Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 32 Next »

iSHARE aims to enable parties to grant other parties or persons access to (parts of) their data or services. Parties within the iSHARE Scheme have greatly varying backgrounds, however. Private and public, large and small, different value chains, different geographies, different modalities, etc. For that reason, iSHARE needs to have a flexible way of expressing authorisations.

Two examples can illustrate different levels of required flexibility:

  1. Some parties or contexts require management of authorisations on a very detailed level, e.g. Party A's ERP system (machine) is ONLY allowed to request status updates concerning line X of bill of lading Y;
  2. Some contexts require less detailed authorisations, e.g. Party A's ERP system (machine) is allowed to request ANY information about ANY (part of a) bill of lading. 

Both examples are explained under use cases: fine-grained; coarse-grained.


The iSHARE Scheme envisions a world in which (access) authorisations are flexible in three ways: 

  • Flexible authorisation scope;
    iSHARE aims to provide a way to add a layer of authorisation to any resource or any selection or combination of resources. The authorisation scope refers to the objects or resources of a specific party, to which authorisations need to be assigned. The scope can include many or all resources (e.g. all data), or only some resources (e.g. specific data fields or services). Either way, the scope is always governed by a formal agreement and implemented by technical means. 
  • Granular authorisations, and;
    iSHARE aims to provide a granular way to use authorisations for resources. The authorisation granularity refers to the characteristics of both the requested resources and the rules (policies, conditions) that apply. Authorisations to resources can be coarse-grained (e.g. someone has access to all data in a certain data scope) or fine-grained (e.g. someone has access to only data with a low sensitivity level). The rules (policies, conditions) that control the authorisations can be fine-grained as well, meaning that many different types of rules can apply, such as time of day, location, organisation, role, and competence level. 
  • Flexible authorisation source.
    iSHARE aims to provide flexibility to where authorisation rules are stored and can be retrieved. The authorisation source refers to the location of the rules (policies, conditions) and the attributes (e.g. subject attributes, object attributes) that govern the authorisations. These can be located near the data, at a dedicated source, or a combination thereof. In the current version of the iSHARE Scheme, the flexibility in authorisation source is described as 'Policy Information Point' or PIP in the detailed functional descriptions.
  • No labels