In spring 2015, the Fraunhofer Gesellschaft launched the "Industrial Data Spaces" (IDS) project with partners from industry and the support of the German government (BMBF, BMWi, BMVI and BMI). The aim was to create an internationally open data space for industry. At this year's Hannover Messe, the International Data Space Association presented a reference architecture model, certification for secure data exchange and corresponding use cases. The message behind these key points: The IDS data architecture is ready for commercial use!

The IDS Ready seal

With 'IDS_ready', the certificate for secure data exchange, the International Data Spaces are ready for commercial use in business, announces the IDS Alliance. Companies that want to benefit from the key architecture for sovereign data exchange and participate in value creation processes can now obtain certification. "This is a historic moment," said Lars Nagel, Managing Director of the IDSA. "For the first time, companies outside the association can use the IDS architecture." This is made possible by the IDS_ready certification, which ensures that the company or organization complies with the IDS reference architecture and the developed DIN SPEC 27070 standard.

Secure data communication in the IoT

"These data sovereignty measures for IoT devices ensure secure and trustworthy data communication in times of digitalization and the associated mass use of networked devices," explains Sebastian Steinbuss, Director Architecture at IDSA. The IDS_ready certification process ensures that the company complies with the standard. A certification body uses criteria catalogs to check whether a company and its components are IDS-compliant or not and whether they can participate in the IDS data architecture. If successful, the 'IDS_ready Organization' and 'IDS_ready Component' certificates are awarded.

The IDS reference architecture model 3.0

The criteria catalogs are based on the 'IDS Reference Architecture Model' (IDS-RAM), the new version of which was published at this year's Hannover Messe. The focus of IDS-RAM 3.0 is not only on certification, but also on data security and data governance. "The reference architecture model defines the security standards, control and enforcement rules for data usage and the traceability of data origin," emphasizes Sebastian. In addition, the RAM defines the roles and responsibilities for data management and data-driven business ecosystems.

Good traceability of the data

The IDSA managers see a possible field of application in the area of machine learning, for example. It is conceivable that a marketplace could be created in the IDS in order to acquire machine data in a neutralized manner and in turn offer platform-independent microservices. And machine manufacturers do not have to disclose their own data if they do not want to. They can only use data from other companies if they comply with the policies.

A secure data marketplace without complex contracts is what the developers have in mind. Mechanical engineers and 3D printing providers are also interested in this. Thyssenkrupp and IBM are currently developing a platform based on IDS and IBM blockchain technology. In addition to data security and sovereignty, the combined use of the two technologies is intended to achieve a higher degree of automation of order processing in additive manufacturing technology. On the one hand, smaller customers without previous expertise will be given quick and easy access to additive manufacturing, while on the other, the platform will enable better planning and a verifiable quality standard across the entire process chain. At the beginning of the process, customers provide thyssenkrupp with plans for their components in the form of CAD files. This data is the valuable intellectual property of the companies, as it forms the basis for the production of the special components - data security and sovereignty are maintained thanks to IDS and IBM blockchain. This takes the platform concept to a new level by significantly increasing efficiency, security and the expertise provided.

The basis: ISO 27001

By using the software-based IDS Connector, industrial data clouds can be networked with each other, but individual company clouds, local applications and individual devices can also be connected to the data space.

© iDSA

Many companies still shy away from sharing data. "IDS participants can decide for themselves who sees the data, who is allowed to use it, how it is used and what it costs," says Gerd Brost from Fraunhofer AISEC, summarizing the concept. Certification for companies and components, such as the so-called IDS Connectors, gives participants in the IDS ecosystem security. "We are on the eve of the broad roll-out of certifications. The IDS_ready label invites companies to gain initial experience with IDS and prepares them for the actual certification. There is latent uncertainty in the industry when it comes to data and data sovereignty, and we are addressing these two fears with the IDS," adds Brost. TÜV Süd or PricewaterhouseCoopers award the certifications for one year, which are based on an IDS reference architecture. They audit the organizations and Fraunhofer experts check the technology. Companies that already have ISO 27001 certification, for example, can build on this. This speeds up the process. The auditors check the organization or the components of a company. "For the organization, we look at the documentation and processes relating to information security. There are three security levels for the components: basic with standard internet security, trust with unclonable identities and remote attestation, and trust+ for connectors that are even protected against manipulation by malicious admins," explains Brost.