Certification

M

IDS certification scheme

Any organization or individual seeking permission to operate components in the International Data Spaces needs to pass the Operational Environment Certification which ensures secure processes and management of components.

Comparably, each IDS component is expected to behave in adherence with IDS specifications and to protect the data which is transferred and processed. It shall allow participants to assess the possible consequences of data sharing and provide transparent information. Therefore, components need to pass the Component Certification before they may be used in the IDS.

While the certification of organizations and individuals focuses on security and trust, the certification of components additionally refers to compliance with technical requirements ensuring interoperability.
To ensure a consistent process in the certification of participants and core components, the IDS uses a certification scheme comprising all processes, rules, and standards governing the certification process. The IDS Certification Scheme follows best practices from internationally recognized certification concepts.

IDS Certification on GitHub

IDS Certification is described in the IDS Reference Architecture Model (IDS-RAM), a practitioner-oriented guide to designing and implementing architectures for data spaces.

IDS Certification on GitHub

Roles in IDS Certification

The realization of the IDS certification scheme requires different roles responsible for different tasks:

applicants,
evaluation facilities, and
certification body

Certification body

The certification body oversees the certification process regarding quality assurance and framework governance. It defines standard evaluation procedures and supervises the actions of the evaluation facilities. A certificate is granted only if both, the evaluation facility, and the certification body have concluded that all preconditions for certification are fulfilled.

Evaluation facility

Contracted by an applicant, the evaluation facility is responsible for carrying out the detailed technical and/or organizational evaluation work during a certification process. The evaluation facility issues an evaluation report for the respective organization/individual or core component, listing details regarding the evaluation process and an assessment whether all requirements are properly fulfilled.

The approval scheme for evaluation facilities can be found here.

Applicant

The applicant is not just the subject of the evaluation and certification process but plays an active part in it. An applicant needs to actively apply to trigger the certification process. During the certification process, the Applicant provides all necessary material needed for the evaluation and certification of its component or organization and supports with questions or issues arising.

Certification process

The certification follows the same process for all certification profiles in operational environment and component certification. It consists of the following three phases:

Application Phase: The main goal of this stage is the successful start of the IDS evaluation and certification process.
Evaluation Phase: The main goal of this stage is the evaluation of an applicant or core component based on the defined evaluation criteria.
Certification Phase: The main goal of this stage is the examination of the evaluation report by the certification body, which issues a certificate if the result of the evaluation process is positive.

However, the details for each phase differ slightly between the assurance levels as described below.

Assurance Level 1

For Assurance Level 1, the applicant must apply directly to the certification body to trigger the start of the certification process.

Once the certification body accepts the application, the applicant is responsible for the evaluation phase by conducting a self-assessment and providing the results to the certification body. In the certification phase, the certification body reviews the self-assessment and issues the certificate, if the self-assessment meets the defined requirements.

asasdasd

Fig.: Certification Process for Assurance Level 1

Assurance Level 2 and 3

Assurance Level 2 and 3 require an independent evaluation facility to conduct the evaluation of the component or operational environment. The applicant must contract an evaluation facility. Together, applicant and evaluation facility finalize the application for certification with the certification body.

Afterwards, the evaluation facility is responsible for carrying out the evaluation according to the IDS certification scheme. The evaluation facility documents their progress and findings in an evaluation report which is passed on to the certification body at the end of the evaluation phase.

In the certification phase, the certification body examines the evaluation report and issues a certificate, if the evaluation was conducted properly and led to a positive evaluation result.

Close

M

IDS Certification criteria

IDS Certification ensures that IDS components and organizations or individuals who want to participate in data sharing meet the highest security standards.

These standards are industry-proven security criteria derived from ISO/IEC 27001 (international standard for information security management) and IEC 62443 (cybersecurity for operational technology in automation and control systems). In addition, IDS Certification implements security criteria defined in the Cloud Computing Compliance Criteria Catalogue
(C5) and the CSA Cloud Controls Matrix. Finally, IDS certification captures IDS specific criteria.

The certification criteria are defined in the IDS Certification criteria catalogs.

IDS Certification trust levels

IDS Certification ensures that IDS components and organizations or individuals who want to participate in data sharing provide a sufficiently high degree of trust and security. Nevertheless, the IDS Certification has a flexible setup and provides different levels of certification according to the intended use cases.

To ensure on the one hand a low entry barrier specifically suitable for SME’s and on the other hand a scalable certification to meet high information security requirements, three different security levels, with an increasing extent of the security requirements that need to be fulfilled, were defined:

Criteria for IDS Connector certification

Three different trust levels, with an increasing extent of the security requirements that need to be fulfilled, are defined:

Trust 1: offers basic security features to protect against attackers from outside, to ensure integrity and availability. It is therefore designed for use in scenarios with only low security requirements. A Connector meeting this profile is suitable for exchanging data with limited trust and security needs, for exchange of data in a contained environment or for demonstration purposes.
Trust 2: includes strict container isolation, integrity-protected logging, encryption of all persisted data, protection against accidental misuse by administrators. This profile is used for scenarios in which the protection of the processed and transmitted data is essential.
Trust 3: offers additional protection against misuse of privileged access, i.e., manipulation by administrators. This includes the protection against insider attacks as well as against external attackers who could gain privileged access. This is achieved by actively monitoring users and data on behalf of the data owner.

Criteria for IDS operational environment certification

The operational environment certification defines three different trust levels, with an increasing extent of the security requirements that need to be fulfilled:

Trust 1: covers only the basic security requirements that every participant of the International Data Space needs to fulfil. The entry level therefore serves as a low barrier for companies (especially SMEs) interested in trying out International Data Space participation.
Trust 2: covers additional security requirements, ensuring an advanced level of security. This level is suit-able for most core participants.
Trust 3: includes special security requirements that are necessary for International Data Space participants providing key services within the Inter-national Data Space.

Criteria Catalogue: Components-Broker

White Paper 2020 | Version 1.0

Criteria Catalogue: Components-Connector

White Paper 2021 | Version 2.1.2

Criteria Catalogue: Operational Environments

White Paper 2020 | Version 1.0

Close

M

Component certification

Trustful cross-company data exchange requires secure soft- and hardware components. All IDS components must meet a list of certification criteria to prove the provision of the required functionality, interoperability, and level of security. The evaluation of these certification criteria is conducted in the IDS core component certification.

Component assurance levels:

The depth and rigor of a component evaluation consists of the following three assurance levels, independent on the type of component that is being certified:

Assurance Level 1: Checklist self-assessment and automated interoperability testing
Assurance Level 2: External concept review including functional and security testing
Assurance Level 3: External evaluation including concept review, testing and source code audit

Connector trust levels

The criteria that make up each of the three trust levels for a Connector are defined in such a way that they are specific enough to ensure interoperability with the functional requirements of an IDS Connector, yet general enough, to allow the use of a Connector in different deployment scenarios without having to define different criteria catalogues for each separate use case.

The following three trust levels are defined for the certification of a Connector:

Trust Level 1: Data space interoperability
Trust Level 2: Feature complete for data usage control
Trust Level 3: Additional protection from internal attacks

The following figure illustrates all possible combinations of assurance and trust level, that an applicant can choose from.

This matrix approach allows the component developer to select a combination of assurance and trust level for their component that best correspond with the intended use cases.

On the one hand, this ensures a low entry barrier specifically suitable for SMEs. On the other hand, a scalable certification to meet high information security requirements becomes possible. purposes.

Close

M

Operational environment certification

Participants in the International Data Spaces share valuable data. It is essential that all participant's organizational processes and operational environments are trustworthy. This trustworthiness is evaluated in the IDS operational environment certification.

Central elements of the IDS operational environment certification are the different trust levels and assurance levels. The IDS established these levels to offer suitable certification profiles for different use case requirements.

On one side, the following three trust levels are established:

Trust level 1: Entry into data sharing
Trust level 2: Providing reliable services
Trust level 3: Offering trust-building services

Higher Trust Level represent the increasing number of criteria which needs to be fulfilled for a successful certification.

On the other side, the following three assurance levels are established:

Assurance level 1: Self-Assessment
Assurance level 2: External evaluation of corporate policies and processes
Assurance level 3: External audit of measures controlling the adherence to corporate policies

Higher assurance level represent the increasing demand for more reliable evidence that needs to be presented in different evaluation methods to prove compliance with the certification criteria.

Close

Q

aiXia

aiXia" which will be led by LANTEK (digital services) together with the companies LIS SOLUTIONS | S.L. (data analytics and ai services) | INGETEAM, S.A.(energy) | GOIZPER S.COOP. (machine-tool industry) | MONDRAGON ASSEMBLY S.COOP. (manufacturing) | UBIKARE ZAINKETAK, S.L. (healthcare) | EROSKI S.COOP (retail) | The technology coordinator is IKERLAN (a leading knowledge transfer center providing competitive value to companies)

SUCCESS:

Seeks to promote and research the necessary technologies for the definition of a reference architecture, operational models, adoption of standards and developments for a data space based on the common technical framework proposed by DSBA members, extending its main services to favor the development of artificial intelligence with guarantees of traceability, security, and governance of the data and services.

BENEFITS:

Aims to provide the country with a reliable data space that enables companies to offer new concepts of high-added value services based on data sharing, through the servitization of collaborative artificial intelligence for the productization and monetization of their data and industry knowledge in new business models.

COMPONENTS:

Will develop new services in the field of artificial intelligence and will explore current IDS components implementations (focusing on Connectors, Metadatabroker, and IdentityProviders) in order to select one of them to rely on.

LEARN MORE:

The Data Spaces Radar #3

Q

MONDRAGON ASSEMBLY EGOKIA

MONDRAGON ASSEMBLY - an international firm specializing in the development of automatization and assembly solutions for various sectors. It operates 6 production plants around the world and is part of the largest cooperative group in the world | IKERLAN Technical research center and member of IDSA

CHALLENGE:

EGOKIA solution allows collaborative learning and knowledge sharing between geographically distributed plants, integrating headquarters in Basque Country and domain experts. Thanks to the data space, data, and AI assets can be securely shared throughout different corporate sites and a new knowledge-based economy emerges.

SUCCESS:

Deploys an architecture based on IDSA connectors, linking Mondragon Assembly’s data and AI platforms from different corporate sites. With this new reliable data space, we extend the lifecycle of artificial intelligence models, enhance their capabilities, and facilitate trusted access and use of its assets by EGOKIA participants.

BENEFITS:

NEW BUSINESS MODEL: A new business model based on AI services and a knowledge-based economy. RELIABLE AI SOLUTIONS: A "standardized", flexible, and secure solution to break data silos to share and complete AI assets and processes between trusted organizations and production plants. Measurable benefits can be listed as: Up to 30% quality on models thanks to the application of federated learning techniques, reduce inversion and time to market on IA-based solutions or lower communications loads. STANDARIZED DATA SPACE – The organization is ready to take part in the knowledge economy with other entities, domain experts, and technology providers.

COMPONENTS:

Data Space connectors 8.0.2 Metada Broker 5.0.3 Identity Provider 1.6.0

Q

Gaia-X4KI – A sovereign data and service ecosystem for artificial intelligence in automotive development, production, and operation

Autonomous driving scenarios and the industrial production of required devices face a broad range of challenges related to data sovereignty and security. In particular, transfer of large, sensitive files and services in a policy-conform way are addressed in the prototypes.

SUCCESS:

The solutions are cloud-based and are embedded in existing industrial cloud landscapes to enhance data sovereignty of participants in complex data exchange relations.

BENEFITS:

Gaia-X4KI connects various stakeholders and their diverse system landscape from the complete autonomous driving development lifecycle.

COMPONENTS:

Eclipse Dataspace Components (EDC) and EDC MVD including Connector, Federated Catalog, Identity Hub, Registration Service

PREREQUISITES:

The data space is currently in development and being tested inside the project. It bases on open source components.

LEARN MORE:

Introduction

IKERLAN is a leading knowledge transfer technological centre providing competitive value to companies. We seek for excellence in R&D&i, thanks to the continuous adaptation to the needs of our customers and the proximity with the business reality. Faithful to our mission, we have been working daily since 1974 to develop solutions that allow our customers to become more and more competitive. We are a cooperative member of the MONDRAGON Corporation and the Basque Research and Technology Alliance (BRTA).

Business Expertise

Thanks to a unique cooperation model, which combines technology transfer activities, internal research and training of highly qualified personnel, IKERLAN is currently the trusted technological partner of major companies in the country. To meet our goal, we are structured into two technological specialization units:

ELECTRONICS, INFORMATION AND COMMUNICATION TECHNOLOGIES
ENERGY AND MECHATRONICS

IKERLAN is a center that is dynamic and open to the world. We are an accredited agent of the Basque Network of Science, Technology, and Innovation and of the Spanish Federation of Technology Centres. We have a major cooperation network integrated with renowned European centers and universities, with which we conduct activities of research and training of researchers.

Technical Expertise

Mission: To solve the technological challenges of the companies, improve their competitiveness and collaborate with the sustainable social and economic development of the environment, all of that from a position of technological leadership and with differential abilities in their areas of expertise.

Vission: Technological center, cooperative and non-profit, known as the European leader in its areas of specialization, with an exceptional cohesive human team, that provides value to the companies and society.

Contact Details

Santiago Charramendieta
scharramendieta@ikerlan.es

Website
https://www.ikerlan.es/

Q

Increased visibility of order delivery process

VTT | Wärtsilä | Uwira

CHALLENGE:

The use case revolves around expediting and enhancing transparency between a focal company of a manufacturing ecosystem (OEM) and its supplier in their production order management processes. The existing communication methods have proven inadequate in facilitating efficient and adaptable exchanges between the two entities. By facilitating transparency and fostering a more seamless integration between the IT systems of both companies, the management of product orders can be streamlined, resulting in heightened efficiency and a reduction in errors.

SUCCESS:

The objective is to facilitate a reliable and seamless flow of data between the OEM and its supplier by establishing a dedicated data space. The developed solution will be seamlessly integrated with pre-existing IT infrastructures of both companies and the solution is grounded in the framework of the IDS reference architecture.

The OEM can selectively disclose data from their production environment to the supplier without the fear of data leakages. Respectively, the supplier receives only the data that are essential for them and there is no need to locally extract meaningful insights and valuable information from big data sets.

BENEFITS:

The established data space solution has the potential to significantly enhance transparency between the OEM and the supplier. This gives rise to several potential benefits, including:
Effective Communication: Transparent communication helps in conveying accurate information about product specifications, requirements, changes, and timelines.
Risk Management: Sharing information about potential risks, such as changes in demand or design modifications, allows suppliers to proactively address these issues. Furthermore, in times of disruptions, such as supply shortages or unexpected market shifts, transparent communication helps both parties respond more effectively.
Cost Efficiency: Transparent communication allows both parties to work together to find cost-effective solutions.

COMPONENTS:

IDS connectors - serve as the communication interface linking the two companies and their existing IT systems. With IDS connectors, a data provider can define the rules and conditions (usage policies) under which data are shared with a data consumer.
DAPS - enables connectors to authenticate themselves using X.509 certificates. After successful authentication, the DAPS issues OAuth2 access tokens for connectors, who need these tokens to access the services and data of other connectors.
Metadata Broker— stores information about the data end-points offered by the participants. The broker provides a query interface for connectors and can hence be considered as the search engine in this use case.

LEARN MORE:

Show Use Case

M

Making the Dataspace Protocol an international standard

This publication details the specification path of the Dataspace Protocol, a significant step towards standardizing data space interoperability.

Key takeaways

- Data Spaces: Digital environments designed for trusted data sharing and utilization, enabling efficient implementation of advanced services and solutions.
- International Standards: The publication underscores the critical role of international standards in providing organizations with the confidence to invest in new data space technologies.
- Dataspace Protocol (DSP): A standardized framework developed by IDSA to integrate key processes common to all data spaces, ensuring interoperability and trust.
- European Union’s Data Act: Set to enter into force in September 2025, this legislation will raise global standards for data flow and sovereignty.
- Standardization path of the Dataspace Protocol: The publication provides detailed steps of the standardization process and a status update

Strategic impact of the Dataspace Protocol

The Dataspace Protocol is poised to revolutionize data sharing, much like the Internet Protocol (IP) and GSM standards did for the internet and mobile communications. The IDSA’s efforts in standardizing this protocol aim to unlock new opportunities for collaboration and innovation across various sectors.

The publication details the standardization path for the Dataspace Protocol, moving through development by the IDSA Working Group Architecture, handling by the Eclipse Dataspace Working Group, and final standardization by the ISO/IEC Joint Technical Committee 1.

This is a milestone in the journey towards a data-driven future, where data sharing is based on trust and data sovereignty. The IDSA’s commitment to international standardization sets the stage for a new era of data management and innovation.

Preview_Making the Dataspace Protocol an international standard

M

Data Space Fundamentals

Name of training provider: Software Quality Systems (SQS)

About the course: SQS has been appointed as an Authorised Training Provider, and the first training course, “Data Space Fundamentals,” will be held in Madrid. This foundational course provides the core principles of data spaces and is considered essential for any professional before starting any of the three itineraries.

Course format: Instruction delivered by an ATP instructor, 8+2 hours, 2 days, student performance will be based on an official assessment to get the certification.

Prerequisites: No Requirements Training will be in English

Venue: Madrid City Centre

Class price: €400 (Official Exam not included)(VAT not included)

Register

Certification: the basis of trust

How can you gain from your valuable data? – by sharing it with others in trustworthy partnerships. These partnerships are based on data spaces. It is therefore our goal to establish data spaces that guarantee a safe collaboration between partners.

Entrusting data to IDS

Transparency through clear processes

Two complementary types of certification

Core component certification

Operational environment certification

There are two assurance levels available

Operational environment certification

Certified data connectors

T-Systems Data Intelligence Hub (DIH) connector

VTT DSIL connector

TNO TSG Connector

Engineering TRUE Connector

IDS evaluation facilities

SQS | Software Quality Service

Low barriers to certification

More

Leaflet

Blog

Position Paper

Any questions? Contact us!

become a member

IDS certification scheme

IDS Certification on GitHub

Roles in IDS Certification

Certification body

Evaluation facility

Applicant

Certification process

Assurance Level 1

Assurance Level 2 and 3

IDS Certification criteria

IDS Certification trust levels

Criteria for IDS Connector certification

Criteria for IDS operational environment certification

Component certification

Component assurance levels:

Connector trust levels

Operational environment certification

aiXia

BENEFITS:

COMPONENTS:

LEARN MORE:

MONDRAGON ASSEMBLY EGOKIA

BENEFITS:

COMPONENTS:

Gaia-X4KI – A sovereign data and service ecosystem for artificial intelligence in automotive development, production, and operation

BENEFITS:

COMPONENTS:

PREREQUISITES:

LEARN MORE:

Introduction

Business Expertise

Technical Expertise

Contact Details

Increased visibility of order delivery process

BENEFITS:

COMPONENTS:

LEARN MORE:

Making the Dataspace Protocol an international standard

Data Space Fundamentals