Abstract: Embodiments are directed to techniques for chaining, triggering, and/or enforcing entitlements in a constrained environment. A constrained environment may be provided within with shielded assets are required to exist or execute. An entitlement may be granted on a variety of shielded assets, including datasets, computations scripts, data privacy pipelines, and intermediate datasets generated by an intermediate step of a data privacy pipeline. Thus, a beneficiary may use a granted entitlement as an input into other data privacy pipelines, without the need for the grantor to approve each specific downstream operation. The constrained environment may enforce an entitlement by fulfilling applicable constraints upon accessing the entitlement, restricting the output of the entitlement to the constrained environment, and fulfilling applicable policies when executing downstream operations.

Abstract: Implementations are directed to developing and facilitating a data collaboration using a data collaboration tool that bundles data pipelines and governing contracts into a data collaboration app. The data collaboration tool may include an authoring mode and may include an electronic canvas that visually represents all contracts and pipelines of the data collaboration app on a single canvas and visually represents traceability from the contracts to the pipeline elements they enable. A developer may use authoring mode to develop a template app that includes placeholder elements, including a reference to an anonymous placeholder participant. The template app may be shared, and a recipient may invite data collaborators to fill in the placeholder elements and deploy the app, enabling the data collaborators to trigger the data pipelines to execute in a data trustee environment to generate insights from each other's assets without exposing the assets to the collaborators or the developer.

Abstract: Embodiments are directed to techniques for enforcing entitlements used by data privacy pipelines. When a data consumer requests to trigger a pipeline that relies on an entitlement, an enforcement mechanism may operate to verify the data consumer's triggering of the pipeline will satisfy the entitlements. A rules engine may access all root entities of the pipeline that require an entitlement, load all contracts and/or corresponding pipelines that reference one of the root entities, and search for one valid access path through the loaded contracts/pipelines. If multiple contracts and/or multiple access paths allow access to a particular root entity, various conflict rules may be configured to choose which contract and access path to use. If all root entities have a valid access path, the constrained environment may execute the requested pipeline using the identified access path for each root entity.

Abstract: Embodiments are directed to techniques for enforcing entitlements used by data privacy pipelines. When a data consumer requests to trigger a pipeline that relies on an entitlement, an enforcement mechanism may operate to verify the data consumer's triggering of the pipeline will satisfy the entitlements. A rules engine may access all root entities of the pipeline that require an entitlement, load all contracts and/or corresponding pipelines that reference one of the root entities, and search for one valid access path through the loaded contracts/pipelines. If multiple contracts and/or multiple access paths allow access to a particular root entity, various conflict rules may be configured to choose which contract and access path to use. If all root entities have a valid access path, the constrained environment may execute the requested pipeline using the identified access path for each root entity.

Abstract: Implementations are directed to developing and facilitating a data collaboration using a data collaboration tool that bundles data pipelines and governing contracts into a data collaboration app. The data collaboration tool may include an authoring mode and may include an electronic canvas that visually represents all contracts and pipelines of the data collaboration app on a single canvas and visually represents traceability from the contracts to the pipeline elements they enable. A developer may use authoring mode to develop a template app that includes placeholder elements, including a reference to an anonymous placeholder participant. The template app may be shared, and a recipient may invite data collaborators to fill in the placeholder elements and deploy the app, enabling the data collaborators to trigger the data pipelines to execute in a data trustee environment to generate insights from each other's assets without exposing the assets to the collaborators or the developer.

Abstract: Implementations are directed to developing and facilitating a data collaboration using a debug mode that permits debugging a data pipeline without exposing collaborator data. In an example implementation, collaborators that contribute production data into a data pipeline specify sample data such as mock, random, or expired data for each production dataset they contribute. When one of the collaborators triggers the data pipeline in debug mode, a modified data pipeline that substitutes the production data for the sample data is executed to generate sample derived data in a data trustee environment, without exposing the production data. Since debug mode does not use production data, a data pipeline may run in debug mode even if a governing contract has not been signed (and entitlements have not been granted), and/or diagnostic logs generated by the modified data pipeline in debug mode may be exposed to the collaborators for debugging purposes.

Abstract: Implementations are directed to facilitating a data collaboration by debugging a data pipeline in production mode without exposing diagnostic logs generated by executing the data pipeline over production data contributed by collaborators. In an example implementation, a data collaboration tool treats the diagnostic logs as virtual data assets owned by the collaborators, permitting the collaborators to enable an option to save the diagnostic logs in the data trustee environment, define entitlements to reference the diagnostic logs in a pipeline, and build a debugging pipeline to evaluate the diagnostic logs. As such, a collaborator may trigger the data pipeline to generate a diagnostic log, and trigger a debugging pipeline to derive insights from the diagnostic log in the data trustee environment, without exposing the diagnostic log or the production data to the collaborators. As such, the insights may be exposed for debugging purposes without exposing collaborator data.

Abstract: Embodiments are directed to techniques for chaining, triggering, and/or enforcing entitlements in a constrained environment. A constrained environment may be provided within with shielded assets are required to exist or execute. An entitlement may be granted on a variety of shielded assets, including datasets, computations scripts, data privacy pipelines, and intermediate datasets generated by an intermediate step of a data privacy pipeline. Thus, a beneficiary may use a granted entitlement as an input into other data privacy pipelines, without the need for the grantor to approve each specific downstream operation. The constrained environment may enforce an entitlement by fulfilling applicable constraints upon accessing the entitlement, restricting the output of the entitlement to the constrained environment, and fulfilling applicable policies when executing downstream operations.

Abstract: Embodiments are directed to techniques for chaining, triggering, and/or enforcing entitlements in a constrained environment. A constrained environment may be provided within with shielded assets are required to exist or execute. An entitlement may be granted on a variety of shielded assets, including datasets, computations scripts, data privacy pipelines, and intermediate datasets generated by an intermediate step of a data privacy pipeline. Thus, a beneficiary may use a granted entitlement as an input into other data privacy pipelines, without the need for the grantor to approve each specific downstream operation. The constrained environment may enforce an entitlement by fulfilling applicable constraints upon accessing the entitlement, restricting the output of the entitlement to the constrained environment, and fulfilling applicable policies when executing downstream operations.

Abstract: Embodiments are directed to techniques for constructing, configuring, triggering, and executing various types of multi-party pipelines that access and/or use a shielded asset required to exist or execute within a data trustee environment. Generally, authorized participants can build upon template data privacy pipelines and other shielded assets to create other pipelines. Building blocks such as entitlements, cross-environment pipelines, and/or shielded assets governed by various collaborative intelligence contracts can be used to construct more complicated pipelines that may include any number of data privacy pipelines, cross-environment pipelines, input datasets, computational steps, output datasets, permissible queries, participants, and/or governing collaborative intelligence contracts.

Abstract: Embodiments are directed to techniques for constructing, configuring, triggering, and executing various types of multi-party pipelines that access and/or use a shielded asset required to exist or execute within a data trustee environment. Generally, authorized participants can build upon template data privacy pipelines and other shielded assets to create other pipelines. Building blocks such as entitlements, cross-environment pipelines, and/or shielded assets governed by various collaborative intelligence contracts can be used to construct more complicated pipelines that may include any number of data privacy pipelines, cross-environment pipelines, input datasets, computational steps, output datasets, permissible queries, participants, and/or governing collaborative intelligence contracts.

Abstract: Embodiments are directed to techniques for enforcing entitlements used by data privacy pipelines. When a data consumer requests to trigger a pipeline that relies on an entitlement, an enforcement mechanism may operate to verify the data consumer's triggering of the pipeline will satisfy the entitlements. A rules engine may access all root entities of the pipeline that require an entitlement, load all contracts and/or corresponding pipelines that reference one of the root entities, and search for one valid access path through the loaded contracts/pipelines. If multiple contracts and/or multiple access paths allow access to a particular root entity, various conflict rules may be configured to choose which contract and access path to use. If all root entities have a valid access path, the constrained environment may execute the requested pipeline using the identified access path for each root entity.

Abstract: Embodiments are directed to techniques for chaining, triggering, and/or enforcing entitlements in a constrained environment. A constrained environment may be provided within with shielded assets are required to exist or execute. An entitlement may be granted on a variety of shielded assets, including datasets, computations scripts, data privacy pipelines, and intermediate datasets generated by an intermediate step of a data privacy pipeline. Thus, a beneficiary may use a granted entitlement as an input into other data privacy pipelines, without the need for the grantor to approve each specific downstream operation. The constrained environment may enforce an entitlement by fulfilling applicable constraints upon accessing the entitlement, restricting the output of the entitlement to the constrained environment, and fulfilling applicable policies when executing downstream operations.

Abstract: Embodiments are directed to techniques for constructing, configuring, triggering, and executing various types of multi-party pipelines that access and/or use a shielded asset required to exist or execute within a data trustee environment. Generally, authorized participants can build upon template data privacy pipelines and other shielded assets to create other pipelines. Building blocks such as entitlements, cross-environment pipelines, and/or shielded assets governed by various collaborative intelligence contracts can be used to construct more complicated pipelines that may include any number of data privacy pipelines, cross-environment pipelines, input datasets, computational steps, output datasets, permissible queries, participants, and/or governing collaborative intelligence contracts.

Abstract: A computing device and method for dynamic pattern recognition in a spreadsheet. The computing device comprises an electronic processor and a display device. The electronic processor executing instructions to receive a data set including a tabular sample input data and tabular sample output data, extract a pattern associated with the data set based on parameters in an autocomplete function, apply the pattern associated with the data set on a source data using the autocomplete function to determine a result data, and dynamically update the result data in response to a change in the source data and display the updated result data on the display device.