Handling Authorization and Access Control for Asset Administration Shells in Dataspaces

Gaia-X compliant dataspaces and Asset Administration Shells are increasingly applied together to enable secure and interoperable data exchange in various domains. While Gaia-X ensures participant authentication through its Trust Framework, it does not provide sufficient mechanisms for fine-grained authorization and access control, particularly when combined with the detailed structure of AAS submodels and properties. Existing specifications and research contributions recognize the importance of security, but they largely focus on authentication or define policies only at a coarse-grained level, leaving authorization at the submodel and property level insufficiently addressed. To close this gap, this paper proposes an authorization and access control layer at the interface between Gaia-X compliant dataspaces and AAS, enabling attribute-based, fine-grained access control. The approach leverages open-source frameworks and tools, including Open Policy Agent, Rego, BaSyx, and NGINX, for its realization. The proposed concept is validated through a conceptual use case involving carbon footprint data of a steel product.