Usage control in the international data spaces

In the age of Industry 4.0, data exchange between different organizations is an essential prerequisite to add more value to data and to develop modern business models. However, we have to solve several challenges to facilitate a secure and trustworthy data exchange between different organizations. Data sovereignty is a key success factor for data-driven business models. In the Industrial Data Space, we provide solutions to realize a secure and trustworthy data exchange as well as data sovereignty. In this report, we focus on data usage control and data provenance that are conceptual and technological solutions to cope with data sovereignty challenges. We introduce a common scenario for the Industry 4.0 age, in which a supplier and an original equipment manufacturer (OEM) are exchanging data to mitigate risks in the supply chain management. We describe the difference between access control and usage control, the usage control concepts and related concepts such as digital rights management or user managed access. We present the implementation of data usage control in the IDS. In doing so, we present the policy language, its integration to the IDS information model and introduce commonly used policies. Thus, we present a policy editor for expressing usage restrictions in the open digital rights language and their transformation to machine-readable policies. Our work includes a discussion about the different expansion stages for implementing usage control named the Usage Control Onion. As there are different ways to implement data usage control, we present three approaches researched and developed within Fraunhofer: The MYDATA Control Technologies, the Logicbased Usage Control and Degree. Every technology is presented in detail including its integration concepts. Finally, we compare these technologies and discuss them. We address data provenance as additional concept to data usage control to cope with transparency and accountability. Before we elaborate on the current state and future work of data usage control and provenance tracking within the IDS, we discuss the relation to other core components in the IDS Reference Architecture Model.