A dataspace is a secure, decentralized framework that enables organizations to share and collaborate on data while keeping control. The exchange of data between companies within a dataspace ecosystem is essential for optimizing Product Carbon Footprint (PCF) calculations, improving demand and capacity management, and ensuring traceability of components across the supply chain. SAP offers solutions to support this, alongside open-source alternatives.

In dataspaces, Self-Sovereign Identity (SSI) plays a crucial role by enabling the identification of communication parterns. With verifiable credentials, participants can identify communication parterns without relying on a central entity. This ensures that identification occurs directly between participants, allowing secure communication without revealing who is interacting with whom.

Establishing Trust: The Necessity of Verifiable Credentials in Dataspaces

For participants to effectively engage in a dataspace using Self-Sovereign Identity (SSI), a critical precondition is the possession of a verifiable credential that attests to their identity and is recognized within the dataspace. These credentials serve as digital attestations of a participant’s identity and can be issued by various authorities. For example, governmental bodies could issue credentials as envisioned in the proposed eIDAS 2.0 regulation, ensuring that identities are backed by strong legal frameworks. Alternatively, the operator of a dataspace might issue its own identity credentials, just like a membership card, thereby facilitating a seamless entry point for participants. These identity credentials play a central role in data sharing within the dataspace, as they enable secure and verified identification of participants, fostering trust and reliability in the digital interactions.

Enabling Seamless Data Exchange in Dataspaces Through Standardized Communication

With verified identities established, companies can start the secure sharing of data within a dataspace. This data could encompass Product Carbon Footprint (PCF) information or demand and capacity metrics, managed within the companies' applications. However, to facilitate data sharing across a dataspace, it is essential to enable each participating application's interoperability. This is achieved through the use of a “proxy” managing standardized communication flows. In the context of SAP, this functionality is provided by two key services: and the service Decentralized Identity Verification. “Data Space Integration” (capability of SAP Integration Suite) implements the general Dataspace Protocol, while the Decentralized Identity Verification handles the identification steps defined in the Decentralized Claims Protocol.

The following figure shows how data sharing can be achieved in a dataspace like Catena-X. The operator can be seen as a trust anchor issuing membership credentials that are be used whenever data is shared between to members of a dataspace.

After the onboarding to a dataspace each participant has the possibility to configure which communication partners are authorized to access which data. This configuration guarantees that only published data can be shared with selected recipients. The data provider specifies how the data consumer has to identify itself (e.g. dataspace membership verifiable credential) and what issuers of such a credential are accepted (e.g. operator, GLEIF). When the data consumer requests data it can use a selection of its identity verifiable credentials to  identify at the supplier's data sharing service. If the data consumer can provide the requested identification verifiable credentials the DSP process of contract negotiation and data exchange can be started.  

Conclusion

Self-Sovereign Identity (SSI) offers a robust solution for secure identification in data exchanges within dataspaces, eliminating the need to share communication credentials with each participant. Instead, it utilizes attested identities to manage access and identification. This approach not only enhances security and privacy but also facilitates seamless interactions across different dataspaces. For instance, suppliers within the automotive sector can leverage the same verified identity credentials when engaging with other industries, such as aerospace, thereby bridging various dataspaces and streamlining cross-industry collaboration.

Read more

• Provisioning SAPs Decentralized Identity Verification as a partner.
• Preparing an SSI Wallet for a Catena-X Participant (Holder) in a Dataspace