Skip to content

Guidance for Data Consumers

NOTE: This documented is primarily intended for technical and operations teams within organisations wishing to participate in the Icebreaker One Trust Framework as Data Consumers.

NOTE: The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in RFC 2119.

Data Consumer Role and Responsibilities

Data Consumers are IB1 Trust Framework members that can consume Shared Data (classes IB1-SA and IB1-SB in our Data Sensitivity Classes) from APIs produced and maintained by Data Providers.

In the figure below, we expect Data Consumers to occupy a number of roles from the lowest in the diagram upwards - they are organisations able to configure their infrastructure (in terms of the consumer parts of the Common Security Requirements, specifically Token acquisition and Token usage - calling a shared data API). This is covered by the bottom two boxes.

Data Consumer vs Service Provider

The IB1 Trust Framework does not differentiate between Data Consumers that access data to solve a problem internal to their organisation and those (known as Service Providers) which offer this as a service to other organisations. A Data Consumer may also be a Data Provider, the roles are not mutually exclusive.

In a similar vein, it would be entirely normal for a Data Consumer to also access Open Data, and to use Open Net Zero to locate data sets of interest, both open and shared.

Responsibility - Data consumption

The definition of a Data Consumer is that it consumes data from shared data APIs. To do this, the organisation MUST create cryptographic key material, and maintain a record within the TFGS directory. It is responsible for the integrity of this key material, and MUST put appropriate policies in place to ensure that this material is not misused.

Responsibility - Data licensing

Data Consumers are responsible for honouring the licenses for any data obtained through shared data APIs. Where the TFGS provides technical measures such as cryptographically signed receipts binding data and license conditions together, the Data Consumer is responsible for retaining and storing such receipts.

Problem Resolution (Data Consumers)

Effective resolution of problems (Data Consumers)

We encourage Data Consumers to direct any problems with data APIs first to the Data Provider concerned. In the event that a Data Consumer is unable to resolve an issue with a Data Provider, the issue MAY be flagged to the TFGS Dispute Resolution function for independent support.

Dispute resolution for access control and capability grant policies

In cases where a Data Consumer believes that access conditions or capability grant rules are being applied unfairly, the TFGS will act as a mediating party.

TFGS support

The TFGS Service Desk will provide participants with a supplementary ticket management process and supports Data Consumers in communicating problems to ecosystem participants via the noticeboard.