Understanding roles of the iSHARE scheme
For iSHARE to work both effectively and securely as a data sharing framework, we work with a number of predefined roles. Every role has its own responsibilities and requirements. In this article, we will list them based on how strict the requirements to fulfill them are.
There are two different categories of roles:
- Adhering Roles: those which exchange data with each other and require only a minimum threshold for joining.
- Certified Roles: those which provide identification, authentication, and authorization tooling for the Adhering Roles to exchange data securely. As such, they have stricter (technical and legal) requirements for joining.
Types of Adhering Roles
- Service Provider: a legal entity that provides a service, such as data. This legal entity provides the result of a service that other participants need. For example, a logistics software provider that uses a truck's time and location to calculate and communicate the truck's Estimated Time of Arrival to another iSHARE participant.
- Service Consumer: a legal entity that consumes a service, such as data, as provided by a Service Provider. This legal entity is in need of the result of a service. For example, a trucking company that needs to know a shipment’s Estimated Time of Arrival.
- Entitled Party: a legal entity that has one or more rights to a service provided by a Service Provider, for example to data. An entitled party may be a legal part of the Service Consumer, or may grant its right to another company to act as an intermediary Service Consumer. These rights, or entitlements, are established in a legal relationship between the Entitled Party and the Service Provider. For instance, an entitled party, a small transport company without IT infrastructure, could work with a technological intermediary that provides that infrastructure as a service, enabling the transport company to participate in the iSHARE framework as an Entitled Party.
Types of Certified Roles
- Identity Provider: this role is fulfilled by a legal entity whose tooling identifies and authenticates individual humans representing companies within iSHARE. An Identity Provider is particularly useful if you want to enable different layers of data sharing, or if human users have different roles for different companies. For instance, a company may decide to grant one of its partners information about truck arrivals, but only certain individuals within the partner company should be able to access information about the goods being transported. Similarly, you may want to know if the driver in question is authorized to transport hazardous goods. The Identity Provider is there to validate the identity of that person and verify that they have the required credentials. And finally, by abstracting identities from the individual systems, an Identity Provider enables Single Sign-On within the iSHARE ecosystem. Currently, Secure Logistics is the only Identity Provider in the iSHARE framework.
- Identity Broker: Different individuals might hold identifiers at different Identity Providers. For Service Providers, it can be taxing to set up multiple integrations with these different Identity Providers. They can use an Identity Broker instead. The Identity Broker also offers individuals the option to choose which Identity Provider they want to use to identify and authenticate themselves.
- Authorization Registry: a legal entity that provides Adhering Parties the means to centralise their delegation and authorization information. This role keeps records of the data sharing policies of iSHARE members. These policies describe in detail which iSHARE Service Consumers have access to what data, for which period of time and under which conditions. This means that the legitimacy of an information request can be verified, even if the authorizing party does not know where the data is stored. Poort8 is iSHARE’s current Authorization Registry supplier.
Besides Adhering and Certified roles, the iSHARE framework has two Gatekeeper roles. These roles keep the scheme, and its network of participants, operating properly.
- Scheme Administrator: this legal entity is responsible for verifying applications and admitting parties to the scheme. This entails both checking the identity of the company, and its legal adherence to the rules. In addition, a technical compliance process may be required.. Currently, Visma Connect fulfills the Scheme Administrator role. In the future, other parties will be able to apply to become the Scheme Administrator.
- Scheme Owner: the legal entity responsible for overseeing the changes and development of the iSHARE framework itself. All iSHARE participants can submit change requests to the Scheme Owner, who will then assess if they are in line with the framework’s general principles. iSHARE Foundation is guarding this role.