Guidance for Data Consumers
NOTE: This documented is primarily intended for technical and operations teams within organisations wishing to participate in the Icebreaker One Trust Framework as Data Consumers.
NOTE: The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in RFC 2119.
Data Consumer Role and Responsibilities
In the figure below, we expect Data Consumers to occupy a number of roles from the lowest in the diagram upwards - they are organisations able to configure their infrastructure (in terms of the consumer parts of the Common Security Requirements, specifically Token acquisition and Token usage - calling a shared data API). This is covered by the bottom two boxes.
Data Consumer vs Service Provider
The IB1 Trust Framework does not differentiate between Data Consumers that access data to solve a problem internal to their organisation and those (known as Service Providers) which offer this as a service to other organisations. A Data Consumer may also be a Data Provider, the roles are not mutually exclusive.
Responsibility - Data consumption
The definition of a Data Consumer is that it consumes data from shared data APIs. To do this, the organisation MUST create cryptographic key material, and maintain a record within the TFGS directory. It is responsible for the integrity of this key material, and MUST put appropriate policies in place to ensure that this material is not misused.
Responsibility - Data licensing
Data Consumers are responsible for honouring the licenses for any data obtained through shared data APIs. Where the TFGS provides technical measures such as cryptographically signed receipts binding data and license conditions together, the Data Consumer is responsible for retaining and storing such receipts.
Problem Resolution (Data Consumers)
Effective resolution of problems (Data Consumers)
We encourage Data Consumers to direct any problems with data APIs first to the Data Provider concerned. In the event that a Data Consumer is unable to resolve an issue with a Data Provider, the issue MAY be flagged to the TFGS Dispute Resolution function for independent support.