Bob will once again be the data provider and Alice is interested in Bob’s data assets. Bob, as a data provider, creates an asset.
Action (Bob): Create an asset using the following curl command:
curl --location 'http://localhost/bob/management/v3/assets' \
--header 'Content-Type: application/json' \
--header 'X-Api-Key: password' \
--data-raw '{
"@context": {},
"@id": "4",
"properties": {
"description": "Product EDC Demo Asset 4"
},
"dataAddress": {
"@type": "DataAddress",
"type": "HttpData",
"baseUrl": "https://jsonplaceholder.typicode.com/todos/4"
}
}'Now that the asset is created, an access and a contract policy must be created to define who shall be able to see the asset within the catalog. This time Bob does not want Alice to see the asset. So he defines an an access policy not allowing Alice to see the asset in her catalog.
Action (Bob): Create the access policy using the following curl command:
curl --location 'http://localhost/bob/management/v2/policydefinitions' \
--header 'Content-Type: application/json' \
--header 'X-Api-Key: password' \
--data-raw '{
"@context": {
"odrl": "http://www.w3.org/ns/odrl/2/"
},
"@type": "PolicyDefinitionRequestDto",
"@id": "41",
"policy": {
"@type": "odrl:Set",
"odrl:permission": [
{
"odrl:action": "USE",
"odrl:constraint": {
"@type": "LogicalConstraint",
"odrl:or": [
{
"@type": "Constraint",
"odrl:leftOperand": "BusinessPartnerNumber",
"odrl:operator": {
"@id": "odrl:eq"
},
"odrl:rightOperand": "BPNL000000000003"
}
]
}
}
]
}
}' Since an access policy has already been created, a contract policy must be created and linked in the contract definition.
Action (Bob): Create the contract policy using the following curl command:
curl --location 'http://localhost/bob/management/v2/policydefinitions' \
--header 'Content-Type: application/json' \
--header 'X-Api-Key: password' \
--data-raw '{
"@context": {
"odrl": "http://www.w3.org/ns/odrl/2/"
},
"@type": "PolicyDefinitionRequestDto",
"@id": "42",
"policy": {
"@type": "odrl:Set",
"odrl:permission": [
{
"odrl:action": "USE",
"odrl:constraint": {
"@type": "LogicalConstraint",
"odrl:or": [
{
"@type": "Constraint",
"odrl:leftOperand": "BpnCredential",
"odrl:operator": {
"@id": "odrl:eq"
},
"odrl:rightOperand": "active"
}
]
}
}
]
}
}'Lastly, the asset, the access and the contract policy must be linked in a contract definition.
Action (Bob): Create a contract definition including the asset and the policies you have created. For this, use the following curl command:
curl --location 'http://localhost/bob/management/v2/contractdefinitions' \
--header 'Content-Type: application/json' \
--header 'X-Api-Key: password' \
--data-raw '{
"@context": {},
"@id": "4",
"@type": "ContractDefinition",
"accessPolicyId": "41",
"contractPolicyId": "42",
"assetsSelector" : {
"@type" : "CriterionDto",
"operandLeft": "https://w3id.org/edc/v0.0.1/ns/id",
"operator": "=",
"operandRight": "4"
}
}'Let´s see if Alice can see the Asset.
Action (Alice): Execute a request using the following curl command:
curl --location 'http://localhost/alice/management/v2/catalog/request' \
--header 'Content-Type: application/json' \
--header 'X-Api-Key: password' \
--data-raw '{
"@context": {},
"protocol": "dataspace-protocol-http",
"counterPartyAddress": "http://bob-controlplane:8084/api/v1/dsp",
"querySpec": {
"offset": 0,
"limit": 50
}
}'Bob’s asset (ID: 4) should not be displayed. The access policy successfully restricts Alice from seeing and therefore obtaining Bob’s asset. Now Bob is able to manage who sees which of his sensitive data assets. If Bob decides to enable Alice to see his asset, he can simply adjust the access policy definition and add Alice BPN (BPNL000000000001) to the list of BPNs.
This work is licensed under the CC-BY-4.0.
- SPDX-License-Identifier: CC-BY-4.0
- SPDX-FileCopyrightText: 2023 sovity GmbH
- SPDX-FileCopyrightText: 2023 SAP SE
- SPDX-FileCopyrightText: 2023 msg systems AG
- Source URL: https://github.com/eclipse-tractusx/tutorial-resources