Abstract: Embodiments are directed to techniques for chaining, triggering, and/or enforcing entitlements in a constrained environment. A constrained environment may be provided within with shielded assets are required to exist or execute. An entitlement may be granted on a variety of shielded assets, including datasets, computations scripts, data privacy pipelines, and intermediate datasets generated by an intermediate step of a data privacy pipeline. Thus, a beneficiary may use a granted entitlement as an input into other data privacy pipelines, without the need for the grantor to approve each specific downstream operation. The constrained environment may enforce an entitlement by fulfilling applicable constraints upon accessing the entitlement, restricting the output of the entitlement to the constrained environment, and fulfilling applicable policies when executing downstream operations.

Abstract: Implementations are directed to developing and facilitating a data collaboration using a data collaboration tool that bundles data pipelines and governing contracts into a data collaboration app. The data collaboration tool may include an authoring mode and may include an electronic canvas that visually represents all contracts and pipelines of the data collaboration app on a single canvas and visually represents traceability from the contracts to the pipeline elements they enable. A developer may use authoring mode to develop a template app that includes placeholder elements, including a reference to an anonymous placeholder participant. The template app may be shared, and a recipient may invite data collaborators to fill in the placeholder elements and deploy the app, enabling the data collaborators to trigger the data pipelines to execute in a data trustee environment to generate insights from each other's assets without exposing the assets to the collaborators or the developer.

Abstract: Embodiments are directed to techniques for enforcing entitlements used by data privacy pipelines. When a data consumer requests to trigger a pipeline that relies on an entitlement, an enforcement mechanism may operate to verify the data consumer's triggering of the pipeline will satisfy the entitlements. A rules engine may access all root entities of the pipeline that require an entitlement, load all contracts and/or corresponding pipelines that reference one of the root entities, and search for one valid access path through the loaded contracts/pipelines. If multiple contracts and/or multiple access paths allow access to a particular root entity, various conflict rules may be configured to choose which contract and access path to use. If all root entities have a valid access path, the constrained environment may execute the requested pipeline using the identified access path for each root entity.

Abstract: Embodiments are directed to techniques for enforcing entitlements used by data privacy pipelines. When a data consumer requests to trigger a pipeline that relies on an entitlement, an enforcement mechanism may operate to verify the data consumer's triggering of the pipeline will satisfy the entitlements. A rules engine may access all root entities of the pipeline that require an entitlement, load all contracts and/or corresponding pipelines that reference one of the root entities, and search for one valid access path through the loaded contracts/pipelines. If multiple contracts and/or multiple access paths allow access to a particular root entity, various conflict rules may be configured to choose which contract and access path to use. If all root entities have a valid access path, the constrained environment may execute the requested pipeline using the identified access path for each root entity.

Abstract: Implementations are directed to developing and facilitating a data collaboration using a data collaboration tool that bundles data pipelines and governing contracts into a data collaboration app. The data collaboration tool may include an authoring mode and may include an electronic canvas that visually represents all contracts and pipelines of the data collaboration app on a single canvas and visually represents traceability from the contracts to the pipeline elements they enable. A developer may use authoring mode to develop a template app that includes placeholder elements, including a reference to an anonymous placeholder participant. The template app may be shared, and a recipient may invite data collaborators to fill in the placeholder elements and deploy the app, enabling the data collaborators to trigger the data pipelines to execute in a data trustee environment to generate insights from each other's assets without exposing the assets to the collaborators or the developer.

Abstract: Implementations are directed to facilitating a data collaboration by debugging a data pipeline in production mode without exposing diagnostic logs generated by executing the data pipeline over production data contributed by collaborators. In an example implementation, a data collaboration tool treats the diagnostic logs as virtual data assets owned by the collaborators, permitting the collaborators to enable an option to save the diagnostic logs in the data trustee environment, define entitlements to reference the diagnostic logs in a pipeline, and build a debugging pipeline to evaluate the diagnostic logs. As such, a collaborator may trigger the data pipeline to generate a diagnostic log, and trigger a debugging pipeline to derive insights from the diagnostic log in the data trustee environment, without exposing the diagnostic log or the production data to the collaborators. As such, the insights may be exposed for debugging purposes without exposing collaborator data.

Abstract: Implementations are directed to developing and facilitating a data collaboration using a debug mode that permits debugging a data pipeline without exposing collaborator data. In an example implementation, collaborators that contribute production data into a data pipeline specify sample data such as mock, random, or expired data for each production dataset they contribute. When one of the collaborators triggers the data pipeline in debug mode, a modified data pipeline that substitutes the production data for the sample data is executed to generate sample derived data in a data trustee environment, without exposing the production data. Since debug mode does not use production data, a data pipeline may run in debug mode even if a governing contract has not been signed (and entitlements have not been granted), and/or diagnostic logs generated by the modified data pipeline in debug mode may be exposed to the collaborators for debugging purposes.

Abstract: Embodiments of the present disclosure are directed to techniques for deriving collaborative intelligence based on constraint computing or constraint querying. At a high level, a data trustee can operate a trustee environment that derives collaborative intelligence subject to configurable constraints, without sharing raw data. The trustee environment can include a data privacy pipeline through which data can be ingested, fused, derived, and sanitized to generate collaborative data without compromising data privacy. The collaborative data can be stored and queried to provide collaborative intelligence subject to the configurable constraints. In some embodiments, the data privacy pipeline is provided as a cloud service implemented in the trustee environment and can be spun up and spun down as needed.

Abstract: Embodiments of the present disclosure are directed to techniques for deriving collaborative intelligence based on constraint computing or constraint querying. At a high level, a data trustee can operate a trustee environment that derives collaborative intelligence subject to configurable constraints, without sharing raw data. The trustee environment can include a data privacy pipeline through which data can be ingested, fused, derived, and sanitized to generate collaborative data without compromising data privacy. The collaborative data can be stored and queried to provide collaborative intelligence subject to the configurable constraints. In some embodiments, the data privacy pipeline is provided as a cloud service implemented in the trustee environment and can be spun up and spun down as needed.

Abstract: Embodiments are directed to techniques for chaining, triggering, and/or enforcing entitlements in a constrained environment. A constrained environment may be provided within with shielded assets are required to exist or execute. An entitlement may be granted on a variety of shielded assets, including datasets, computations scripts, data privacy pipelines, and intermediate datasets generated by an intermediate step of a data privacy pipeline. Thus, a beneficiary may use a granted entitlement as an input into other data privacy pipelines, without the need for the grantor to approve each specific downstream operation. The constrained environment may enforce an entitlement by fulfilling applicable constraints upon accessing the entitlement, restricting the output of the entitlement to the constrained environment, and fulfilling applicable policies when executing downstream operations.

Abstract: Embodiments of the present disclosure are directed to techniques for constraint querying that allow data consumers to query collaborative data in a trustee environment, subject to configurable constraints, to derive collaborative intelligence without exposing underlying raw data provided by the tenants or collaborative data shielded by the trustee environment. Constraints can be applied in response to a query in multiple ways, including reformatting a query prior to execution, applying constraints after executing a query, constraining eligible queries for execution, applying access constraints prior to execution, and others. To reformat a query subject to constraints, the query can be parsed into an execution tree, which can be reformatted into a constrained execution tree by replacing executable units of logic inconsistent with a particular constraint with custom executable units of logic consistent with the constraint.

Abstract: Embodiments of the present disclosure are directed to techniques for constructing and configuring a data privacy pipeline to generate collaborative data in a data trustee environment. An interface of the trustee environment can serve as a sandbox for parties to generate, contribute to, or otherwise configure a data privacy pipeline by selecting, composing, and arranging any number of input datasets, computational steps, and contract outputs. (e.g., output datasets, permissible named queries on collaborative data). The interface may allow a contributing party to use one or more unspecified “placeholder” elements, such as placeholder datasets or placeholder computations, as building blocks in a pipeline under development. Parameterized access control may authorize designated participants to access, view, and/or contribute to designated portions of a contact or pipeline.

Abstract: Embodiments of the present disclosure are directed to techniques for monitoring and orchestrating the use and generation of collaborative data in a trustee environment subject to configurable constraints. A user interface can be provided to enable tenants to specify desired computations and constraints on the use and access to their data. A constraint manager can communicate with various components in the trustee environment to implement the constraints. For example, requests to execute an executable unit of logic such as a command or function call may be issued to the constraint manager, which can grant or deny permission. Permission may be granted subject to one or more conditions that implement the constraints, such as requiring the replacement of a particular executable unit of logic with a constrained executable unit of logic. As constraints are applied, any combination of schema, constraints, and/or attribution metadata can be associated with the data.

Abstract: Embodiments of the present disclosure are directed to techniques for constructing and configuring a data privacy pipeline to generate collaborative data in a data trustee environment. An interface of the trustee environment can serve as a sandbox for parties to generate, contribute to, or otherwise configure a data privacy pipeline by selecting, composing, and arranging any number of input datasets, computational steps, and contract outputs. (e.g., output datasets, permissible named queries on collaborative data). The interface may allow a contributing party to use one or more unspecified “placeholder” elements, such as placeholder datasets or placeholder computations, as building blocks in a pipeline under development. Parameterized access control may authorize designated participants to access, view, and/or contribute to designated portions of a contact or pipeline.

Abstract: Embodiments of the present disclosure are directed to techniques for constructing and configuring a data privacy pipeline to generate collaborative data in a data trustee environment. An interface of the trustee environment can serve as a sandbox for parties to generate, contribute to, or otherwise configure a data privacy pipeline by selecting, composing, and arranging any number of input datasets, computational steps, and contract outputs. (e.g., output datasets, permissible named queries on collaborative data). The interface may allow a contributing party to use one or more unspecified “placeholder” elements, such as placeholder datasets or placeholder computations, as building blocks in a pipeline under development. Parameterized access control may authorize designated participants to access, view, and/or contribute to designated portions of a contact or pipeline.

Abstract: Embodiments of the present disclosure are directed to techniques for constructing and configuring a data privacy pipeline to generate collaborative data in a data trustee environment. An interface of the trustee environment can serve as a sandbox for parties to generate, contribute to, or otherwise configure a data privacy pipeline by selecting, composing, and arranging any number of input datasets, computational steps, and contract outputs. (e.g., output datasets, permissible named queries on collaborative data). The interface may allow a contributing party to use one or more unspecified “placeholder” elements, such as placeholder datasets or placeholder computations, as building blocks in a pipeline under development. Parameterized access control may authorize designated participants to access, view, and/or contribute to designated portions of a contact or pipeline.

Abstract: Embodiments of the present disclosure are directed to techniques for constructing and configuring a data privacy pipeline to generate collaborative data in a data trustee environment. An interface of the trustee environment can serve as a sandbox for parties to generate, contribute to, or otherwise configure a data privacy pipeline by selecting, composing, and arranging any number of input datasets, computational steps, and contract outputs. (e.g., output datasets, permissible named queries on collaborative data). The interface may allow a contributing party to use one or more unspecified “placeholder” elements, such as placeholder datasets or placeholder computations, as building blocks in a pipeline under development. Parameterized access control may authorize designated participants to access, view, and/or contribute to designated portions of a contact or pipeline.

Abstract: Embodiments of the present disclosure are directed to techniques for constructing and configuring a data privacy pipeline to generate collaborative data in a data trustee environment. An interface of the trustee environment can serve as a sandbox for parties to generate, contribute to, or otherwise configure a data privacy pipeline by selecting, composing, and arranging any number of input datasets, computational steps, and contract outputs. (e.g., output datasets, permissible named queries on collaborative data). The interface may allow a contributing party to use one or more unspecified “placeholder” elements, such as placeholder datasets or placeholder computations, as building blocks in a pipeline under development. Parameterized access control may authorize designated participants to access, view, and/or contribute to designated portions of a contact or pipeline.

Abstract: Embodiments of the present disclosure are directed to techniques for constructing and configuring a data privacy pipeline to generate collaborative data in a data trustee environment. An interface of the trustee environment can serve as a sandbox for parties to generate, contribute to, or otherwise configure a data privacy pipeline by selecting, composing, and arranging any number of input datasets, computational steps, and contract outputs. (e.g., output datasets, permissible named queries on collaborative data). The interface may allow a contributing party to use one or more unspecified “placeholder” elements, such as placeholder datasets or placeholder computations, as building blocks in a pipeline under development. Parameterized access control may authorize designated participants to access, view, and/or contribute to designated portions of a contact or pipeline.

Abstract: Embodiments of the present disclosure are directed to techniques for constructing and configuring a data privacy pipeline to generate collaborative data in a data trustee environment. An interface of the trustee environment can serve as a sandbox for parties to generate, contribute to, or otherwise configure a data privacy pipeline by selecting, composing, and arranging any number of input datasets, computational steps, and contract outputs. (e.g., output datasets, permissible named queries on collaborative data). The interface may allow a contributing party to use one or more unspecified “placeholder” elements, such as placeholder datasets or placeholder computations, as building blocks in a pipeline under development. Parameterized access control may authorize designated participants to access, view, and/or contribute to designated portions of a contact or pipeline.