AR { same order as array }
Details on Participants
- Contact details
- Logo URL
- Specifications
- Location
- Tags
48. Trust validation of Participants
49
Signed Contracts
- iSHARE Legal
Framework
- Data Spaces Specific
additional legal
Validated and registered
Chamber of Commerce
Documentation
EORI Number
Validated and
registered
EIDAS Cerficate
Public Key available
Validated by
Registering satellite
Level of Assurance
Role in the network
49. iSHARE is a legal framework providing
legal assurance of data sharing ….
50
International Legal Framework governed by iSHARE Foundation
iSHARE
Legal Framework
• Signed by
authorized persons
on behalf of
participating
organisations
• Covering data
goverance
50. .. iSHARE satellites onboard trusted
participants in the iSHARE ledger ..
51
Data Space or Domain
International Legal Framework governed by iSHARE Foundation
iSHARE
Participant Register
• Company EORI
• Legal Hash
• Public Key EIDAS
• Authorisation
Register Locator
• Capability Locator
51. .. and hence allowing trusted parties to
authorize data access to any node ...
52
Data Space or Domain
International Legal Framework governed by iSHARE Foundation
iSHARE Certified
Authorisation Register
• Company EORI
• Per data node
q Policies for data
q Participant
specific or generic
q Licence for data
• OAuth 2 and
XACML based
52. .. even by personal access to data by
support of iSHARE certified IDP’s …
53
Data Space or Domain
International Legal Framework governed by iSHARE Foundation
iSHARE Certified
Identity Provider
• Company EORI
• Users that may act
on behalf of the
organisation
• OpenID Connect
based
53. Joining is easy and fast
Select the best suited Satellite in your data space
Register in the following steps
login with EIDAS Compliant business identity at
your satellite / data space coordinator.
digitally sign the iSHARE Terms of Use and
Adhering Contract
digitally sign the addition service agreement
with the satellite (if applicable)
register your authorization register service
provider and data service providers at
the satellite interface
Select the best suited Authorization Registry
service provider in your data space
Register in the following steps
login with EIDAS Compliant business identity at
your selected Authorization registry
register or select the existing data providers
(optionally)
record the policies and licences per data
provider / data hub. (optionally)
Keep an eye on incoming requests
54
54. Join the ever growing iSHARE Trusted
network!
• Cost structure for the use of iSHARE is
quite simple:
– iSHARE is funded through data
spaces that use iSHARE as Trust
Framework. They agree on a
financial structure for their data
space.
– Use your existing EIDAS identities
– Use your existing data at your
platform service providers
• Select the most suited parties and take
the control back over your data!
iSHARE is growing step by step and hence
building greater trust for all participants!
End of 2021
Data of 100.000 organisations available in the
iSHARE Network
iSHARE services available
- 5 Authorization Registry Service Providers
- 4 Satellites (Logistics, Energy, Building)
- 4 Identity Service Providers
- 30 Implementation Service Providers
Check if your business partners are already
onboard via https://check.ishare.eu
55
55. Frequently Asked Questions
• Can I use my own local identity provider?
Yes, as long as the authentication is in
line with the trust levels and
authorization is linked to a company EORI.
• Can iSHARE also be used by governments?
Yes, iSHARE authorizations can be given
and can be created on a mandatory basis
to give governments the required access.
• Do I need a major IT implementation to
get value from iSHARE?
No, as a data owner you can already take
value of iSHARE in your operation by
sharing access
56