Conformity Assessment Criteria
General Information
- cxId: CX-0152
- name: Policy Constraints for Data Exchange
- capability: Policy
- version: 1.1.0
- release: CX-Neptun Preview
Conformity Assessment Criteria
CX-0152-CAC-001
- type: MUST
- topic: Policy
- automisable: false
- assessment:
- Inspection
- Observation
- Self-Assessment
- Inquiry
- Confirmation
- Recalculation
- Reperformance
- Analytical
- Procedures
Requirement
Data Provider and Data Consumer MUST NOT include Constraints that are not referenced in this schema in their Data Offers and MUST only use operators and rightOperands assigned to the respective leftOperands.
Proof of Conformity
Data Provider and Data Consumer: Review of Data Offers to confirm that only Constraints with leftOperands, operators, and rightOperands are used that are referenced in this schema.
Additional Information
Relevant for role: Data Provider, Data Consumer Data Provider and Data Consumer can define what Constraints must be adhered by both parties by assigning the respective Constraints to the Usage Policy of their Data Offer.
CX-0152-CAC-002
- type: MUST
- topic: Policy
- automisable: true
- assessment:
- Inspection
- Observation
- Self-Assessment
- Inquiry
- Confirmation
- Recalculation
- Reperformance
- Analytical
- Procedures
Requirement
Business Application Providers and Enablement Service Providers MUST support all Constraints that are referenced in this schema.
Proof of Conformity
Business Application Providers, Enablement Service Providers: Documentation and demonstration that the application supports all Constraints referenced in this schema.
Additional Information
Relevant for role: Business Application Providers, Enablement Service Providers
CX-0152-CAC-003
- type: MUST
- topic: Policy
- automisable: false
- assessment:
- Inspection
- Observation
- Self-Assessment
- Inquiry
- Confirmation
- Recalculation
- Reperformance
- Analytical
- Procedures
Requirement
In the event a policy contains more than 1 Constraint, Data Providers and Data Consumers MUST chain Constraints via odrl:and.
Proof of Conformity
Data Provider and Data Consumer: Review of Data Offers to confirm that multiple Constraints are chained using odrl:and.
Additional Information
Relevant for role: Data Provider, Data Consumer
CX-0152-CAC-004
- type: MUST
- topic: Policy
- automisable: false
- assessment:
- Inspection
- Observation
- Self-Assessment
- Inquiry
- Confirmation
- Recalculation
- Reperformance
- Analytical
- Procedures
Requirement
The validation for the rightOperands of the MembershipConstraint MUST be done via the MembershipCredential.
Proof of Conformity
Business Application Provider, Enablement Service Provider: Documentation and demonstration confirming that validation of MembershipConstraint rightOperands is performed via the MembershipCredential.
Additional Information
Relevant for role: Business Application Provider, Enablement Service Provider
CX-0152-CAC-005
- type: MUST
- topic: Policy
- automisable: false
- assessment:
- Inspection
- Observation
- Self-Assessment
- Inquiry
- Confirmation
- Recalculation
- Reperformance
- Analytical
- Procedures
Requirement
The validation for the rightOperand of the BusinessPartnerNumber and of the BPNLsBPNL The unique identifier of a legal entity of a partner within Catena-X (e.g., a company). contained in the BusinessPartnerGroup MUST be done via the MembershipCredential or the BpnCredential.
Proof of Conformity
Business Application Provider, Enablement Service Provider: Documentation and demonstration confirming that validation of BusinessPartnerNumber and BusinessPartnerGroup rightOperands is performed via the MembershipCredential or BpnCredential.
Additional Information
Relevant for role: Business Application Provider, Enablement Service Provider
CX-0152-CAC-006
- type: MUST
- topic: Policy
- automisable: false
- assessment:
- Inspection
- Observation
- Self-Assessment
- Inquiry
- Confirmation
- Recalculation
- Reperformance
- Analytical
- Procedures
Requirement
The validation for the rightOperand of the FrameworkAgreementConstraint MUST be done via the DataExchangeGovernanceCredential.
Proof of Conformity
Business Application Provider, Enablement Service Provider: Documentation and demonstration confirming that validation of FrameworkAgreementConstraint rightOperands is performed via the DataExchangeGovernanceCredential.
Additional Information
Relevant for role: Business Application Provider, Enablement Service Provider
CX-0152-CAC-007
- type: SHOULD
- topic: Policy
- automisable: false
- assessment:
- Inspection
- Observation
- Self-Assessment
- Inquiry
- Confirmation
- Recalculation
- Reperformance
- Analytical
- Procedures