Enhancing data protection with usage control
Usage control is an extension of access control designed to support the participants protect their data. It executes obligations. And it enforces usage restrictions after the access is granted. The restrictions can be layered. For example, it can say: Yes, you have access, but only for three days. Or yes but inform the owner.
Usage control is not only about provisions, it’s also about obligations. To facilitate this, we can introduce a component, the policy specification. However, before diving into that, let’s understand what an IDS contract is. The IDS Information Model defines an IDS contract as an abstract set of rules governing the usage of a resource. This contract, which can be thought of as a policy, is divided into two main sections: contract metadata such as the date the contact was issued, and usage control rules such as applications, permission, prohibition, and obligation statements. And that is the part of the contract that is of particular interest to us.
Defining usage control policies with templates
Which kind of policies can be defined? The IDS standard provides templates, referred to as policy classes, that either limit data usage to specific conditions or require certain obligations before or after data usage. Here are three examples: Allow or prohibit a consumer to use the data. Restrict the data usage for specific purposes (for example only for research). Use data and delete it afterward. As more use cases and stakeholders emerge, more templates will be introduced to assist users in defining their policies.
A usage control policy is formed by combining one or more instances of policy classes or templates. These policies are designed to be machine-readable and interpretable, allowing for automated enforcement and sharing. The choice of the ODRL (Open Digital Rights Language) for expressing these policies within IDS was made for two reasons: simplicity and extensibility. ODRL offers a straightforward structure and an extensive vocabulary for policy creation, including the ability to define terms and create profiles.
The policy editor: simplifying policy specification
Do you need to know how ODRL works to specify a policy? No, because the policy classes and a so-called policy editor are available to enable people with different backgrounds and expertise to use the templates and create their policies.
When a data provider intends to offer data, they use the policy editor to specify a policy, resulting in a contract offer. Likewise, the data consumer can use the policy editor to create a request. These contract requests and offers go into a negotiation process, might bargain, and create an agreement. Once an agreement is reached, the data can be transferred. The entire process can be automated.
Technologies enabling policy enforcement
To ensure the enforcement of usage policies, you need usage control technologies. One such technology is MYDATA Control Technologies developed by Fraunhofer IESE. It maintains data sovereignty by monitoring or intercepting security-relevant data flows. These flows can be modifications of data streams based on a set of rules like: Remove all customer addresses before releasing data to external parties.
Another technology is LUCON (Logic based usage control), developed by Fraunhofer AISEC and integrated into the Trusted Connector. It controls data flows between IDS-based data connectors by message labeling. A third usage control technology is OPA (Open-Source Policy Agent), an open-source, versatile policy engine that utilizes a high-level declarative language called Rego and can handle structured data as input.
Balancing technology and organizational management in policy enforcement
Policy enforcement is quite complex and is typically achieved through an IDS-based data connector. At the end, how best to define the enforcement points depends on the use case. Although new technologies to technically enforce these policy rules are arising, some aspects require organizational management rather than technology enforcement.
The IDS standard provides a framework for data sharing with defined protocols. Participants can use the technology to enforce their policies, just following the protocols to implement it how they want. While the IDS standard does not dictate specific methods and technology solutions, it provides support. If you have unique requirements and ideas, you can also build your own solutions because the ODRL contracts and policies are designed to be interoperable!
Find the first part of this article here: Data usage control – indispensable to enable data sovereignty part 1 – International Data Spaces