Author: Julien Vanwambeke, Gaia-X, Functional Architect
Introduction
Contracts are everywhere in the society, in a formal or in an informal way.
For example, when you want to buy a flat, you need a formal contract that will end the buying process. On the other hand, if you buy a soda from a machine, you will also create an informal contract between you and the vendor.
Data, like all kinds of goods, follows the same path: when exchanged or used, it requires a contract that will be more or less formal.
But what is the point of being able to exchange or use data automatically if actors still need to negotiate and sign manually a contract first, thus slowing down the entire process?
In Gaia-X AISBL, we aim to enable a data economy where everything will be readable by both humans and machines, adding trust between actors, and providing a way to browse data products and services, but also building a contract.
In this article, we will focus on how Gaia-X is proposing a way to deal with policy reasoning and contracting, and you will see, that it is as if you just have to follow a recipe.
Definitions
First, let us start with some definitions.
A contract is “an agreement that specifies certain legally enforceable rights and obligations pertaining to two or more mutually agreeing parties” ().
A contract could also be considered as a list of policies applied between its participants.
A policy is “a statement of intent and is implemented as a procedure or protocol to guide decisions and achieve rational outcomes” (Wikipedia). To simplify, a policy in a contract is a rule that has to be fulfilled by the requestor in order to make them eligible for the outcome of the contract.
A contract is between multiple parties, but for data, we will use the words provider (obviously providing the service or data, but also setting all the requirements/policies regulating the usage of the service or data) and consumer.
If we use our CTO, Pierre Gronlier’s example from :
“Alice from Acme Corp wants to process Bob’s farming Data from provider Eve for marketing research.”
is the provider of a service providing data.
Acme Corp (for Alice) is the consumer.
And the contract between them could include the following policies (non-exhaustive):
Gaia-X Workflow
To be able to deal with the interactions between the consumer and the provider regarding data exchanges, Gaia-X has set up a process divided into the following steps:
- Provider Onboarding:
- The provider has to be on a Gaia-X Digital Clearing House, getting his own verifiable credentials attesting it is trustworthy
- The provider has to describe towards a Catalogue its services or data, and also the contract/policies linked to them
- Consumer Onboarding:
- The consumer has to be onboarded on a Gaia-X Digital Clearing House, getting his own verifiable credentials attesting it is trustworthy
- Catalogue Browsing:
- The consumer is calling a catalogue using his in order to get a list of trustworthy providers for a given service. The consumer also indicates his usage intentions
- The catalogue will then build a shortlist of eligible providers, giving all the useful information needed by the Customer to select one (including the trust indexes). At this stage, some Catalogues could also call the Reasoning Engine to filter the shortlist using the declared policies and the usage intentions to ease the Customer selection process
- The consumer selects a provider
- Contracting:
- The consumer calls the of the selected provider using its verifiable credentials and its usage intentions
- The Contracting service will call the Policy Reasoning Engine in order to validate that the usage intentions are aligned with the declared policies and, if yes, will issue a Contract Verifiable Credential towards the consumer
- The consumer can now directly call the provider for the requested service
Note: to learn more about Trust in Gaia-X (including trust indexes), take a look at Pierre Gronlier’s speech during Bilbao Tech-X.
As you can see, contracts and policies are implied in two sequences:
- The declaration of the required policies by the provider
- The policy reasoning by the Policy Reasoning Engine on the sent by the Consumer
One language to rule them all
Since Gaia-X aims to provide a solution to ease data exchange in a machine-readable format, the use of a unique language to express the terms and conditions between parties exchanging data is an efficient way to deal with it.
The Open Digital Rights Language (ODRL), by Gaia-X, is a policy expression language that provides a flexible and interoperable information model, vocabulary, and encoding mechanisms for representing statements about the usage of content and services.
ODRL relies on its own ontology to describe policies.
To enable Gaia-X Digital Clearing Houses to interact with all the alternative languages, adapters will be available to turn each language into ODRL and the other way around:
As an example, if we go back to Alice and Bob’s data, the expressed policies by the provider were these:
- Acme Corp is allowed to call the service provided by
Turned into ODRL, the policies can now be added to the credentials:
{
“policytype”: “http://www.w3.org/ns/odrl/2/Offer”,
“policyid”: “http://acme.com/policy:123”,
“permissions”: [
{
“target”: “http://eve.com/farming-data/bob”,
“action”: “http://www.w3.org/ns/odrl/2/use”,
“assigner”: “http://eve.com”,
“constraints”: [{
“name”: “http://www.w3.org/ns/odrl/2/purpose”,
“operator”: “http://www.w3.org/ns/odrl/2/eq”,
“rightoperand”: “marketing-research”
}]
}
]
}
And the Acme Corps will send that kind of in the request using ODRL:
{
“@context”: “http://www.w3.org/ns/odrl.jsonld”,
“@type”: “Policy”,
“uid”: “http://eve.com/policy/123”,
“permission”: [
{
“@type”: “Permission”,
“target”: “http://eve.com/farming-data/bob”,
“action”: “http://www.w3.org/ns/odrl/2/use”
“constraints”: [{
“name”: “http://www.w3.org/ns/odrl/2/purpose”,
“operator”: “http://www.w3.org/ns/odrl/2/eq”,
“rightoperand”: “marketing-research”
}]
}
]
}
Thus, the policy reasoning Engine can use the ODRL Ontology: each usage intention will be translated into several possible policies, parsing the provider policies to check if a match is possible.
In the example, Eve set the action “use” for the data. In the ontology, this action is derived into commercialUse. If the consumer requires a commercialUse for the calledService, the policy reasoning engine will parse ODRL Ontology and . Then, the policy reasoning engine will validate the request and the consumer will be allowed to contract with the provider.
Conclusion
To perform automatic contracts using Gaia-X concepts, you just need:
- Few leaves of policies expressed by the provider
- A slice of usage intention pushed by the customer
- A pinch of ODRL to turn all the policies/usage intentions into a common language
- A dose of reasoning enabling the consumer and the provider to express themselves as they want
- And you mix all that in your favourite Gaia-X Digital Clearing House in a few seconds, and your contract is ready!
In the next article, you will learn more about how the Policy Reasoning Engine is working!
Stay tuned!