Enhancing Federated Data Trading via Trustworthy Identity and Access Management Framework

Trustworthy Identity and Access Management (IAM) is a foundational requirement for federated data trading platforms, yet existing solutions often rely on centralized Identity Providers (IdPs), lack cross-border interoperability, and offer limited support for user-friendly authorization management. These limitations hinder secure onboarding, fine-grained access control, and regulatory compliance, especially within European Union (EU) data spaces governed by the Electronic Identification, Authentication, and Trust Services (eIDAS) 2.0 framework. This work presents a comprehensive IAM framework designed for federated data trading environments, developed within the EU-funded PISTIS project. The framework is based on Keycloak IAM and offers three major capabilities: (i) a novel IAM architecture tailored to distributed data trading scenarios; (ii) full integration of eIDAS-compliant cross-border authentication and initial support for European Digital Identity (EUDI) Wallets; and (iii) a standalone, web-based Access Policy Editor (APE) that abstracts Keycloak’s policy engine and enables non-technical users to define fine-grained, owner-driven access rules. The approach is evaluated across real-world mobility, energy, and automotive industry pilots, demonstrating its effectiveness in enhancing trust, interoperability, and usability within regulated data-sharing ecosystems.