{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,3]],"date-time":"2026-03-03T05:57:21Z","timestamp":1772517441781,"version":"3.50.1"},"reference-count":44,"publisher":"MDPI AG","issue":"2","license":[{"start":{"date-parts":[[2026,2,28]],"date-time":"2026-02-28T00:00:00Z","timestamp":1772236800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["JCP"],"abstract":"<jats:p>Trustworthy Identity and Access Management (IAM) is a foundational requirement for federated data trading platforms, yet existing solutions often rely on centralized Identity Providers (IdPs), lack cross-border interoperability, and offer limited support for user-friendly authorization management. These limitations hinder secure onboarding, fine-grained access control, and regulatory compliance, especially within European Union (EU) data spaces governed by the Electronic Identification, Authentication, and Trust Services (eIDAS) 2.0 framework. This work presents a comprehensive IAM framework designed for federated data trading environments, developed within the EU-funded PISTIS project. The framework is based on Keycloak IAM and offers three major capabilities: (i) a novel IAM architecture tailored to distributed data trading scenarios; (ii) full integration of eIDAS-compliant cross-border authentication and initial support for European Digital Identity (EUDI) Wallets; and (iii) a standalone, web-based Access Policy Editor (APE) that abstracts Keycloak\u2019s policy engine and enables non-technical users to define fine-grained, owner-driven access rules. The approach is evaluated across real-world mobility, energy, and automotive industry pilots, demonstrating its effectiveness in enhancing trust, interoperability, and usability within regulated data-sharing ecosystems.<\/jats:p>","DOI":"10.3390\/jcp6020041","type":"journal-article","created":{"date-parts":[[2026,3,2]],"date-time":"2026-03-02T16:06:59Z","timestamp":1772467619000},"page":"41","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Enhancing Federated Data Trading via Trustworthy Identity and Access Management Framework"],"prefix":"10.3390","volume":"6","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2090-2218","authenticated-orcid":false,"given":"Kyriakos","family":"Stefanidis","sequence":"first","affiliation":[{"name":"Industrial Systems Institute, Athena Research Center, Patras Science Park, Platani, 26504 Patras, Greece"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Vasilis","family":"Bekos","sequence":"additional","affiliation":[{"name":"Industrial Systems Institute, Athena Research Center, Patras Science Park, Platani, 26504 Patras, Greece"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8816-862X","authenticated-orcid":false,"given":"Dimitris","family":"Karadimas","sequence":"additional","affiliation":[{"name":"Industrial Systems Institute, Athena Research Center, Patras Science Park, Platani, 26504 Patras, Greece"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2026,2,28]]},"reference":[{"key":"ref_1","unstructured":"Maier, B., and Pohlmann, P.D.N. (2026, February 20). Developing a Decentralised, User-Centric, and Secure Cloud Ecosystem: Gaia-X Secure and Trustworthy Ecosystems with Self Sovereign Identity. Technical Report, Gaia-X European Association for Data and Cloud AISBL. Available online: https:\/\/gaia-x.eu\/wp-content\/uploads\/2022\/09\/SSI-White-Paper_Design_Final_ENG-V2_Updated-1-9-22.pdf."},{"key":"ref_2","unstructured":"Keycloak Org (2026, February 20). Keycloak Authorization Services. Available online: https:\/\/www.keycloak.org\/docs\/latest\/authorization_services\/index.html#_policy_overview."},{"key":"ref_3","unstructured":"European Union (2026, February 20). Regulation (EU) No 910\/2014 of the European Parliament and of the Council of 23 July 2014 on Electronic Identification and Trust Services for Electronic Transactions in the Internal Market and Repealing Directive 1999\/93\/EC (eIDAS Regulation). Available online: https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/?uri=uriserv%3AOJ.L_.2014.257.01.0073.01.ENG."},{"key":"ref_4","unstructured":"European Commision (2026, February 20). Implementing Regulation for European Digital Identity Wallets. Available online: https:\/\/digital-strategy.ec.europa.eu\/en\/library\/implementing-regulation-european-digital-identity-wallets."},{"key":"ref_5","unstructured":"PISTIS Consortium (2026, February 20). PISTIS\u2014Promoting and Incentivising Federated, Trusted, and Fair Sharing and Trading of Interoperable Data Assets. Available online: https:\/\/www.pistis-project.eu\/."},{"key":"ref_6","unstructured":"Keycloak Community (2026, February 20). Keycloak\u2014Open Source Identity and Access Management. Available online: https:\/\/www.keycloak.org\/."},{"key":"ref_7","unstructured":"PISTIS Consortium (2026, February 20). PISTIS Horizon Europe Project Repository. Available online: https:\/\/github.com\/PISTIS-Platform."},{"key":"ref_8","unstructured":"International Data Spaces Association (IDSA) (2026, February 20). International Data Spaces: Home. Available online: https:\/\/internationaldataspaces.org\/."},{"key":"ref_9","unstructured":"Nagel, L., and Lycklama, D. (2021). Design Principles for Data Spaces. Position Paper. Version 1.0, International Data Spaces Association. Technical report."},{"key":"ref_10","unstructured":"Ivanschitz, B.P., Lampoltshammer, T.J., Mireles, V., Revenko, A., Schlarb, S., and Thurnay, L. (2018). A Semantic Catalogue for the Data Market Austria. Proceedings of the CEUR Workshop, CEUR-WS.org. Available online: https:\/\/ceur-ws.org\/Vol-2198\/paper_126.pdf."},{"key":"ref_11","unstructured":"Ocean Protocol Foundation with BigchainDB GmbH (2026, February 20). Ocean Protocol: Tools for the Web3 Data Economy, Technical Whitepaper. Technical Report, Ocean Protocol Foundation. Available online: https:\/\/oceanprotocol.com\/tech-whitepaper.pdf."},{"key":"ref_12","unstructured":"Yasuda, K., Jones, M.B., and Lodderstedt, T. (2026, February 20). Self-Issued OpenID Provider v2. Available online: https:\/\/openid.net\/specs\/openid-connect-self-issued-v2-1_0.html."},{"key":"ref_13","unstructured":"FIWARE Foundation (2026, February 20). FIWARE Tutorials: Identity Management. Available online: https:\/\/fiware-tutorials.readthedocs.io\/en\/latest\/identity-management.html."},{"key":"ref_14","unstructured":"FIWARE Foundation (2026, February 20). Keyrock: FIWARE Identity Manager. Available online: https:\/\/github.com\/FIWARE-GEs\/keyrock."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Atlam, H.F., Azad, M.A., Alassafi, M.O., Alshdadi, A.A., and Alenezi, A. (2020). Risk-Based Access Control Model: A Systematic Literature Review. Future Internet, 12.","DOI":"10.3390\/fi12060103"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"11913","DOI":"10.1038\/s41598-024-80307-3","article-title":"A secure and scalable IoT access control framework with dynamic attribute updates and policy hiding","volume":"15","author":"Xu","year":"2025","journal-title":"Sci. Rep."},{"key":"ref_17","first-page":"322","article-title":"A Risk-aware Access Control Model for Biomedical Research Platforms","volume":"Volume 1","author":"Mori","year":"2018","journal-title":"Proceedings of the ICISSP 2018\u2014Proceedings of the 4th International Conference on Information Systems Security and Privacy"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"101725","DOI":"10.1016\/j.pmcj.2022.101725","article-title":"Context-aware privacy-preserving access control for mobile computing","volume":"87","author":"Herrera","year":"2022","journal-title":"Pervasive Mob. Comput."},{"key":"ref_19","unstructured":"Fereidouni, H., Hafid, A.S., Makrakis, D., and Baseri, Y. (2024). F-RBA: A Federated Learning-based Framework for Risk-based Authentication. arXiv."},{"key":"ref_20","unstructured":"Hu, V.C. (2022). Blockchain for Access Control Systems, National Institute of Standards and Technology (NIST), U.S. Department of Commerce. NIST IR 8403."},{"key":"ref_21","unstructured":"Abdulrahman, E., Alshehri, S., Alzubaidy, A., and Cherif, A. (2025). A Distributed Blockchain-based Access Control for the Internet of Things. arXiv."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"95","DOI":"10.1016\/j.procs.2022.07.014","article-title":"A Blockchain-based platform for data management and sharing","volume":"203","author":"Kumi","year":"2022","journal-title":"Procedia Comput. Sci."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"3404","DOI":"10.37624\/IJERT\/13.11.2020.3404-3414","article-title":"A Novel Hybrid Approach for Access Control in Cloud Computing","volume":"13","author":"Alayda","year":"2020","journal-title":"Int. J. Eng. Res. Technol."},{"key":"ref_24","first-page":"1","article-title":"HyARBAC: A New Hybrid Access Control Model for Cloud Computing","volume":"15","author":"Houhou","year":"2024","journal-title":"Int. J. Comput. Digit. Syst."},{"key":"ref_25","unstructured":"GRNET (2026, February 20). Eidas-Keycloak-Extension. [GitHub Repository]. Available online: https:\/\/github.com\/grnet\/eidas-keycloak-extension."},{"key":"ref_26","unstructured":"ACROSS H2020 Consortium (2026, February 20). D4.2 Components Adaptation for SDG, OOP, eIDAS for National Public Services (Intermediate). Available online: https:\/\/across-h2020.eu\/d4-2-components-adaptation-for-sdg-oop-eidas-for-national-public-services-intermediate\/."},{"key":"ref_27","unstructured":"European Commission (2026, February 20). Find your Single Point of Contact (SPOC). Available online: https:\/\/ec.europa.eu\/digital-building-blocks\/sites\/spaces\/DIGITAL\/pages\/467109863\/Find+your+Single+Point+of+Contact."},{"key":"ref_28","unstructured":"European Union (2026, February 20). Commission Delegated Regulation (EU) 2025\/4227. [Official Journal of the European Union]. Available online: https:\/\/eur-lex.europa.eu\/eli\/C\/2025\/4227\/oj."},{"key":"ref_29","unstructured":"WSO2 Documentation Team (2026, February 20). Electronic Identification, Authentication and Trust Services Regulation. Available online: https:\/\/is.docs.wso2.com\/en\/5.9.0\/compliance\/electronic-identification-authentication-and-trust-services-regulation\/."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Pr\u00fcnster, B., Czerny, R., Corici, A.A., and Wich, T. (2024). Implementation and System Integration. From Electronic to Mobile Government, Springer.","DOI":"10.1007\/978-3-031-64471-9_5"},{"key":"ref_31","unstructured":"European Union (2026, February 20). Regulation (EU) 2024\/1183 of the European Parliament and of the Council of 11 April 2024 Amending Regulation (EU) No 910\/2014 as Regards Establishing the European Digital Identity Framework. Available online: https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/?uri=celex%3A32024R1183."},{"key":"ref_32","unstructured":"European Commission (2026, February 20). European Digital Identity (EUDI) Regulation. Available online: https:\/\/digital-strategy.ec.europa.eu\/en\/policies\/eudi-regulation."},{"key":"ref_33","unstructured":"European Commission (2026, February 20). eIDAS Regulation. Available online: https:\/\/digital-strategy.ec.europa.eu\/en\/policies\/eidas-regulation."},{"key":"ref_34","unstructured":"European Commission (2026, February 20). EU Digital Identity Wallet. Available online: https:\/\/ec.europa.eu\/digital-building-blocks\/sites\/spaces\/EUDIGITALIDENTITYWALLET\/pages\/694487738\/EU+Digital+Identity+Wallet+Home."},{"key":"ref_35","unstructured":"Terbu, O., Lodderstedt, T., Yasuda, K., Fett, D., and Heenan, J. (2026, February 20). OpenID for Verifiable Presentations 1.0. Available online: https:\/\/openid.net\/specs\/openid-4-verifiable-presentations-1_0.html."},{"key":"ref_36","unstructured":"Lodderstedt, T., Yasuda, K., Looker, T., and Bastian, P. (2026, February 20). OpenID for Verifiable Credential Issuance 1.0. Available online: https:\/\/openid.net\/specs\/openid-4-verifiable-credential-issuance-1_0.html."},{"key":"ref_37","unstructured":"(2026, February 20). Walt.id. Walt.id | Powerful Digital Identity and Wallet Infrastructure. Available online: https:\/\/walt.id\/."},{"key":"ref_38","unstructured":"(2026, February 20). Talao. Talao | Wallet as a Service | SSI, EUDI & Verifiable Credential Wallets. Available online: https:\/\/www.talao.io\/."},{"key":"ref_39","unstructured":"(2026, February 20). The European Blockchain Partnership (EBP). The European Blockchain Services Infrastructure (EBSI). Available online: https:\/\/ec.europa.eu\/digital-building-blocks\/sites\/spaces\/EBSI\/pages\/447687044\/Home."},{"key":"ref_40","unstructured":"Nuxt Community (2026, February 20). NuxtJS\u2014The Progressive Web Framework. Available online: https:\/\/nuxt.com."},{"key":"ref_41","unstructured":"Vue.js Community (2026, February 20). Vue.js\u2014The Progressive JavaScript Framework. Available online: https:\/\/vuejs.org."},{"key":"ref_42","unstructured":"(2026, February 20). OAuth 2.0 Standard. OAuth 2.0\u2014The Industry-Standard Protocol for Authorization. Available online: https:\/\/oauth.net\/2\/."},{"key":"ref_43","unstructured":"(2026, February 20). Systems and Software Engineering \u2014 Systems and Software Quality Requirements and Evaluation (Square) \u2014 Product Quality Model, International Standards Organization. Available online: https:\/\/www.iso.org\/standard\/78176.html."},{"key":"ref_44","unstructured":"European Commision (2026, February 20). EU Digital Identity Wallet Pilot Implementation. Available online: https:\/\/digital-strategy.ec.europa.eu\/en\/policies\/eudi-wallet-implementation."}],"container-title":["Journal of Cybersecurity and Privacy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2624-800X\/6\/2\/41\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,3]],"date-time":"2026-03-03T05:14:25Z","timestamp":1772514865000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2624-800X\/6\/2\/41"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,2,28]]},"references-count":44,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2026,4]]}},"alternative-id":["jcp6020041"],"URL":"https:\/\/doi.org\/10.3390\/jcp6020041","relation":{},"ISSN":["2624-800X"],"issn-type":[{"value":"2624-800X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,2,28]]}}}