Declarative Policy Control for Data Spaces: A DSL-Based Approach for Manufacturing-X

• URL: http://arxiv.org/abs/2511.22513v1
• Date: Thu, 27 Nov 2025 14:45:58 GMT
• Title: Declarative Policy Control for Data Spaces: A DSL-Based Approach for Manufacturing-X
• Authors: Jérôme Pfeiffer, Nicolai Maisch, Sebastian Friedl, Matthias Milan Strljic, Armin Lechler, Oliver Riedel, Andreas Wortmann,
• Abstract summary: This article proposes a method for leveraging domain-specific languages to enable declarative, human-readable, and machine-executable policy definitions for sovereign data sharing via data space connectors.<n>The DSL empowers domain experts to specify fine-grained data governance requirements without writing imperative code.
• Score: 1.954313858999314
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: The growing adoption of federated data spaces, such as in the GAIA-X and the International Data Spaces (IDS) initiative, promises secure and sovereign data sharing across organizational boundaries in Industry 4.0. In manufacturing ecosystems, this enables use cases, such as cross-factory process optimization, predictive maintenance, and supplier integration. Frameworks and standards, such as the Asset Administration Shell (AAS), Eclipse Dataspace Connector (EDC), ID-Link and Open Platform Communications Unified Architecture (OPC UA) provide a strong foundation to realize this ecosystem. However, a major open challenge is the practical description and enforcement of context-dependent data usage policies using these base technologies - especially by domain experts without software engineering backgrounds. Therefore, this article proposes a method for leveraging domain-specific languages (DSLs) to enable declarative, human-readable, and machine-executable policy definitions for sovereign data sharing via data space connectors. The DSL empowers domain experts to specify fine-grained data governance requirements - such as restricting access to data from specific production batches or enforcing automatic deletion after a defined retention period - without writing imperative code.

Related papers

• DAVE: A Policy-Enforcing LLM Spokesperson for Secure Multi-Document Data Sharing [0.0]
  DAVE is a usage policy-enforcing spokesperson that answers questions over private documents on behalf of a data provider.<n>We formalize policy-violating information disclosure in this setting, drawing on usage control and information flow security.<n>Our contribution is primarily architectural: we do not yet implement or empirically evaluate the full enforcement pipeline.
  arXiv  Detail & Related papers  (2026-02-19T14:43:48Z)
• Differentially Private Synthetic Data Generation Using Context-Aware GANs [1.440541589945769]
  We propose ContextGAN, a Context-Aware Differentially Private Generative Adversarial Network that integrates domain-specific rules.<n>We show that ContextGAN produces high-quality synthetic data that respects domain rules and preserves privacy.<n>Our results demonstrate that ContextGAN improves realism and utility by enforcing domain constraints.
  arXiv  Detail & Related papers  (2025-12-09T18:02:34Z)
• Authentication and authorization in Data Spaces: A relationship-based access control approach for policy specification based on ODRL [0.0]
  This paper proposes an extension of the Open Digital Rights Language (ODRL) standard, the ODRL Data Spaces (ODS) profile.<n>The approach is validated through a use case involving OpenFGA, demonstrating its applicability to relationship-based access control scenarios.
  arXiv  Detail & Related papers  (2025-05-30T16:00:24Z)
• Towards Human-Guided, Data-Centric LLM Co-Pilots [53.35493881390917]
  CliMB-DC is a human-guided, data-centric framework for machine learning co-pilots.<n>It combines advanced data-centric tools with LLM-driven reasoning to enable robust, context-aware data processing.<n>We show how CliMB-DC can transform uncurated datasets into ML-ready formats.
  arXiv  Detail & Related papers  (2025-01-17T17:51:22Z)
• Open Digital Rights Enforcement Framework (ODRE): from descriptive to enforceable policies [1.3927943269211591]
  This paper introduces the Open Digital Rights Enforcement (ODRE) framework, whose goal is to provide ODRL with enforcement capabilities. The framework includes an enforcement algorithm for ODRL policies and two open-source implementations in Python and Java.
  arXiv  Detail & Related papers  (2024-09-26T07:36:49Z)
• A New Pipeline For Generating Instruction Dataset via RAG and Self Fine-Tuning [0.0]
  This research proposes a pipeline to construct high-quality instruction datasets for fine-tuning on specific domains. By ingesting domain-specific documents, the pipeline generates relevant and contextually appropriate instructions. As a case study, we apply this approach to the domain of psychiatry, a field requiring specialized knowledge and sensitive handling of patient information.
  arXiv  Detail & Related papers  (2024-08-12T03:52:11Z)
• Federated Domain-Specific Knowledge Transfer on Large Language Models Using Synthetic Data [53.70870879858533]
  We introduce a Federated Domain-specific Knowledge Transfer framework. It enables domain-specific knowledge transfer from LLMs to SLMs while preserving clients' data privacy. The proposed FDKT framework consistently and greatly improves SLMs' task performance by around 5% with a privacy budget of less than 10.
  arXiv  Detail & Related papers  (2024-05-23T06:14:35Z)
• HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
  Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs) TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks. We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
  arXiv  Detail & Related papers  (2024-01-17T00:56:23Z)
• Policy Patterns for Usage Control in Data Spaces [0.0]
  This paper presents key contributions to the development of automated contract negotiation and data usage policies. The use of the Open Digital Rights Language (ODRL) is proposed to formalize the collected policies.
  arXiv  Detail & Related papers  (2023-09-20T13:16:55Z)
• Scalable Discovery and Continuous Inventory of Personal Data at Rest in Cloud Native Systems [0.0]
  Cloud native systems are processing large amounts of personal data through numerous and possibly multi-paradigmatic data stores. From a privacy engineering perspective, a core challenge is to keep track of all exact locations, where personal data is being stored. We present Teiresias, comprising i) a workflow pattern for scalable discovery of personal data at rest, and ii) a cloud native system architecture and open source prototype implementation of said workflow pattern.
  arXiv  Detail & Related papers  (2022-09-09T10:45:34Z)
• Domain-Agnostic Prior for Transfer Semantic Segmentation [197.9378107222422]
  Unsupervised domain adaptation (UDA) is an important topic in the computer vision community. We present a mechanism that regularizes cross-domain representation learning with a domain-agnostic prior (DAP) Our research reveals that UDA benefits much from better proxies, possibly from other data modalities.
  arXiv  Detail & Related papers  (2022-04-06T09:13:25Z)
• Distributed Machine Learning and the Semblance of Trust [66.1227776348216]
  Federated Learning (FL) allows the data owner to maintain data governance and perform model training locally without having to share their data. FL and related techniques are often described as privacy-preserving. We explain why this term is not appropriate and outline the risks associated with over-reliance on protocols that were not designed with formal definitions of privacy in mind.
  arXiv  Detail & Related papers  (2021-12-21T08:44:05Z)
• National Access Points for Intelligent Transport Systems Data: From Conceptualization to Benefits Recognition and Exploitation [55.41644538483948]
  The European Union has proposed the development of a National Access Point (NAP) by each individual Member State. This paper aims to ascertain the role of a NAP within the ITS ecosystem, to investigate methodologies used in designing such platforms, and, through the drafting of an extended use case, showcase a NAP operational process and associate possible benefits with specific steps of it.
  arXiv  Detail & Related papers  (2020-10-14T17:13:00Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.