BDI Public Documentation
  • Reference Architecture
    • INTRODUCTION
      • Core Principles
      • Stack and KITs
      • BDI Technical Roles
    • BDI Maintenance and Community Contributions
    • Trust KIT
      • Digital Identity
        • Digital Identity M2M
        • Digital Identity H2M
      • Authentication
        • Authentication M2M
        • Page
        • Authentication H2M
      • Authorization
      • Edge agreements
      • Policy agreements
      • Onboarding Terms and Conditions
      • Association Register
      • Discovery
      • Demos
        • Trusted Goods Release & Delegation
    • Logistics Event KIT
      • Notification pub/sub service
      • Event Choreography
      • Trusted Goods Release - Event Demo
    • Semantics KIT
      • Overview
      • Logistics event Ontology
      • Demos
    • Representation KIT
      • Representation Chain
      • Professional Qualification Chain
      • BDI Association Roles
      • Demos
    • Federation KIT
      • Federation of Associations
      • Business Partner Reputation Model
      • Interoperability
      • Demos
    • Data Set KIT
      • Data Licenses
      • Demos
    • Verifiable Credentials KIT​
      • Verifiable Credentials
      • Provenance & Traceability
      • Demos
    • Security
      • Information Security Policy
      • Risk Assessment and Treatment
      • Control Implementation
      • Monitoring, Measurement, Analysis, and Improvement
    • Boundary Management
      • Digital Asset Boundaries
      • Physical Asset Boundaries
      • Legal Asset Boundaries
      • Demos
    • GLOSSARY
      • BDI Terms
Powered by GitBook
On this page
  • Purpose of the building block
  • Concepts
  • Risks
  • Interlinkages with other building blocks
  • Elements and their key functions
  • Core design decisions
  • BDI layer licenses
  • Combined list of available licenses
  • Future topics
  • Further reading
Export as PDF
  1. Reference Architecture
  2. Data Set KIT

Data Licenses

Data licenses describe the terms and conditions for using data. BDI recognises a layered licensing structure. Licenses are used in authorisations for data transactions and are defined in this building block of the BDI framework.

Purpose of the building block

The purpose of the data licenses building block is to allow Data Owners to control what Data Consumers are allowed to do with their data by providing instructions on how a service may be consumed or under which conditions data may be exchanged.

Concepts

The following concepts (from the BDI Glossary) are particularly relevant in this building block:

Concept
Meaning

Data licenses

  • Descriptions of the terms and conditions for using data

  • Either in free form text or in ODRL

Data Owner

  • Has control over data and access to data,

  • Controls decisions on Data Sovereignty and Trust Sovereignty

  • Controls authorisation policies, representation rules, professional qualification verification of staff and contractors

  • Controls subscription to the Event Pub/Sub Service and publishing of events to subscribers

  • Controls discovery and endpoints

  • Controls roles assumed by entity

Data Consumer

  • Requests access to data and/or Representation Register and/or Professional Qualification Register of the data owner

  • Controls discovery and endpoints

  • Requests subscription to data owner’s Event Pub/Sub Service, receives and evaluates events

Risks

When not selecting the correct license, the Data Consumer might not be sufficiently legally bound to the right terms and conditions for using their data, which could result in data abuse and thereby in financial or reputational damage to the Data Owner, or (indirectly) the Data Service Provider.

However well the licenses are implemented, there is no technical guarantee that the data is used in conformance with the applicable licenses. The legal context of the framework mitigates this risk, but a residual risk remains.

BDI encourages participants (particularly Data Consumers) to implement proper data management and or data governance to ensure proper handling of data.

Interlinkages with other building blocks

This building block is closely tied to Authorization, since a license may be part of an authorisation. The authorisation defines:

  1. Which party

  2. Is allowed to access which data attributes

  3. (Optionally) at which Data Service Provider

  4. (Optionally) with which terms and conditions for using the data (licenses)

Elements and their key functions

Example of acceptable stacking of licenses

  • 0004 Licensee may enrich received data with own data before re-sharing

  • XXXX Licensee may use received data in the region Europe

Core design decisions

Licenses are defined on three layers:

  3. Association layer. The available licenses are defined in the framework agreements of a BDI Association (when these exist).

BDI layer licenses

There are currently no specific BDI licenses defined.

Combined list of available licenses

Future topics

Future topics that are of interest to this building block are:

  • Research how Incoterms can be applied in the context of licenses.

  • Research which technical controls are available to enforce adherence to licenses.

  • Align with other data spaces initiatives on the topic of policy enforcement.

Further reading

This building block has been drafted using the following sources, that provide opportunity for further reading:

PreviousData Set KITNextDemos

Last updated 9 months ago

Licenses are defined in framework documentation (see below). In Authorisations, licenses are applied. As defined in Authorization, and particularly in the , one or more licenses ("stacking") can be applied to an Authorisation. Data Owners must make sure that when more then one license is used, the licenses must not be contradictory.

iSHARE layer. The available licenses are .

BDI layer. The available licenses are defined .

Contribute to iSHARE's licenses framework through the , particularly through (including improved specification on the usage of ODRL).

, specifically on the topic of

0000

No limitations

0001

Re-sharing with Adhering Parties only

0002

Internal use only

0003

Non-commercial use only: licensee may not use the data to generate revenue

0004

Licensee may enrich received data with own data before re-sharing

0005

Licensee may enrich received data with data of others before re-sharing

0006

Licensee may enrich received data with own data before re-sharing on a non-commercial basis

0007

Licensee may enrich received data with data of others before re-sharing on a non-commercial basis

9999

As determined between Parties

iSHARE data model for authorisations
defined in the iSHARE Trust Framework
iSHARE's Change Management process
RFC037
DSSC Blueprint building block “Access and usage policies enforcement”
iSHARE Framework documentation
licenses
iSHARE Developer Portal documentation
in this building block