The Discovery mechanism supports an open and loose model without a centralized register that could be searched for all existing BDI Associations. In theory a large number of independent BDI Associations could co-exist without further governance.
Identification, discovery, authentication, trust assesment and authorization in such a perimeter-less network on a global scale requires functions to deal with previously unknown parties.
The reality of business networks is that there is an inherent tension between interoperability on one hand and competition/innovation on the other hand. Standardization lowers costs, but differentiation creates value and competitive advantages: a dynamic trade-off, shifting over time.
Federation has to acknowledge this tradeoff. In practive it is expected that BDI Associations will form federations and voluntarily agree upon common standards, roles and semantics over a group of Associations.
It is expected that a number of frameworks for controlled data sharing wil co-exist. A minimal level of interoperability that reduces uncessary costs is desirable.
This page contains references to demo projects and their lessons learned where the Federation KIT has been used.
In the BDI network, a reputation system within a BDI Association is integral for assessing the trustworthiness of visitors or outsiders: members of another BDI Association. While the BDI facilitates digital communication among a network of BDI Associations, establishing trust within a BDI Association through mutual agreements is relatively straightforward. However, evaluating the trustworthiness of participants in other BDI Associations can pose a challenge. Although the core trust framework in the BDI provides a foundation for determining trust, additional systems are necessary to enhance trust evaluation for external data sharing. Consequently, the BDI introduces a reputation system to enable more nuanced trust judgments.
The local dataspace association can be seen as the “in-group” where proximity, high frequency of interaction and strong social control are dominant in how trust is founded. This is backed by legal enforcement (contracts), a neutral organization (association) and possibly government authorities.
Interactions with members of the “in-group” need relatively minor additional trust assessments per interaction. On the other hand, interactions with members outside the association require an additional layer to base trust upon since interaction is less frequent or incidentally.
Members that want to interact with “in-group” members are classified as either a “visitor”, where the member has frequent interactions with members of the associations or as a “outsider”, where the member only has occasional interactions with members of the association.
The Business Partner Reputation Model proposes a system where “in-group” members score members outside the association. Thus a reputation system is created that can help other members of the same association the better determine the trust of the relevant party.
“Visitors” can finally become members if they are allowed to by the association administer.
The association is the core neutral organization that supports the members of the “in-group” in dealing efficiently with trust-assessment in a perimeterless network. Trust Sovereignty means that the association does not make trust decisions for members, unless specifically tasked to do so. In principle, the Data Owner makes this decision (delegated or not to the data service provider).
Authentication: Authentication out of group members
Digital Identity: An additional layer to verify trust worthiness of digital identity
Zero Trust Check: An additional layer to verify trust worthiness of digital identity
BDI Roles:
Federation of Associations: especially implemented when dealing cross associations
Verifiable Credentials: this is future work;
Reputation registers where the reputation of visitors and outsiders are stored and maintained.
Are the reputations stored decentrally or with a central party within the BDI Association?
Optional component of a BDI Association?
Are the ratings visible outside the BDI Association?
This building block is still highly conceptual and gives a first consideration on how to implement a reputation system. Further things to consider are:
How often can a member review a visitor or outsider?
How are ratings automated?
Is the rating system for data exchange with one BDI Association only or is it federated with other BDI Associations?
Can organizations complain / request withdrawal of ratings & rating comments (e.g. based on false motives like competition libel
Options for blacklist
.
This building block encompasses key points for effective interoperability and federation amongst associations.
This block is vital in trust implementation within the Association and widening this scope to other associations. This helps create a network effect and federate the BDI Framework.
Concepts :
Association
Legal entity that serves as operational anchor for both federated trust/authentication and local onboarding.
Association Admin
Functionary responsible for operating the services of a BDI Association
Association Register
Register of onboarded Members and Preferred Business Partners
The Discovery mechanism supports an open and loose model without a centralized register that could be searched for all existing BDI Associations. In theory a large number of independent BDI Associations could co-exist without further governance.
In practive it is expected that BDI Associations will form federations and voluntarily agree upon common standards, roles and semantics over a group of Associations.
This building block complements the Zero Trust Check, Verifiable Credentials and Business Partner Reputation Model.
This building block is also related to Association Register and Onboarding T&C's Association articles.
Federation of Associations creates:
Trust Assurance outside the association
A Perimeter-less network
The Association Admin is a key role in the Federation of Associations
Association Admin
responsible for developing and maintaining as well as operating the established Association
entails various functions, such as setting internal rules and policies, ensuring compliance with internal and external rules, and resolving conflicts that may arise.
creates mechanisms for continuous improvement of the association, identity management, access controls and risk mitigation to build trust and quality within the association.
Standardise credentials that are acceptable in the association and can also be agreed upon to be acceptable with other associations
Federation is key to expanding the scope and functional significance of local associations.
Associations don’t function in silos and zero trust approach requires federation of key trust elements or credentials.
As most organizations will be active in multiple sectors, the question of supporting interoperability between different sectors is a key challenge. Federation is finding common ground for trust among associations.
Credentials for Federation
Interoperability of Associations
The European Interoperability Framework: https://ec.europa.eu/isa2/sites/default/files/eif_brochure_final.pdf
describes an interoperability model that is geared toward the public sector. Its describes a "stack" of interoperability subjects.
As a general model it is useful to describe issues and solutions.
The BDI has a focus on a wide generic technical interoperability between entities, supporting specialized/differentiated:
semantic interoperability
organisational interoperability
legal interoperability
The world model is that market forces, geo politics, regulation, culture and innovation will create a dynamic universe of sectors/groups that have an interest in driving specilalized/differentiated interoperability within their group, at the expense of interoperability with other sectors.
Technical Interoperability
The design philisophy to enhance generic technical interoperability is based upon:
No proprietary development of protocols
Reuse known, proven or emerging open standards in a specific configuration
Rely on already supported digital identities and other digital proofs of claims