Skip to content

Role-based Access Control

Access to data sources is controlled by roles and licenses.

A Data Catalog Entry specifies one or more roles and a license. If a participant has any of the roles, they may access the data source under the specified license.

Scheme-conforming data sources use Scheme Catalog Requirements Resources which specify the Access Rules for data sources which implement APIs agreed by the Scheme.

Note: This document uses US English. To align with W3C and other prevalent standards, IB1 uses US English in its technical specifications and technical documentation.

Data Catalog Entries

Data Catalog Entries specify the Roles and License with the terms:

ib1:roleRequiredToAccess
The URL of an ib1:Role in the Registry whose members may access this data source, subject to the License specified in the dcterms:license term. Where multiple roles are specified, a client must have at least one of the roles to access the dataset. Unless the data has an ib1:sensitivityClass which allows access without authentication, at least one Role must be specified.
dcterms:license
The URL of an ib1:License. All use of this data source is subject to the terms specified by this License.

Scheme Catalog Requirements

Scheme Catalog Requirements resources specify the rules for a resource with the term:

ib1:roleRequiredToPublish
The URL of the ib1:Role which is permitted to publish a Catalog entry conforming to this standard. If multiple Roles are specified, any of those Roles may publish a catalog entry.

In addition, the ib1:RequiredMetadata bnode will include ib1:roleRequiredToAccess and dcterms:license terms, specifying required access roles and license for conforming catalog entries.

Examples

Data Catalog Entry

<https://data.example.com/supply-voltage/v0>
    a dcat:DataService ;
    # ...
    ib1:roleRequiredToAccess <https://registry.core.trust.ib1.org/scheme/electricity/role/report-provider> ;
    ib1:roleRequiredToAccess <https://registry.core.trust.ib1.org/scheme/electricity/role/archiver> ;
    dcterms:license <https://registry.core.trust.ib1.org/scheme/electricity/license/voltage-reporting/2024-09-12> ;
.

These rules specify that members of either the "Report Provider" and "Archivers" roles may access the data with the Scheme's Voltage Reporting license.

Scheme Catalog Requirements

@prefix dcterms: <http://purl.org/dc/terms/> .
@prefix dcat: <http://www.w3.org/ns/dcat#> . 
@prefix ib1: <https://registry.core.trust.ib1.org/ns/1.0#> .

<https://registry.core.trust.ib1.org/scheme/electricity/standard/supply-voltage/2024-10-23>
        a ib1:SchemeCatalogRequirements ;
    ib1:roleRequiredToPublish <https://registry.core.trust.ib1.org/scheme/electricity/role/generator> ;
    ib1:requiredMetadata [ a ib1:RequiredMetadata ;
        ib1:roleRequiredToAccess <https://registry.core.trust.ib1.org/scheme/electricity/role/network-operator> ;
        ib1:roleRequiredToAccess <https://registry.core.trust.ib1.org/scheme/electricity/role/report-provider> ;
    ];
.

This API definition requires the "Generator" role to publish an implementation of the API, and one of the "Network operator" or "Report provider" roles to access the API.