Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The iSHARE Trust Framework aims to enable parties to grant other parties or persons access to (parts of) their data or services. Parties within the iSHARE Scheme iSHARE Trust Framework have greatly varying backgrounds, however. Private and public, large and small, different value chains, different geographies, different modalities, etc. For that reason , iSHARE there needs to have a flexible way of expressing authorizations.

...

Both examples are explained under use cases: fine-grained; coarse-grained.


The iSHARE Scheme iSHARE Trust Framework envisions a world in which (access) authorizations are flexible in three ways: 

  • Flexible authorization scope;
    iSHARE aims to provide a way to add a layer of authorization to any resource or any selection or combination of resources. The authorization scope refers to the objects or resources of a specific party, to which authorizations need to be assigned. The scope can include many or all resources (e.g. all data), or only some resources (e.g. specific data fields or services). Either way, the scope is always governed by a formal agreement and implemented by technical means. 
  • Granular authorizations, and;
    iSHARE aims to provide a granular way to use authorizations for resources. The authorization granularity refers to the characteristics of both the requested resources and the rules (policies, conditions) that apply. Authorizations to resources can be coarse-grained (e.g. someone has access to all data in a certain data scope) or fine-grained (e.g. someone has access to only data with a low sensitivity level). The rules (policies, conditions) that control the authorizations can be fine-grained as well, meaning that many different types of rules can apply, such as time of day, location, organisation, role, and competence level. 
  • Flexible authorization source.
    iSHARE It aims to provide flexibility to where authorization rules are stored and can be retrieved. The authorization source refers to the location of the rules (policies, conditions) and the attributes (e.g. subject attributes, object attributes) that govern the authorizations. These can be located near the data, at a dedicated source, or a combination thereof. In the current version of the iSHARE Scheme Trust Framework, the flexibility in authorization source is described as 'Policy Information Point' or PIP in the detailed functional descriptions.