iSHARE standard: enabling secure and controlled data sharing through uniform requirements on identification, authentication and authorisation
In our process of discovering the generic agreements that are needed to enable cross-sectoral data sharing, we also take learning from and build on existing Schemes or Trust Frameworks for data sharing within sectors or domains. While, for example, our participant MedMij plays an important role to enable data sharing within the healthcare sector, our participant iSHARE does the very same in the logistics sector, with the ambition to leverage their role towards other sectors. The iSHARE standard for secure and controlled data sharing enables organisations to follow the same rules regarding identification, authentication and authorisation, without the need to make new agreements each single time they want to exchange data. Because of the extensive network of chain parties involved, this is especially important in the logistics sector. During our upcoming community meeting on February 25th, Gerard van der Hoeven, Director of the iSHARE Foundation, will elaborate on the principles of iSHARE with regard to data sharing and on how iSHARE wants to accelerate data sharing by providing trust and control for data exchange. Not only in the Netherlands, but also in Europe. We spoke with him in advance.
Trust through data sovereignty and adherence to requirements
“The most important element in sharing data is trust,” says Gerard. “And to be able to trust each other, control over that data is important. Not only by making legal agreements, but also by making agreements about which standards organisations should use for identification, authentication and authorisation. In this way you always know who you are sharing your data with and which permissions that party has exactly.”
As for the Data Sharing Coalition, data sovereignty is an important principle for iSHARE when it comes to data sharing. Gerard: “We want to give back the control of data to the data owner. This data is often stored at different places; existing applications or portals that we like to call data hubs. By means of iSHARE, a data owner can record in the authorisation register not only which party will have access to his data, but also to what level. Or in logistic words: an organisation does not necessarily have to be able to drive the entire truck to know what brand of tires is on the vehicle. By enabling data exchange between parties in such a way that organisations can be very specific on what particular data they give access to, you limit the risks and thus increase the confidence to share data.”
Trust in the mechanism is further strengthened when it is also ensured that agreements are adhered to, Gerard explains. “All organisations that comply to the iSHARE standard are closely monitored. This is why identity providers and authorisation registers all have to meet our requirement. The iSHARE Foundation takes on this role. However, since we strongly believe in decentralisation, this role can also be delegated to iSHARE Satellites. Under the trust requirements of the iSHARE Foundation these satellites guide and administer new participants, identity providers and authorisation registers. On behalf of the iSHARE Foundation they also ensure all comply with the iSHARE standard for secure and controlled data exchange.”
Accelerating data sharing on a European level
iSHARE wants to accelerate data sharing not only within the Netherlands, but also on a European level. This is why they teamed up with FIWARE and launched the i4Trust Initiative, which aims to enable European organisations to digitally collaborate in a smarter way. Among others through a controlled way of data sharing, made possible by the iSHARE. Organisations that participate in one of the i4Trust projects will automatically be using software that comply to the highest trust and security levels of the iSHARE standard. Gerard: “This initiative mainly focuses on SMEs; companies for which data sharing is not yet self-evident. The iSHARE standard proves data sharing can take place without the need of a platform or third party to facilitate it (which some others still believe is necessary). Organisations can perfectly arrange this themselves by following clear requirements. And the more parties follow the same requirements, the greater the scale on which data sharing becomes possible.”
It is important to build on the best practices of existing data sharing schemes, including that of the iSHARE standard, and bundle all these insights.
Contributing to generic agreements for cross-sectoral data sharing
In many sectors and domains data sharing initiatives evolve. To drive cross-sectoral data sharing, The Data Sharing Coalition aims to enable interoperability between these initiatives. Ultimately by facilitating generic agreements for cross-sectoral data sharing, to which iSHARE, as one of our participants, makes an important contribution. Gerard: “Drawing up a system of agreements about data sharing is not easy, let alone when data sharing transcends sectors. It takes a lot of time and money to define generic agreements and it would be a shame for the Netherlands to make unnecessary investments. That is why it is important to build on the best practices of existing schemes, including that of the iSHARE standard, and to bundle all these insights.” Although iSHARE currently mainly focuses on unlocking data in the logistics chain, this data is also of added value for other sectors. This is why it is also working with, among others, fellow participant Verbond van Verzekeraars on a cross-sectoral use case that offers new insights for the generic agreements. Gerard: “Within the Data Sharing Coalition, we are working with, among others, Verbond van Verzekeraars on a use case in which we are investigating how we can share freight transport data with insurers, so that they can deliver better products and services based on better risk management. A perfect example of how a controlled and safe way of data sharing can lead to clear benefits for all.”
On February 25th, iSHARE will give a presentation during the community meeting in which it will elaborate on their principles of data sharing. Do you want to attend this community meeting? Do not hesitate to contact us.