Step 1 in the 5-step plan is to gain insight into how sharing data through iSHARE can add value for your organization, by asking yourself the following questions:
Would easier data-sharing – including with partners further upstream/downstream –enable you to work faster, more efficiently and more cheaply?
Data and data-sharing is becoming increasingly important in the transport and logistics sector. Effective data exchange improves the efficiency of the value chain, saves costs and helps the industry as a whole to reduce carbon emissions.
Although data is already being shared on a large scale, there are still huge gains to be made. Right now, most organizations share data with their existing business partners but not with new or unfamiliar ones. There are two key barriers to doing so.
The first and biggest barrier is created by the large number of partial solutions for identity and access management. As a result, integration can often be time-consuming and costly. The lack of a uniform set of agreements for identification, authentication and authorization forms a huge barrier to more intensive data-sharing within the sector.
The second barrier preventing more data-sharing is due to the lack of trust and legal certainty. The use of specific information in the supply chain and automated connections between various IT solutions can give rise to questions about data security: ‘Who can see my data?, ‘What does the recipient do with my data?’, ‘If there are any problems, who is liable?’, ‘Are the other organization’s systems secure?’ and ‘How can I maintain control?’.
iSHARE removes all of these barriers. Thanks to iSHARE, everyone can share data with everyone else in the transport and logistics sector in a simple and controlled way. That includes with new and previously unknown partners – many of which may be further upstream or downstream in the chain – based on mutual trust.
Does integrating with your partners’ systems take up a lot of your time, and does that form a barrier to sharing data with more partners than at present?
When you decide to share data, it is usually necessary to connect or integrate your own software solution with your partner’s, and that can take a considerable amount of effort.
You and your partner need to reach agreement on how to set up a secure connection, how to identify and authenticate users or automated systems, what those users or systems are authorized to do, and who bears liability in the case of problems. In fact, the process is often so complex and hence costly that you decide not to bother sharing data after all…
iSHARE is a set of agreements or a scheme for identification, authentication and authorization. Organizations that work in line with the iSHARE Scheme all have the same uniform way of identifying, authenticating and authorizing users and automated systems, and hence of connecting in order to share data. Organizations that join the iSHARE Scheme effectively form a trust-based network within which everyone applies the same criteria when exchanging data.
This means that you can share data with all partners within the iSHARE Scheme – not only with your existing business contacts, but also with new and previously unknown partners further upstream/downstream – in a uniform, simple and controlled way.
Does a lack of trust prevent you from sharing more data than at present?
Trust forms the foundation for doing business. You put a lot of effort into the legal aspects in order to be certain that your data remains secure whenever you share it, because you want to be sure that your partners adhere to the same strict security provisions as you. Nevertheless, you still sometimes wonder what you should do if your partner fails to stick to the agreement, or if your partner’s systems turn out to be less secure than necessary. And who would be legally liable if things were to go wrong?
Before an organization can join the iSHARE Scheme, it must first successfully complete a series of technical tests in order to be accepted. The technical tests are designed to check that the organization’s systems comply with iSHARE’s stringent security standards. If the systems do not meet the standards, the organization is unable to join the Scheme.
Once accepted, the organization signs the so-called ‘iSHARE Accession Agreement’. This document details the technical, operational, legal and functional agreements which the organization must uphold. Organizations that have joined the iSHARE Scheme can legally hold one another to complying with these agreements.
In other words, iSHARE relieves you of having to draw up and monitor a new legal contract for each partner with which you share data. Furthermore, you can be certain that all the iSHARE partners can be trusted.
Does a lack of control over your data prevent you from sharing more data than at present?
It is only natural for you to want to retain control over your data, which is why you prefer to only share your data with existing partners. After all, you don’t want your data to be accessible for everyone, for it to be shared with third parties without your permission, or for it to fall into your competitors’ hands, for instance.
Thanks to iSHARE, you always retain full control over your data. You are the one that determines who has the right to see which data, when, and what can be done with it. You arrange this either in your own software solution or in an iSHARE-certified authorization registry. Your data is only shared with partners that you have authorized; without your authorization, an organization cannot receive your data.
Does the issue of providing secure access to your data prevent you from sharing more data than at present?
It is no easy task to keep connecting new partners every time you want to share data with someone else. Each new connection calls for a new identity and access management solution, and that is a time-consuming and costly issue. Besides that, you are increasingly wondering whether all those connections are actually secure, and that can sometimes prevent you from sharing data with new partners.
Thanks to iSHARE, you no longer have to spend time and money on developing, updating and managing software for identification and authentication, because that is already taken care of for you. Furthermore, you no longer need to worry about whether your new data-sharing partner’s systems are sufficiently secure.
The Scheme’s technical specifications are easy to implement on any underlying system and are focused on ensuring the security of data-sharing. As a result, iSHARE can be used quickly and simply in any situation in which you want to share data.
Furthermore, the iSHARE standards – such as those relating to data-sharing via an https connection – ensure the secure transmission of data. Before partners can receive data, for example, they must identify themselves to the iSHARE Scheme Owner using standardised and widely used authentication techniques such as OAuth and OpenID Connect. This checks whether each partner complies with the iSHARE agreements and whether they may receive data.
Last but not least, you no longer have to register and manage user identities yourself. Instead, you can choose to outsource this to iSHARE-certified identity providers. This enables organizations that are part of the iSHARE Scheme to use existing identity solutions to identify themselves, meaning they can use one and the same identity to log in with multiple partners – making things much more user-friendly for both you and your business partners.
To round off this first step of the iSHARE 5-step plan, it is important that you discuss and answer these questions within your organization and/or together with your team, using the form to help you. If you answer ‘yes’ to one or more of the questions on the form, iSHARE is a relevant solution for you. Proceed to Step 2.
In Step 1 you ascertained that iSHARE is relevant for your organization. In Step 2 of this 5-step plan, think of a concrete situation in which you can use iSHARE to share data, based on your answers to the questions below.
Following on from Step 1, have you identified opportunities to make improvements in a specific data-sharing situation, or to share data with new or different partners?
Step 1 revealed to you a number of possible benefits of sharing data using iSHARE. You probably had a few concrete situations in mind as you were answering the questions, and you have now become inspired to use iSHARE in those specific situations. Keep one of those specific use cases in mind as your starting point as you answer the following questions:
Which role does your organization play in the data-sharing process in the concrete use case you have in mind?
Decide if you want to provide or receive data, and if you want to delegate rights.
- Provide: your organization only wants to make data available to one or more other organizations
- Receive: your organization only wants to receive data from one or more other organizations
- Provide and receive: your organization wants to make data available to and receive data from one or more other organizations
- Delegating rights: your organization wants to enable a partner to provide data to and/or receive data from one or more other organizations on your behalf, perhaps because you have outsourced a logistics-related service to a subcontractor, for example, and the subcontractor exchanges data with the customer on your behalf.
Once you have decided which role(s) you play, or wish to play, in the data-exchange process in your specific use case, the following question will help you to further concretise your use case:
Which data does or will your organization share in your specific use case?
In the light of your use case and your role(s), define which data your organization shares or wishes to share. E.g. You would like to share the Estimated Time of Arrival with your customer.
Who will you share data with?
In the light of your use case and your role(s), state which organizations you share or wish to share data with.
Will it be machine-to-machine data-sharing only, or also human-to-machine data-sharing?
The majority of data-sharing is done between systems, from machine to machine. However, situations can also occur in which employees request data from organizations. Decide whether your use case involves machine-to-machine data-sharing only, or also human-to-machine data-sharing.
If your specific use case also involves human-to-machine data-sharing, it is important to state that separately at this stage of the 5-step plan.
You have now completed Steps 1 and 2 of this 5-step plan, in which you have determined the importance of sharing more data and chosen a concrete use case for sharing data using iSHARE. Proceed to Step 3.
In Steps 1 and 2 of this 5-step plan you have determined the importance of sharing more data and chosen a concrete use case for sharing data using iSHARE. In Step 3 of this 5-step plan, you decide what you need to do in order to comply with the Scheme’s technical, functional, operational and legal agreements, based on the following instructions:
First of all: define iSHARE as a project
Because the implementation of iSHARE demands an integral approach, it is important to define the implementation as a project. Therefore, we advise you to make all the necessary preparations and to bring in expertise that is relevant to the various kinds of agreements within the Scheme. For example, you should form a project team comprising – in addition to a project lead – your company lawyer for the legal agreements, your IT director or software supplier for the functional and technical agreements, and your operations director for the operational agreements.
Functional and technical agreements within the iSHARE Scheme
Involve your project lead and your IT director or software supplier in following these instructions from the functional agreements within the iSHARE Scheme.
In Step 2 you have decided which role your organization currently plays or wishes to play in a specific use case. You can now expand on the various roles. This is important so that you can subsequently determine how many and which interfaces must be added to your software. We explain more about the various roles and how the iSHARE Scheme works in this video.
Decide whether to register authorizations and identities in your own systems or to outsource them
In Step 2 you decided which partners you want to share data with. You must now be able to authorize each of these partners. You can do that by authorizing them in your own software or through an iSHARE-certified Authorization Registry. See the Frequently Asked Questions page to read more about Authorization Registries.
If in Step 2 you decided that your use case also involves human-to-machine communication, then you must also be able to identify, authenticate and authorize people. Once again, you can do this in your own software or outsource it to a certified Identity Provider. See the Frequently Asked Questions page to read more about Identity Providers.
Next, decide whether you wish to utilize the services of an iSHARE-certified authorization registry or identity provider, or if you will register authorizations and identities in your own software.
The decision about whether or not to outsource authorizations and identities depends on a number of factors, including your software functionality, cost management, efficiency, etc. Ask your IT director or software supplier for advice.
Decide whether it is necessary to acquire a (new) digital certificate
A digital certificate is required in order to utilise iSHARE. iSHARE only accepts PKIoverheid certificates. Your IT director or software supplier will be able to tell you whether you have such a certificate. If not, you will need to obtain one. For more information on obtaining a PKIoverheid certificate, click here,
Technical agreements within the iSHARE Scheme
Involve your IT director or your software supplier in following the instructions from the technical agreements within the iSHARE Scheme.
Go to the iSHARE Developer Portal and follow the technical instructions to implement iSHARE.
Decide whether it is necessary to acquire a (new) digital certificate
You need a digital certificate in order to utilize iSHARE. Only PKIoverheid certificates are accepted by iSHARE. Your IT director or software supplier will know whether you have such a certificate. If not, you will need to obtain one. For more information about obtaining PKIoverheid certificates, click here.
Operational agreements within the iSHARE Scheme
Involve your operations director, your IT director or your software supplier in the following instructions from the operational agreements within the iSHARE Scheme.
Decide which changes must be made to your systems and processes in order to implement iSHARE
In order to utilize iSHARE, your organization must comply with the agreements that ensure secure access to data. In order to comply with the iSHARE service levels, it is often necessary to make changes to your systems and processes.
Download the iSHARE Service Levels.
Legal agreements within the iSHARE Scheme
Once you are sure that you can comply with the technical, operational and functional agreements in the iSHARE Scheme, it is time to focus on the legal agreements. It is now important to involve your company lawyer or legal advisor, because this is when your organization decides whether to accept the contents of the iSHARE Accession Agreement and the iSHARE Terms and Conditions of Use.
You have now completed Steps 1, 2 and 3 of this 5-step plan, in which you have determined the importance of sharing more data, chosen a concrete use case for sharing data using iSHARE and ensured your compliance with the criteria for the set of agreements. You are now ready to implement the iSHARE Scheme. Proceed to Step 4.
You have now completed Steps 1, 2 and 3 of this 5-step plan, in which you have determined the importance of sharing more data, chosen a concrete use case for sharing data using iSHARE and assessed the criteria for compliance with the set of agreements. In Step 4 of this 5-step plan, you can read how to implement iSHARE.
You can start testing iSHARE by registering your organization at the Scheme Owner. To do so, simply send an email to the Scheme Owner at: join@iSHAREWorks.org. Please provide the following information in your email:
Contact details of the primary contact person for iSHARE: organization, name, position, email address and phone number.
Short description that explains how you intend to use iSHARE.
Your organization’s EORI number. Do you have business partners in Europe? If so, you will have an EORI number. For more details, contact the colleagues within your organization who are involved in customs declarations.
As explained in Step 3, you need a PKIoverheid certificate. Speak to your IT director or your software supplier. He will be able to tell you whether you have such a certificate.
If you do not have a PKIoverheid certificate, you will need to obtain one first. For more information on obtaining a PKIoverheid certificate, click here.
The iSHARE Scheme Owner will now contact you to facilitate testing and to help you to demonstrate that your organization complies with the functional, technical and operational agreements of the Scheme.
3. Apply to join
To join the iSHARE Scheme, the Accession Agreement must be signed by an authorized signatory of your organization. By unilaterally signing the Accession Agreement, you agree to comply with the legal agreements of the scheme.
Submit your application to join the scheme to the Scheme Owner at join@iSHAREWorks.org. Please include the following:
- The signed Accession Agreement.
- The digital PKIoverheid certificate that you will use for iSHARE.
- Acceptable proof that your technical implementation adheres to the iSHARE specifications.
You have now demonstrated your compliance with all the agreements of the iSHARE Scheme. Once you have made all the necessary changes to your organization and your systems as outlined in Step 3, you are ready to utilise iSHARE to share data. Proceed to Step 5.
In Steps 1 , 2, 3 and 4 of this 5-step plan, you have determined the importance of sharing data, chosen a concrete use case for sharing data using iSHARE, and ensured and demonstrated your compliance with the Scheme’s criteria.
Once the Scheme Owner has also signed the iSHARE Accession Agreement, you have officially joined the Scheme.
In Step 5 of this 5-step plan you are accepted into the Scheme and you can start utilising iSHARE to share data.