This content was created by the Data Sharing Coalition, one of the founding partners of the CoE-DSC.
The Data Sharing Coalition realised a case study with Smart Connected Supplier Network (SCSN) on how to develop a framework and roadmap to strengthen digital identity assurance in data spaces*. Our participants Exact, SBR Nexus and International Data Spaces Association provided their expertise and support. The findings from this research can apply to any type of data space with the ambition to improve digital identity assurance.
7 key findings of the case study on SCSN’s digital identity assurance
Below, we present the seven key findings of the report that can be downloaded here.
- Once a data sharing initiative starts to expand and facilitate new use cases, data sharing becomes more complex and riskier (e.g. in terms of financial, reputational, and compliance risks). Hence, a higher digital identity assurance is required.
- Risks related to digital identity assurance in the SCSN data space are driven by three factors: (1) the scope of messages supported by SCSN, (2) SCSN’s geographical scope of operations and (3) the number of users in the network.
- To improve the digital identity assurance framework, a data sharing initiative should enhance measures in three key areas: identification, authentication and risk-mitigating policies. Here, it’s key to create a solution in which implementation effort and required trust for user adoption are balanced.
- Onboarding procedures to join the network need to be conducted in a consistent fashion to avoid friction between and misaligned expectations of users of a data sharing initiative.
- When a group of users in a data sharing initiative has various trust requirements and implementation capabilities, several levels of assurance should be supported (e.g. basic and plus levels) to account for those varieties.
- Growing data sharing initiatives are advised to move towards digital certificates regulated under eIDAS for identification and authentication of their users, as this allows for future scalability and higher assurance. Moreover, identity assurance means under eIDAS are becoming widely adopted in various other sectors (e.g. financial (SBR Nexus), logistics (iShare)), and can be re-used by SCSN to improve its procedures.
- A digital identity assurance framework should be implemented in a phased manner to optimally balance risks assessed by users and implementation effort of trust solutions. To ensure that such a balance is maintained, network users are advised to apply an iterative (peer)-review process. Hence, new measures are implemented using a transition period to allow participants to prepare for changes.
Any data space can use the case study findings to improve their digital identity assurance framework
The case study contains general insights for data spaces to assure digital identity in the network and stimulate the adoption in various growth stages. For the Data Sharing Coalition, this case study serves as a basis for supporting data spaces to improve digital identity assurance and propel trustworthy and secure data sharing.
*Two main roles can be distinguished within a data space: a Data Service Provider and a Data Service Consumer. A data service is any service aimed at exchanging or processing data. To learn more, download our Data Sharing Canvas. Do you want to upgrade the identity assurance of your data space? Or do you want to know more about this case study? Feel free send us an email: firstname.lastname@example.org