Why is this hard?

§2 of 6 · ~2 min read

Three things that have to be true

1. Org-level identity

Not “is this user logged in” but “is this entity who they say they are, signed by someone the regulator trusts”. There is no equivalent of an SSO login when the parties are companies, not employees. A supplier in a dataspace needs a credential that says “I am Acme GmbH, registered in this dataspace, with these permissions, issued by an authority both sides recognise.” User logins, machine certificates, and API keys all answer different questions; none of them answer this one.

2. Policy bound to the transfer itself

Not “this user has read access” but “this data may be used for emissions reporting only, retained for 18 months, must be deleted on contract end”. The policy travels with the bytes, and is enforced, not advisory. Negotiated during contract formation, machine-readable, refusable on either side. The contract is part of the wire protocol, not a clause in a PDF that nobody can audit five years later.

3. Auditability across organisations that don’t trust each other

A regulator must be able to verify that the exchange happened the way the parties claim, without either party having to surrender their internal logs. The audit trail is its own primitive, not a side effect. Both sides keep a record of every negotiation, every transfer, every policy that applied, and the records can be reconciled by a third party without leaking anything beyond the exchange itself.

---

Previous: ← §1 The problem Next: §3 What’s a dataspace? →