Zero Trust

Trust in Data Sharing

Data sharing requires a strong foundation of trust, which can be established in two main ways: through a standardised onboarding and assessment process or via specific, event-based assessments. These methods are often combined, with organisations tailoring their approach to suit their needs. Frameworks choose to incorporate both, bringing in the concept of zero trust such that trust is verified just in time(of use) rather than assumed. This article aims to clarify how the iSHARE Framework embodies these zero-trust principles, supporting secure and verified data interactions.

Zero Trust in the iSHARE Trust Framework

The iSHARE Trust Framework has always enabled secure data sharing rooted in zero trust principles, where trust is not automatically assumed. Instead, organisations interact based on specific, dynamically verified trust criteria. This model allows for flexible, context-sensitive trust requirements—whether through data space membership, certifications, or recommendations.

Zero Trust, at its core, requires that trust be verified, based not on mere presence in the network but on current, context-driven credentials. iSHARE Framework has supported this by establishing trust based on particular conditions relevant to each interaction. Organisations can specify trust requirements—whether tied to specific data spaces, certifications, or other verifiable credentials—ensuring that each interaction meets precise security needs.

The iSHARE Trust Framework inherently offers organisations the tools to dynamically set and verify trust levels. To further enable zero trust principles, Verifiable Credentials (RFC040) facilitate context-specific interactions, while multiple identification methods (RFC031) provide flexibility beyond traditional EORI-based verification. Additionally, it enables organisations to engage with others in the network at a more granular trust level, tailored to the specific needs of the data space or organisational standards.

The iSHARE Participant Registry (Satellite) has also been designed to align with Zero Trust, using distributed ledger technology to manage interoperability among data spaces. Now, with RFC044, organisations have the option to operate the Participant Registry independently of a distributed ledger, making it adaptable for more flexible trust assessments aligned with Zero Trust. These existing features underscore how the iSHARE Framework supports trust assessments that adapt dynamically to each interaction.

Trust Verification in iSHARE-based Data Spaces

Data spaces using the iSHARE Trust Framework approach trust through a multi-layered assessment process. Data Owners or Providers make trust-based decisions while the Authorisation Registry (AR) stores access policies and manages cross-space trust chains. When Data Consumers request access, their credentials are authenticated, continuously adjusting trust levels as necessary. This ensures a responsive, context-sensitive assessment for interactions across various ecosystems.

Maintaining Robust Security in a Zero Trust Model

Security within a zero-trust model relies on rigorous, continuous verification, with each access request subject to strict identity management and policy enforcement. The AR holds detailed policies to dictate conditions for data access, while the onboarding process fosters mutual vetting between data-sharing parties, supporting decentralised, flexible trust-building that complies with iSHARE specifications. Automated processes for connector and API use minimise errors, bolstering security and ensuring that trust assessments are based on accurate and secure credentials. Regular security testing and compliance with international standards further strengthen the framework against potential threats.

Additions for Zero Trust

The iSHARE Trust Framework is a base layer for data spaces or ecosystems for use in data sharing. This is important to understand in the context of zero trust as the Framework allows the addition of robust connectors for zero trust checks without hindering any functionality. Organisations can define stricter requirements for their ecosystems beyond the prescribed trust elements provided by the Framework.

A Continued Commitment to Zero Trust

This clarification underscores that Zero Trust has always been central to iSHARE’s approach, allowing for precise, evolving trust assessments. As data-sharing needs grow, iSHARE remains committed to refining its Trust Framework to support secure, dynamic interactions, maintaining the robust, flexible ecosystem that participants rely on for resilient data-sharing.