eSAAM 2024 on Data Spaces

Nowadays, collaborative ecosystems and value networks have been established based on data sharing mechanisms and principles coming from concepts like Data Spaces. This data-centric approach has also increased the need for effective metadata management that enables entities participating in data sharing scenarios to find and trust available data. In this paper, a metadata broker for manufacturing related Data Spaces is introduced. It is based on an ontology that has been implemented to describe data related to Industries 4.0 and 5.0 implementations. The proposed broker is based on Data Spaces principles and artefacts that it extends by enabling semantic-based modeling and search capabilities.

In this paper we present the proposed architecture of an IntraDataspace built on general Dataspace principles and implemented using the O pen-Source Eclipse Dataspace Components (EDC) Connector. Such an IntraDataspace is used to exchange heterogenous data like documents, measured values and data series between different research and development projects within the same company, applying the policies defined by individual non-disclosure agreements signed between the company and the respective client of a project. Manual clearance decisions of authorized users are supported by automatically created tickets in an integrated Issue Tracking System extending the Policy state engine of Connectors for human interaction. Such tickets are auditable and allow the delegation of decisions to specialist departments in cases, where no automatic implementations are feasible.

A digital twin (DT), the digital counterpart of a physical entity, process, or system, is a pivotal innovation driving the manufacturing industry’s digital transformation. DT plays a significant role in product lifecycle management (PLM) and product condition monitoring. However, the diversity of systems and processes involved poses challenges in DT and data management within PLM, particularly regarding efficiency, standardized data mapping, and latency. The paper presents a solution architecture to address these challenges and contribute towards an efficient and cost-effective product lifecycle management system. The architecture focuses on DT’s data management and communication aspects, utilizing the edge-based, decentralized Eclipse Arrowhead Framework and EDMtruePLM (Enterprise Data Management True Product Lifecycle Management) for standardized data management and condition monitoring of products. Integrating the ISO 10303 STEP standard for data modeling and the Open Platform Communications Unified Architecture (OPC UA) standard for communication is emphasized, improving the contextual significance of the data and the system’s interoperability. A use case implementation is presented, where a fischertechnik assembly line is monitored, capturing sensor data through the PLC’s OPC UA server. The sensor data is then aligned with the STEP standard and stored in the EDMTruePLM database for monitoring.

Data spaces consist of trusted frameworks that manage the entire data lifecycle, encompassing various data models, metadata descriptors, ontologies for semantic interpretation, and data services for accessing, processing, and analyzing data. Domain-specific data spaces are currently being designed and deployed in vertical sectors, following specifications and reference frameworks that enable interoperability and compatibility. One such vertical sector with high impact on economy is mobility. In this paper, we present our position towards mobility data spaces, highlighting the idiosyncrasy of mobility data, while presenting the MobiSpaces approach that encompasses services for mobility data management and advanced mobility analytics. By exploiting MobiSpaces, mobility data providers can break the barrier of participation in data spaces thereby sharing their dataset with less hurdle, whereas data consumers can find advanced data analysis tools readily applicable on mobility data sets to extract insights and discover mobility patterns.

Securing interoperable and sovereign data exchange in the Industrial Internet of Things (IIoT) for machine data exploitation by third parties presents a significant challenge. This work addresses this by integrating IOTA Distributed Ledger Technology (DLT) with the International Data Spaces (IDS) Reference Architecture Model (RAM), creating a decentralized data space optimized for IIoT ecosystems. This research demonstrates the practical implementation of core IDS architectural concepts within the IOTA framework, overcoming theoretical DLT limitations and showcasing IOTA’s capability to enhance data sovereignty and interoperability in the IIoT, moving beyond traditional blockchains, which are constrained by scalability and efficiency issues. It sets the stage for future evaluations and broader applicability studies, paving the way for advancements in secure, sovereign, interoperable, and efficient data management

In an increasingly connected digital world, the strategic use of data is critical to improving predictive accuracy, optimizing processes, and driving innovative business models. Data spaces can facilitate sovereign and secure data sharing across multiple organizations. A challenge in this environment is the lack of trust among data space participants, calling for independent data trustees. However, finding and selecting an appropriate data trustee can be difficult and is usually a manual process. Our research addresses this challenge by introducing a whitelisting approach for automatically selecting appropriate data trustees within a data space. We report on the results of an ongoing design science research project and describe the development of extensions to the Eclipse Dataspace Components, which enable the application of the whitelisting approach. These extensions are designed to support secure, efficient, and trusted data sharing. Our findings can support practitioners in the data space community in implementing robust mechanisms for selecting data trustees, thereby improving the functionality and trustworthiness of data spaces.

Software development teams meet increasing requirements to implement cybersecurity management in compliance with standards and regulations. However, adopting a compliant cybersecurity management system and DevSecOps practices as part of a software development process has turned out to be tedious and expensive in practice. Open-source communities and open ecosystems, which lack tools and realistic practices for compliant cybersecurity management, face these difficulties as well.

This paper suggests a set of requirements and a solution that are based on long-term experience in adopting standard compliant DevSecOps processes in industry. The proposed solution, called Cyberismo, facilitates the adoption of compliance and cybersecurity management, improves collaboration on cybersecurity in company internal projects, cross-company projects, and open-source projects, and automates the compliance and cybersecurity management in software development by way of an open information model representation format, and an open-source tool to manage the information model. As the information model uses a simple plain text format that can be managed by automated DevSecOps tool chains, it can be understood as an instance of the Everything as Code and Security as Code paradigms.

The proposed solution is designed as modular, tailorable to the organisation and its existing tools, and flexible enough to model both process- and technology-related information. It automates both the validation of how compliance requirements have been met and the gathering and archiving of evidence of compliance.

The information model is mapped to a logic program conforming to the Answer Set Programming (ASP) paradigm for knowledge representation. The mapping enables flexible query evaluation and reasoning, including the calculation of performance measures and automated policy checks. However, developers, product owners and other end-users of the solution do not necessarily need to know how to write logic programs, as logic programs can be encapsulated in content modules made available for the users. By putting the ease of adoption of compliant DevSecOps processes by the practitioners in the spotlight, this paper concludes that it is both necessary and possible to meet all the proposed requirements.

Information systems are increasingly utilizing data to provide various services. However, failure to properly protect data may affect data subjects negatively, and damage the reputation of service providers. This work aims to establish a privacy-friendly data space that enable safeguarded sharing of health data1 among various stakeholders in health domains. We propose a comprehensive reference architecture that integrates security/privacy mechanisms to uphold security and privacy requirements of health data and ensure strict adherence to demanding mandates. Furthermore, this article puts forth a blueprint for contracts when sharing data to cultivate transparency among various parties by harmonizing legal, technical and operational facets. This blueprint significantly reduces uncertainties and fosters an environment of trust. Our twofold methodology enables entities of a health data space to share health data, while upholding the security and privacy principles. The Eclipse Data Space Connector (EDC) is used as the basis to implement the proposed architecture.