Episode 096: 3‐18‐2025 Bringing Trust to Data with JWT‐Based Access - GluuFederation/identerati-office-hours GitHub Wiki

Title: iShare: Bringing Trust to Data with JWT-Based Access

• Host: Mike Schwartz, Founder/CEO Gluu
• Guest: Rajiv Rajani, CTO iSHARE Foundation

Channels

• Linkedin Event
• Youtube Video

Description

The iSHARE ecosystems have been leveraging Token-Based Access Control (TBAC) for years to address the complex challenges of secure and seamless data sharing across enterprise boundaries in the European Union (EU). This innovative framework enables organizations to establish trust, enforce fine-grained access policies, and ensure compliance while facilitating interoperability between different entities. Join this discussion to gain insights into how iSHARE’s approach works, the benefits it offers for cross-organizational data exchange, and how it compares to other access control models. Whether you're a security professional, developer, or business leader, this session will provide valuable knowledge on the future of data sovereignty and access management in the EU.

Homework

• iSHARE Authorization Overview

Takeaways

• ⚡ iSHARE is an example of TBAC because the policies are built off two tokens, an OAuth access token JWT for workload authentication, and a JWT issued by an iSHARE Authorization Registry, with details about the extent of acccess.

• ⚡ The goal of iSHARE is to give the "Data Rights Holder" (e.g. an organizational participant in an ecosystem federation), the assurances it needs in order to share its confidential data in order to achieve some beneficial industry outcome. For example in the logistics industry, making sure trucks are fully loaded, or getting the data to publish industry wide statistics.

• ⚡ iSHARE provides a top level participant legal agreement, an ecosystem might provide a second participant agreement, and then a specific industry migth have a third participant agreement, each with increasing granularity and industry specific schema. For example, there could be a "Travel" federation, but Airline or Maritime travel might have specific subsegements that use different standards to describe data and industry actors (or "roles").

• ⚡ Information sharing about data access may be required as part of a data sharing agreement to ensure compliance. The authorization decision logs, combined with digital signed JWTs, provide a mechanism, potentially even in real time, to prove that the rights of the data holder are respected.

• ⚡ iSHARE is a great example of how to faciliate cross-industry collaboration, and one of the most flexible to provide foundational tools and rules for federated fine grain data access control.

Livestream Audio Archive

Will be Here