Trust framework
Last updated
Last updated
Copyright © 2024 iSHARE Foundation
Trust in the data space is achieved by implementation of the iSHARE Trust Framework. The trust is achieved by three trust principles:
DSSC Description
The first important element of this building block is the concept of trust. According to commonly accepted definitions* for this concept, trust is defined as a firm belief in the reliability, truth, or ability of a party to fulfil a promise.
In the context of a data space, this definition implies the following:
Trust or distrust is the result of a threshold that is set by the decision-making party and is based on a risk assessment** to determine the level of trust from the evidence provided. This evidence can be proof of a specific statement, such as a diploma or driving license.
The concept of trust in data spaces can be translated into compliance with a set of rules to support decision-making parties in performing their risk assessment to determine the level of trust. This can be verified through a technology framework that provides information on transparency, security, controllability, and interoperability.
The starting point is the data space governance framework, which outlines the data space's requirements, criteria, and regulatory needs. Strict adherence to these requirements and criteria ensures a minimum baseline level of trust and reliability among participants. Accredited Trust Anchors can verify the accuracy and legitimacy of claims, e.g. self-declarations and additional attributes declared by participants using various verification mechanisms. Secondly, interoperability is a crucial component of this building block, as clearly recognized by the European Interoperability Framework (EIF) which provides legal, semantic, organizational and technical interoperability layers. The trust framework described here, specifically addresses the organizational and semantic interoperability layers by providing guidelines and the fundamentals of the most commonly used mechanisms, e.g. the use of the Open Digital Rights Language (ODRL) as a common language to express policies, rights, obligations, etc.
** Risk assessments are, to a certain extent, subjective matters that depend on the assurance or proof provided regarding the promise or claim made by the entity subject to the assessment.
The complete description is available here.