The handshake is one of the oldest forms of expressing one’s sincerity and goodwill to another person when closing a deal, while at the same time expecting that same mindset from that person in turn. What is hoped to reap from this ritual, is mutual trust. Even today, contractual agreements are often sealed with a handshake between the contractual parties. In virtual data ecosystems, however, there is no such thing as a handshake or looking deeply into each other’s eyes before closing a deal with another party. So how can mutual trust be established then?
In a data-sharing scenario, the data owner or provider wants to retain data sovereignty, which means to always stay in control of how the data made available is used by the other party. For data sovereignty to be guaranteed, it is necessary that any data made available is used in accordance with unambiguously defined rules. Sharing and exchanging data has to be a deliberate decision on both sides, which presupposes transparent information. Only if both parties can be sure they stick to the same rules, they are willing to collaborate.
Certification is a transparent process
IDS Certification defines and ensures a standardized level of security with regard to technical and organizational aspects. The result is a transparent process creating mutual trust between collaborating parties: knowing the data user is a certified party, the data provider can be sure their data will be used in line with the data usage policy specified; knowing the data provider is a certified party, the data user can be sure they get access to the data agreed upon under the conditions specified. Certification thereby grants admission to the data space, which facilitates secure and trustworthy data sharing and exchange settings beneficial to all parties involved.
Data sovereignty through federated design
From a technical perspective, the data space connects all certified endpoints (i.e. IDS Connectors) for potentially exchanging data among each other. In IDS, data always remains within the information systems of the data provider, which means that no data needs to be transferred to the data space for being exchanged. This is a major element for guaranteeing data sovereignty to each data provider.
IDS certification targets two levels: The Operational Environment Certificate is granted to IDS-compliant organizations seeking access to a data space, while the Core Component Certificate is granted to technical components deployed and used in data spaces. Basic certification can be requested simply by filling in a checklist made available on IDSA’s website.