diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index e20feacd..ef43a07b 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -130,7 +130,7 @@ jobs:
       # Create SemVer or ref tags dependent of trigger event
       - name: Docker Meta Agent Plane Hashicorp
         id: meta-hash
-        uses: docker/metadata-action@dbef88086f6cef02e264edb7dbf63250c17cef6c # v5.5.0
+        uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
         with:
           images: |
             ${{ steps.set-docker-repo.outputs.REPO }}/agentplane-hashicorp
@@ -142,7 +142,7 @@ jobs:
             type=semver,pattern={{version}}
             type=semver,pattern={{major}}
             type=semver,pattern={{major}}.{{minor}}
-            type=raw,value=1.13.20-SNAPSHOT,enable=${{ github.event.inputs.deploy_docker == 'true' || github.ref == format('refs/heads/{0}', 'main') }}
+            type=raw,value=1.13.21-SNAPSHOT,enable=${{ github.event.inputs.deploy_docker == 'true' || github.ref == format('refs/heads/{0}', 'main') }}
             type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
 
       - name: Agent Plane Hashicorp Container Build and push
@@ -158,7 +158,7 @@ jobs:
       # Important step to push image description to DockerHub - since this is version independent, we always take it from main
       - name: Update Docker Hub description for Agent Plane Hashicorp
         if: ${{ steps.set-docker-repo.outputs.REPO == 'docker.io' && github.ref == 'refs/heads/main' }}
-        uses: peter-evans/dockerhub-description@dc67fad7001ef9e8e3c124cb7a64e16d0a63d864 # v3.4.2
+        uses: peter-evans/dockerhub-description@e98e4d1628a5f3be2be7c231e50981aee98723ae # v4.0.0
         with:
           readme-filepath: agent-plane/agentplane-hashicorp/README.md
           username: ${{ secrets.DOCKER_HUB_USER }}
@@ -168,7 +168,7 @@ jobs:
       # Create SemVer or ref tags dependent of trigger event
       - name: Docker Meta Agent Plane Azure Vault
         id: meta-azr
-        uses: docker/metadata-action@dbef88086f6cef02e264edb7dbf63250c17cef6c # v5.5.0
+        uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
         with:
           images: |
             ${{ steps.set-docker-repo.outputs.REPO }}/agentplane-azure-vault
@@ -180,7 +180,7 @@ jobs:
             type=semver,pattern={{version}}
             type=semver,pattern={{major}}
             type=semver,pattern={{major}}.{{minor}}
-            type=raw,value=1.13.20-SNAPSHOT,enable=${{ github.event.inputs.deploy_docker == 'true' || github.ref == format('refs/heads/{0}', 'main') }}
+            type=raw,value=1.13.21-SNAPSHOT,enable=${{ github.event.inputs.deploy_docker == 'true' || github.ref == format('refs/heads/{0}', 'main') }}
             type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
 
       - name: Agent Plane Azure Vault Container Build and push
@@ -196,7 +196,7 @@ jobs:
       # Important step to push image description to DockerHub - since this is version independent, we always take it from main
       - name: Update Docker Hub description for Agent Plane Azure Vault
         if: ${{ steps.set-docker-repo.outputs.REPO == 'docker.io' && github.ref == 'refs/heads/main' }}
-        uses: peter-evans/dockerhub-description@dc67fad7001ef9e8e3c124cb7a64e16d0a63d864 # v3.4.2
+        uses: peter-evans/dockerhub-description@e98e4d1628a5f3be2be7c231e50981aee98723ae # v4.0.0
         with:
           readme-filepath: agent-plane/agentplane-azure-vault/README.md
           username: ${{ secrets.DOCKER_HUB_USER || github.actor }}
diff --git a/.github/workflows/helm-chart-lint.yml b/.github/workflows/helm-chart-lint.yml
index 7e1a89cd..cf658ca6 100644
--- a/.github/workflows/helm-chart-lint.yml
+++ b/.github/workflows/helm-chart-lint.yml
@@ -77,7 +77,7 @@ jobs:
           cache: 'maven'
 
       # Set-Up Python
-      - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
+      - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
         with:
           python-version: 3.9
 
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 23690d53..be55601e 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -55,7 +55,7 @@ jobs:
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # v0.16.1
+        uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
         with:
           scan-type: "config"
           # ignore-unfixed: true
@@ -65,7 +65,7 @@ jobs:
           output: "trivy-results-config.sarif"
           severity: "CRITICAL,HIGH"
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0
+        uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
         if: always()
         with:
           sarif_file: "trivy-results-config.sarif"
@@ -121,7 +121,7 @@ jobs:
       # the next two steps will only execute if the image exists check was successful
       - name: Run Trivy vulnerability scanner
         if: success() && steps.imageCheck.outcome != 'failure'
-        uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # v0.16.1
+        uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
         with:
           image-ref: "${{ steps.set-docker-repo.outputs.REPO }}/${{ matrix.image }}:${{ needs.git-sha7.outputs.value }}"
           format: "sarif"
@@ -132,6 +132,6 @@ jobs:
 
       - name: Upload Trivy scan results to GitHub Security tab
         if: success() && steps.imageCheck.outcome != 'failure'
-        uses: github/codeql-action/upload-sarif@689fdc5193eeb735ecb2e52e819e3382876f93f4 # v2.22.6
+        uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
         with:
           sarif_file: "trivy-results-${{ matrix.image }}.sarif"
diff --git a/.github/workflows/veracode.yml b/.github/workflows/veracode.yml
deleted file mode 100644
index 42f4fbde..00000000
--- a/.github/workflows/veracode.yml
+++ /dev/null
@@ -1,100 +0,0 @@
----
-#
-#  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-
-name: "Veracode"
-
-on:
-  schedule:
-    - cron: '0 2 * * *'
-  workflow_dispatch:
-
-jobs:
-  secret-presence:
-    runs-on: ubuntu-latest
-    outputs:
-      ORG_VERACODE_API_ID: ${{ steps.secret-presence.outputs.ORG_VERACODE_API_ID }}
-      ORG_VERACODE_API_KEY: ${{ steps.secret-presence.outputs.ORG_VERACODE_API_KEY }}
-    steps:
-      - name: Check whether secrets exist
-        id: secret-presence
-        run: |
-          [ ! -z "${{ secrets.ORG_VERACODE_API_ID }}" ] && echo "ORG_VERACODE_API_ID=true" >> $GITHUB_OUTPUT
-          [ ! -z "${{ secrets.ORG_VERACODE_API_KEY }}" ] && echo "ORG_VERACODE_API_KEY=true" >> $GITHUB_OUTPUT
-          exit 0
-
-  verify-formatting:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-        with:
-          fetch-depth: 0
-      # Set-Up
-      - name: Setup JDK 17
-        uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
-        with:
-          java-version: '17'
-          distribution: 'temurin'
-          cache: 'maven'
-
-      - name: Verify proper formatting
-        run: ./mvnw spotless:check
-
-  build:
-    runs-on: ubuntu-latest
-    needs: [secret-presence, verify-formatting]
-    permissions:
-      contents: read
-    strategy:
-      fail-fast: false
-      matrix:
-        variant: [ { dir: agent-plane, name: agentplane-azure-vault },
-                   { dir: agent-plane, name: agentplane-hashicorp } ]
-    steps:
-      # Get Code
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      # Set-Up
-      - name: Setup JDK 17
-        uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
-        with:
-          java-version: '17'
-          distribution: 'temurin'
-          cache: 'maven'
-      # Build
-      - name: Build ${{ matrix.variant.name }}
-        run: |-
-          ./mvnw -s settings.xml -pl ${{ matrix.variant.dir }}/${{ matrix.variant.name }} -am install
-        env:
-          GITHUB_ACTOR: ${{ github.actor }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - name: Tar gzip files for veracode upload
-        run: |-
-          tar -czvf ${{ matrix.variant.dir }}/${{ matrix.variant.name }}/target/${{ matrix.variant.name }}.tar.gz ${{ matrix.variant.dir }}/${{ matrix.variant.name }}/target/${{ matrix.variant.name }}.jar ${{ matrix.variant.dir }}/${{ matrix.variant.name }}/target/lib/*.jar
-      - name: Veracode Upload And Scan
-        uses: veracode/veracode-uploadandscan-action@c3c0b78bddb42d5f6b10d70562f692215a410d7b #v1.0
-        if: |
-          needs.secret-presence.outputs.ORG_VERACODE_API_ID && needs.secret-presence.outputs.ORG_VERACODE_API_KEY
-        continue-on-error: true
-        with:
-          appname: knowledge-agents-edc/${{ matrix.variant.name }}
-          createprofile: true
-          version: ${{ matrix.variant.name }}-${{ github.sha }}
-          filepath: ${{ matrix.variant.dir }}/${{ matrix.variant.name }}/target/${{ matrix.variant.name }}.tar.gz
-          vid: ${{ secrets.ORG_VERACODE_API_ID }}
-          vkey: ${{ secrets.ORG_VERACODE_API_KEY }}
diff --git a/CHANGELOG.md b/CHANGELOG.md
index dee0ffd5..bf6cc3cb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,5 @@
 <!--
- * Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
+ * Copyright (c) 2022,2024 Contributors to the Eclipse Foundation
  *
  * See the NOTICE file(s) distributed with this work for additional
  * information regarding copyright ownership.
@@ -24,6 +24,14 @@ All notable changes to this product will be documented in this file.
 
 # Released
 
+## [1.13.21] - 2024-07-15
+
+### Added
+
+### Changed
+
+- Adapted to Tractus-X EDC 0.7.3
+
 ## [1.12.19] - 2024-05-17
 
 ### Added
diff --git a/DEPENDENCIES b/DEPENDENCIES
index 4143f100..6eadcd0a 100644
--- a/DEPENDENCIES
+++ b/DEPENDENCIES
@@ -1,46 +1,49 @@
-maven/mavencentral/com.apicatalog/carbon-did/0.0.2, Apache-2.0, approved, #9239
-maven/mavencentral/com.apicatalog/iron-verifiable-credentials/0.8.1, Apache-2.0, approved, #9234
+maven/mavencentral/com.apicatalog/carbon-did/0.3.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/com.apicatalog/copper-multibase/0.5.0, Apache-2.0, approved, #14501
+maven/mavencentral/com.apicatalog/copper-multicodec/0.1.1, Apache-2.0, approved, #14500
+maven/mavencentral/com.apicatalog/iron-verifiable-credentials/0.14.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.apicatalog/titanium-json-ld/1.4.0, Apache-2.0, approved, #15200
-maven/mavencentral/com.azure/azure-core-http-netty/1.14.0, MIT AND Apache-2.0, approved, #13238
-maven/mavencentral/com.azure/azure-core-http-netty/1.14.1, MIT AND Apache-2.0, approved, #13238
-maven/mavencentral/com.azure/azure-core/1.46.0, MIT AND Apache-2.0, approved, #13234
-maven/mavencentral/com.azure/azure-core/1.47.0, MIT AND Apache-2.0, approved, #13678
-maven/mavencentral/com.azure/azure-identity/1.11.4, MIT AND Apache-2.0, approved, #13237
+maven/mavencentral/com.azure/azure-core-http-netty/1.15.0, MIT, approved, clearlydefined
+maven/mavencentral/com.azure/azure-core-http-netty/1.15.1, MIT, approved, clearlydefined
+maven/mavencentral/com.azure/azure-core/1.49.0, MIT, approved, clearlydefined
+maven/mavencentral/com.azure/azure-core/1.49.1, MIT, approved, clearlydefined
+maven/mavencentral/com.azure/azure-identity/1.13.0, MIT, approved, clearlydefined
 maven/mavencentral/com.azure/azure-json/1.1.0, MIT AND Apache-2.0, approved, #10547
-maven/mavencentral/com.azure/azure-security-keyvault-secrets/4.8.1, MIT, approved, #13690
-maven/mavencentral/com.azure/azure-storage-blob/12.25.2, MIT, approved, #13400
-maven/mavencentral/com.azure/azure-storage-common/12.24.2, MIT, approved, #13402
-maven/mavencentral/com.azure/azure-storage-internal-avro/12.10.2, MIT, approved, #13399
-maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.17.0, Apache-2.0, approved, #13672
-maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.17.0, , approved, #13665
-maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.17.0, Apache-2.0, approved, #13671
-maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-toml/2.17.0, Apache-2.0, approved, #14192
-maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/2.17.0, Apache-2.0, approved, #13666
-maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/2.17.0, Apache-2.0, approved, #13669
-maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jakarta-jsonp/2.17.0, Apache-2.0, approved, #14161
+maven/mavencentral/com.azure/azure-security-keyvault-secrets/4.8.3, MIT, approved, #13690
+maven/mavencentral/com.azure/azure-storage-blob/12.26.0, MIT, approved, clearlydefined
+maven/mavencentral/com.azure/azure-storage-common/12.25.0, MIT, approved, clearlydefined
+maven/mavencentral/com.azure/azure-storage-internal-avro/12.11.0, MIT, approved, clearlydefined
+maven/mavencentral/com.azure/azure-xml/1.0.0, MIT, approved, #14410
+maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.17.1, Apache-2.0, approved, #13672
+maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.17.1, , approved, #13665
+maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.17.1, Apache-2.0, approved, #13671
+maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-toml/2.17.1, Apache-2.0, approved, #14192
+maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/2.17.1, Apache-2.0, approved, #13666
+maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/2.17.1, Apache-2.0, approved, #13669
+maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jakarta-jsonp/2.17.1, Apache-2.0, approved, #14161
 maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jsr310/2.13.5, Apache-2.0, approved, clearlydefined
-maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jsr310/2.17.0, Apache-2.0, approved, #14160
-maven/mavencentral/com.fasterxml.jackson.jakarta.rs/jackson-jakarta-rs-base/2.17.0, Apache-2.0, approved, #14194
-maven/mavencentral/com.fasterxml.jackson.jakarta.rs/jackson-jakarta-rs-json-provider/2.17.0, Apache-2.0, approved, #14195
-maven/mavencentral/com.fasterxml.jackson.module/jackson-module-jakarta-xmlbind-annotations/2.17.0, Apache-2.0, approved, #13668
-maven/mavencentral/com.fasterxml.woodstox/woodstox-core/6.6.1, Apache-2.0, approved, #12789
+maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jsr310/2.17.1, Apache-2.0, approved, #14160
+maven/mavencentral/com.fasterxml.jackson.jakarta.rs/jackson-jakarta-rs-base/2.17.1, Apache-2.0, approved, #14194
+maven/mavencentral/com.fasterxml.jackson.jakarta.rs/jackson-jakarta-rs-json-provider/2.17.1, Apache-2.0, approved, #14195
+maven/mavencentral/com.fasterxml.jackson.module/jackson-module-jakarta-xmlbind-annotations/2.17.1, Apache-2.0, approved, #13668
+maven/mavencentral/com.fasterxml.woodstox/woodstox-core/6.6.2, Apache-2.0, approved, #12789
 maven/mavencentral/com.github.andrewoma.dexx/collection/0.7, MIT, approved, CQ22160
 maven/mavencentral/com.github.ben-manes.caffeine/caffeine/3.1.6, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.github.docker-java/docker-java-api/3.3.6, Apache-2.0, approved, #10346
-maven/mavencentral/com.github.docker-java/docker-java-transport-zerodep/3.3.6, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #7946
+maven/mavencentral/com.github.docker-java/docker-java-transport-zerodep/3.3.6, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #15251
 maven/mavencentral/com.github.docker-java/docker-java-transport/3.3.6, Apache-2.0, approved, #7942
 maven/mavencentral/com.github.jsonld-java/jsonld-java/0.13.4, BSD-3-Clause, approved, CQ22136
 maven/mavencentral/com.github.stephenc.jcip/jcip-annotations/1.0-1, Apache-2.0, approved, CQ21949
 maven/mavencentral/com.google.code.findbugs/jsr305/3.0.2, CC-BY-2.5, approved, #15220
 maven/mavencentral/com.google.code.gson/gson/2.10.1, Apache-2.0, approved, #6159
-maven/mavencentral/com.google.crypto.tink/tink/1.12.0, Apache-2.0, approved, #12041
+maven/mavencentral/com.google.crypto.tink/tink/1.13.0, Apache-2.0, approved, #14502
 maven/mavencentral/com.google.errorprone/error_prone_annotations/2.22.0, Apache-2.0, approved, #10661
-maven/mavencentral/com.google.protobuf/protobuf-java/3.24.3, BSD-3-Clause, approved, clearlydefined
-maven/mavencentral/com.microsoft.azure/msal4j-persistence-extension/1.2.0, MIT, approved, clearlydefined
-maven/mavencentral/com.microsoft.azure/msal4j/1.14.3, MIT, approved, #14159
+maven/mavencentral/com.google.protobuf/protobuf-java/3.25.1, BSD-3-Clause, approved, clearlydefined
+maven/mavencentral/com.microsoft.azure/msal4j-persistence-extension/1.3.0, MIT, approved, #14411
+maven/mavencentral/com.microsoft.azure/msal4j/1.15.1, MIT, approved, clearlydefined
 maven/mavencentral/com.nimbusds/content-type/2.3, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.nimbusds/lang-tag/1.7, Apache-2.0, approved, clearlydefined
-maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.37.3, Apache-2.0, approved, #11701
+maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.40, Apache-2.0, approved, #15156
 maven/mavencentral/com.nimbusds/oauth2-oidc-sdk/11.9.1, Apache-2.0, approved, #12667
 maven/mavencentral/com.squareup.okhttp3/okhttp-dnsoverhttps/4.12.0, Apache-2.0, approved, #11159
 maven/mavencentral/com.squareup.okhttp3/okhttp/4.12.0, Apache-2.0, approved, #15227
@@ -52,10 +55,10 @@ maven/mavencentral/commons-codec/commons-codec/1.15, Apache-2.0 AND BSD-3-Clause
 maven/mavencentral/commons-io/commons-io/2.15.1, Apache-2.0, approved, #11244
 maven/mavencentral/dev.failsafe/failsafe-okhttp/3.3.2, Apache-2.0, approved, #15208
 maven/mavencentral/dev.failsafe/failsafe/3.3.2, Apache-2.0, approved, #9268
-maven/mavencentral/io.github.classgraph/classgraph/4.8.154, MIT, approved, CQ22530
-maven/mavencentral/io.micrometer/micrometer-commons/1.12.5, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #11679
-maven/mavencentral/io.micrometer/micrometer-core/1.12.5, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #11678
-maven/mavencentral/io.micrometer/micrometer-observation/1.12.5, Apache-2.0, approved, #11680
+maven/mavencentral/io.github.classgraph/classgraph/4.8.165, MIT, approved, CQ22530
+maven/mavencentral/io.micrometer/micrometer-commons/1.13.1, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #14826
+maven/mavencentral/io.micrometer/micrometer-core/1.13.1, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #14827
+maven/mavencentral/io.micrometer/micrometer-observation/1.13.1, Apache-2.0, approved, #14829
 maven/mavencentral/io.micrometer/micrometer-registry-prometheus/1.11.1, Apache-2.0, approved, #9805
 maven/mavencentral/io.netty/netty-buffer/4.1.108.Final, Apache-2.0, approved, CQ21842
 maven/mavencentral/io.netty/netty-codec-dns/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
@@ -70,11 +73,10 @@ maven/mavencentral/io.netty/netty-resolver-dns-classes-macos/4.1.108.Final, Apac
 maven/mavencentral/io.netty/netty-resolver-dns-native-macos/4.1.108.Final, Apache-2.0, approved, #7004
 maven/mavencentral/io.netty/netty-resolver-dns/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
 maven/mavencentral/io.netty/netty-resolver/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
-maven/mavencentral/io.netty/netty-tcnative-boringssl-static/2.0.62.Final, Apache-2.0 OR LicenseRef-Public-Domain OR BSD-2-Clause OR MIT, approved, CQ15280
-maven/mavencentral/io.netty/netty-tcnative-classes/2.0.62.Final, Apache-2.0, approved, clearlydefined
+maven/mavencentral/io.netty/netty-tcnative-boringssl-static/2.0.65.Final, Apache-2.0 OR LicenseRef-Public-Domain OR BSD-2-Clause OR MIT, approved, CQ15280
+maven/mavencentral/io.netty/netty-tcnative-classes/2.0.65.Final, Apache-2.0, approved, clearlydefined
 maven/mavencentral/io.netty/netty-transport-classes-epoll/4.1.108.Final, Apache-2.0, approved, #6366
 maven/mavencentral/io.netty/netty-transport-classes-kqueue/4.1.108.Final, Apache-2.0, approved, #4107
-maven/mavencentral/io.netty/netty-transport-native-epoll/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
 maven/mavencentral/io.netty/netty-transport-native-epoll/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
 maven/mavencentral/io.netty/netty-transport-native-kqueue/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
 maven/mavencentral/io.netty/netty-transport-native-unix-common/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
@@ -82,11 +84,11 @@ maven/mavencentral/io.netty/netty-transport/4.1.108.Final, Apache-2.0 AND BSD-3-
 maven/mavencentral/io.opentelemetry.instrumentation/opentelemetry-instrumentation-annotations/1.32.0, Apache-2.0, approved, #11684
 maven/mavencentral/io.opentelemetry/opentelemetry-api/1.32.0, Apache-2.0, approved, #11682
 maven/mavencentral/io.opentelemetry/opentelemetry-context/1.32.0, Apache-2.0, approved, #11683
-maven/mavencentral/io.projectreactor.netty/reactor-netty-core/1.0.40, Apache-2.0, approved, #9687
+maven/mavencentral/io.projectreactor.netty/reactor-netty-core/1.0.43, Apache-2.0, approved, #9687
 maven/mavencentral/io.projectreactor.netty/reactor-netty-core/1.0.44, Apache-2.0, approved, #9687
-maven/mavencentral/io.projectreactor.netty/reactor-netty-http/1.0.40, Apache-2.0, approved, #11661
+maven/mavencentral/io.projectreactor.netty/reactor-netty-http/1.0.43, Apache-2.0, approved, #11661
 maven/mavencentral/io.projectreactor.netty/reactor-netty-http/1.0.44, Apache-2.0, approved, #11661
-maven/mavencentral/io.projectreactor/reactor-core/3.4.34, Apache-2.0, approved, #7517
+maven/mavencentral/io.projectreactor/reactor-core/3.4.36, Apache-2.0, approved, #7517
 maven/mavencentral/io.projectreactor/reactor-core/3.4.37, Apache-2.0, approved, #7517
 maven/mavencentral/io.prometheus/simpleclient/0.16.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/io.prometheus/simpleclient_common/0.16.0, Apache-2.0, approved, clearlydefined
@@ -94,24 +96,24 @@ maven/mavencentral/io.prometheus/simpleclient_tracer_common/0.16.0, Apache-2.0,
 maven/mavencentral/io.prometheus/simpleclient_tracer_otel/0.16.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/io.prometheus/simpleclient_tracer_otel_agent/0.16.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/io.setl/rdf-urdna/1.1, Apache-2.0, approved, clearlydefined
-maven/mavencentral/io.swagger.core.v3/swagger-annotations-jakarta/2.2.15, Apache-2.0, approved, #5947
-maven/mavencentral/io.swagger.core.v3/swagger-core-jakarta/2.2.15, Apache-2.0, approved, #5929
-maven/mavencentral/io.swagger.core.v3/swagger-integration-jakarta/2.2.15, Apache-2.0, approved, #11475
-maven/mavencentral/io.swagger.core.v3/swagger-jaxrs2-jakarta/2.2.15, Apache-2.0, approved, #11477
-maven/mavencentral/io.swagger.core.v3/swagger-models-jakarta/2.2.15, Apache-2.0, approved, #5919
+maven/mavencentral/io.swagger.core.v3/swagger-annotations-jakarta/2.2.22, Apache-2.0, approved, #5947
+maven/mavencentral/io.swagger.core.v3/swagger-core-jakarta/2.2.21, Apache-2.0, approved, #5929
+maven/mavencentral/io.swagger.core.v3/swagger-integration-jakarta/2.2.21, Apache-2.0, approved, #11475
+maven/mavencentral/io.swagger.core.v3/swagger-jaxrs2-jakarta/2.2.21, Apache-2.0, approved, #11477
+maven/mavencentral/io.swagger.core.v3/swagger-models-jakarta/2.2.21, Apache-2.0, approved, #5919
 maven/mavencentral/jakarta.activation/jakarta.activation-api/2.1.0, EPL-2.0 OR BSD-3-Clause OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jaf
 maven/mavencentral/jakarta.annotation/jakarta.annotation-api/2.1.1, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.ca
 maven/mavencentral/jakarta.inject/jakarta.inject-api/2.0.1, Apache-2.0, approved, ee4j.cdi
 maven/mavencentral/jakarta.json/jakarta.json-api/2.1.3, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jsonp
 maven/mavencentral/jakarta.transaction/jakarta.transaction-api/2.0.0, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jta
 maven/mavencentral/jakarta.validation/jakarta.validation-api/3.0.2, Apache-2.0, approved, ee4j.validation
-maven/mavencentral/jakarta.ws.rs/jakarta.ws.rs-api/3.1.0, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.rest
+maven/mavencentral/jakarta.ws.rs/jakarta.ws.rs-api/4.0.0, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.rest
 maven/mavencentral/jakarta.xml.bind/jakarta.xml.bind-api/3.0.1, BSD-3-Clause, approved, ee4j.jaxb
 maven/mavencentral/javax.servlet/javax.servlet-api/4.0.1, (CDDL-1.1 OR GPL-2.0-only WITH Classpath-exception-2.0) AND Apache-2.0, approved, CQ16125
 maven/mavencentral/junit/junit/4.13.2, EPL-2.0, approved, CQ23636
 maven/mavencentral/net.bytebuddy/byte-buddy-agent/1.14.1, Apache-2.0, approved, #7164
 maven/mavencentral/net.bytebuddy/byte-buddy/1.14.1, Apache-2.0 AND BSD-3-Clause, approved, #7163
-maven/mavencentral/net.bytebuddy/byte-buddy/1.14.9, Apache-2.0 AND BSD-3-Clause, approved, #7163
+maven/mavencentral/net.bytebuddy/byte-buddy/1.14.16, Apache-2.0 AND BSD-3-Clause, approved, #7163
 maven/mavencentral/net.java.dev.jna/jna-platform/5.13.0, Apache-2.0 OR LGPL-2.1-or-later, approved, #6707
 maven/mavencentral/net.java.dev.jna/jna-platform/5.6.0, Apache-2.0 OR LGPL-2.1-or-later, approved, CQ22390
 maven/mavencentral/net.java.dev.jna/jna/5.13.0, Apache-2.0 AND LGPL-2.1-or-later, approved, #15196
@@ -123,7 +125,7 @@ maven/mavencentral/org.apache.commons/commons-csv/1.10.0, Apache-2.0, approved,
 maven/mavencentral/org.apache.commons/commons-lang3/3.14.0, Apache-2.0, approved, #11677
 maven/mavencentral/org.apache.commons/commons-pool2/2.12.0, Apache-2.0 AND LicenseRef-Public-Domain, approved, #10843
 maven/mavencentral/org.apache.httpcomponents/httpclient-cache/4.5.14, Apache-2.0, approved, CQ11714
-maven/mavencentral/org.apache.httpcomponents/httpclient/4.5.14, Apache-2.0 AND LicenseRef-Public-Domain, approved, CQ23527
+maven/mavencentral/org.apache.httpcomponents/httpclient/4.5.14, Apache-2.0, approved, #15248
 maven/mavencentral/org.apache.httpcomponents/httpcore/4.4.16, Apache-2.0, approved, CQ23528
 maven/mavencentral/org.apache.jena/jena-arq/4.9.0, Apache-2.0 AND (Apache-2.0 AND EPL-2.0) AND (Apache-2.0 AND EPL-1.0), approved, #14711
 maven/mavencentral/org.apache.jena/jena-base/4.9.0, Apache-2.0, approved, #14713
@@ -143,164 +145,165 @@ maven/mavencentral/org.apache.jena/jena-tdb/4.9.0, Apache-2.0, approved, #14708
 maven/mavencentral/org.apache.jena/jena-tdb2/4.9.0, Apache-2.0, approved, #14701
 maven/mavencentral/org.apache.thrift/libthrift/0.18.1, Apache-2.0, approved, #8911
 maven/mavencentral/org.apiguardian/apiguardian-api/1.1.2, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.assertj/assertj-core/3.25.3, Apache-2.0, approved, #12585
-maven/mavencentral/org.bouncycastle/bcpkix-jdk18on/1.78, MIT, approved, #14434
-maven/mavencentral/org.bouncycastle/bcprov-jdk18on/1.78, MIT AND CC0-1.0, approved, #14433
-maven/mavencentral/org.bouncycastle/bcutil-jdk18on/1.78, MIT, approved, #14435
+maven/mavencentral/org.assertj/assertj-core/3.26.0, Apache-2.0, approved, #14886
+maven/mavencentral/org.bouncycastle/bcpkix-jdk18on/1.78.1, MIT, approved, #14434
+maven/mavencentral/org.bouncycastle/bcprov-jdk18on/1.78.1, MIT AND CC0-1.0, approved, #14433
+maven/mavencentral/org.bouncycastle/bcutil-jdk18on/1.78.1, MIT, approved, #14435
 maven/mavencentral/org.checkerframework/checker-qual/3.33.0, MIT, approved, clearlydefined
 maven/mavencentral/org.checkerframework/checker-qual/3.42.0, MIT, approved, clearlydefined
 maven/mavencentral/org.codehaus.woodstox/stax2-api/4.2.2, BSD-2-Clause, approved, #2670
-maven/mavencentral/org.eclipse.edc/accesstokendata-store-sql/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/api-core/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/api-observability/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/asset-index-sql/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/asset-spi/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/auth-spi/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/auth-tokenbased/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/aws-s3-core/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/azure-blob-core/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/boot-lib/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/boot-spi/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/boot/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/catalog-spi/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/configuration-filesystem/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/connector-core/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/contract-spi/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/control-api-configuration/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/control-plane-api-client-spi/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/control-plane-api-client/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/control-plane-spi/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/core-spi/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/crypto-common-lib/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/data-address-http-data-spi/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/data-plane-aws-s3/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/data-plane-azure-storage/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/data-plane-control-api/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/data-plane-core/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/data-plane-http-oauth2-core/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/data-plane-http-oauth2/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/data-plane-http-spi/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/data-plane-http/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/data-plane-public-api-v2/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/data-plane-signaling-api-configuration/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/data-plane-signaling-api/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/data-plane-signaling-transform/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/data-plane-spi/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/data-plane-store-sql/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/data-plane-util/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/edr-index-sql/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/edr-store-core/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/edr-store-spi/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/http-lib/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/http-spi/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/http/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/identity-did-core/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/identity-did-spi/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/identity-did-web/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/identity-trust-spi/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/jersey-core/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/jersey-micrometer/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/jersey-providers-lib/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/jetty-core/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/jetty-micrometer/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/json-ld-lib/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/json-ld-spi/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/json-ld/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/json-lib/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/junit-base/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/junit/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/jwt-spi/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/keys-lib/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/keys-spi/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/micrometer-core/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/oauth2-client/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/oauth2-spi/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/policy-engine-lib/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/policy-engine-spi/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/policy-evaluator-lib/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/policy-model/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/policy-spi/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/query-lib/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/runtime-metamodel/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/sql-core/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/sql-lease/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/sql-pool-apache-commons/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/state-machine-lib/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/store-lib/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/token-core/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/token-spi/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/transaction-datasource-spi/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/transaction-local/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/transaction-spi/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/transfer-spi/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/transform-lib/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/transform-spi/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/util-lib/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/validator-lib/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/validator-spi/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/vault-azure/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/vault-hashicorp/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/verifiable-credentials-spi/0.6.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/web-spi/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc.aws/aws-s3-core/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc.aws/aws-spi/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc.aws/data-plane-aws-s3/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc.azure/azure-blob-core/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc.azure/data-plane-azure-storage/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc.azure/vault-azure/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/accesstokendata-store-sql/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/api-core/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/api-observability/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/asset-spi/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/auth-spi/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/boot-lib/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/boot-spi/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/boot/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/catalog-spi/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/configuration-filesystem/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/connector-core/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/contract-spi/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/control-api-configuration/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/control-plane-api-client-spi/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/control-plane-api-client/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/core-spi/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/crypto-common-lib/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/data-address-http-data-spi/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/data-plane-control-api/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/data-plane-core/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/data-plane-http-oauth2-core/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/data-plane-http-oauth2/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/data-plane-http-spi/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/data-plane-http/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/data-plane-public-api-v2/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/data-plane-selector-client/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/data-plane-selector-spi/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/data-plane-self-registration/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/data-plane-signaling-api/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/data-plane-signaling-transform/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/data-plane-spi/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/data-plane-store-sql/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/data-plane-util/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/edr-index-sql/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/edr-store-core/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/edr-store-spi/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/http-lib/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/http-spi/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/http/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/identity-did-core/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/identity-did-spi/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/identity-did-web/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/identity-trust-spi/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/jersey-core/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/jersey-micrometer/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/jersey-providers-lib/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/jetty-core/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/jetty-micrometer/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/json-ld-lib/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/json-ld-spi/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/json-ld/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/json-lib/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/junit-base/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/junit/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/jwt-spi/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/keys-lib/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/keys-spi/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/micrometer-core/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/oauth2-client/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/oauth2-spi/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/policy-engine-lib/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/policy-engine-spi/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/policy-evaluator-lib/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/policy-model/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/policy-spi/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/query-lib/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/runtime-metamodel/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/sql-core/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/sql-lease/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/sql-pool-apache-commons/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/state-machine-lib/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/store-lib/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/token-core/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/token-spi/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/transaction-datasource-spi/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/transaction-local/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/transaction-spi/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/transfer-spi/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/transform-lib/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/transform-spi/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/util-lib/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/validator-lib/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/validator-spi/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/vault-hashicorp/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/verifiable-credentials-spi/0.7.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/web-spi/0.7.1, Apache-2.0, approved, technology.edc
 maven/mavencentral/org.eclipse.jetty.toolchain/jetty-jakarta-servlet-api/5.0.2, EPL-2.0 OR Apache-2.0, approved, rt.jetty
 maven/mavencentral/org.eclipse.jetty.toolchain/jetty-jakarta-websocket-api/2.0.0, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty.websocket/websocket-core-client/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty.websocket/websocket-core-common/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty.websocket/websocket-core-server/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty.websocket/websocket-jakarta-client/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty.websocket/websocket-jakarta-common/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty.websocket/websocket-jakarta-server/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty.websocket/websocket-servlet/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-alpn-client/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-annotations/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-client/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-http/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-io/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-jndi/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-plus/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-security/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-server/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-servlet/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-util/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-webapp/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-xml/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.tractusx.agents.edc.agent-plane/agent-plane-protocol/1.13.20-SNAPSHOT, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.eclipse.tractusx.edc/auth-jwt/1.13.20-SNAPSHOT, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.eclipse.tractusx.edc/core-spi/0.7.0, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.eclipse.tractusx.edc/core-utils/0.7.0, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.eclipse.tractusx.edc/data-plane-migration/0.7.0, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-azure-vault/0.7.0, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-base/0.7.0, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-hashicorp-vault/0.7.0, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-proxy-consumer-api/0.7.0, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.eclipse.tractusx.edc/edr-core/0.7.0, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.eclipse.tractusx.edc/edr-spi/0.7.0, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.eclipse.tractusx.edc/postgresql-migration-lib/0.7.0, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.eclipse.tractusx.edc/token-refresh-api/0.7.0, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.eclipse.tractusx.edc/token-refresh-core/0.7.0, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.eclipse.tractusx.edc/tokenrefresh-handler/0.7.0, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.eclipse.tractusx.edc/tokenrefresh-spi/0.7.0, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.eclipse.tractusx.edc/tx-iatp-sts-dim/0.7.0, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.flywaydb/flyway-core/10.11.0, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.flywaydb/flyway-database-postgresql/10.11.0, Apache-2.0, approved, #14239
-maven/mavencentral/org.glassfish.hk2.external/aopalliance-repackaged/3.0.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish
-maven/mavencentral/org.glassfish.hk2/hk2-api/3.0.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish
-maven/mavencentral/org.glassfish.hk2/hk2-locator/3.0.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish
-maven/mavencentral/org.glassfish.hk2/hk2-utils/3.0.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish
+maven/mavencentral/org.eclipse.jetty.websocket/websocket-core-client/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty.websocket/websocket-core-common/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty.websocket/websocket-core-server/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty.websocket/websocket-jakarta-client/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty.websocket/websocket-jakarta-common/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty.websocket/websocket-jakarta-server/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty.websocket/websocket-servlet/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty/jetty-alpn-client/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty/jetty-annotations/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty/jetty-client/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty/jetty-http/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty/jetty-io/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty/jetty-jndi/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty/jetty-plus/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty/jetty-security/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty/jetty-server/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty/jetty-servlet/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty/jetty-util/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty/jetty-webapp/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty/jetty-xml/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.parsson/parsson/1.1.6, EPL-2.0, approved, ee4j.parsson
+maven/mavencentral/org.eclipse.tractusx.agents.edc.agent-plane/agent-plane-protocol/1.13.21-SNAPSHOT, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.edc/auth-jwt/1.13.21-SNAPSHOT, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.edc/core-spi/0.7.3, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.edc/core-utils/0.7.3, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.edc/data-plane-migration/0.7.3, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-azure-vault/0.7.3, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-base/0.7.3, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-hashicorp-vault/0.7.3, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-proxy-consumer-api/0.7.3, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.edc/edr-core/0.7.3, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.edc/edr-spi/0.7.3, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.edc/postgresql-migration-lib/0.7.3, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.edc/token-refresh-api/0.7.3, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.edc/token-refresh-core/0.7.3, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.edc/tokenrefresh-handler/0.7.3, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.edc/tokenrefresh-spi/0.7.3, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.edc/tx-iatp-sts-dim/0.7.3, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.flywaydb/flyway-core/10.15.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.flywaydb/flyway-database-postgresql/10.15.0, Apache-2.0, approved, #15694
+maven/mavencentral/org.glassfish.hk2.external/aopalliance-repackaged/3.0.6, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish
+maven/mavencentral/org.glassfish.hk2/hk2-api/3.0.6, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish
+maven/mavencentral/org.glassfish.hk2/hk2-locator/3.0.6, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish
+maven/mavencentral/org.glassfish.hk2/hk2-utils/3.0.6, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish
 maven/mavencentral/org.glassfish.hk2/osgi-resource-locator/1.0.3, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish
-maven/mavencentral/org.glassfish.jersey.containers/jersey-container-servlet-core/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
-maven/mavencentral/org.glassfish.jersey.containers/jersey-container-servlet/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
-maven/mavencentral/org.glassfish.jersey.core/jersey-client/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
-maven/mavencentral/org.glassfish.jersey.core/jersey-common/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
-maven/mavencentral/org.glassfish.jersey.core/jersey-server/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
-maven/mavencentral/org.glassfish.jersey.ext/jersey-entity-filtering/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
-maven/mavencentral/org.glassfish.jersey.inject/jersey-hk2/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
-maven/mavencentral/org.glassfish.jersey.media/jersey-media-json-jackson/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
-maven/mavencentral/org.glassfish.jersey.media/jersey-media-multipart/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
+maven/mavencentral/org.glassfish.jersey.containers/jersey-container-servlet-core/3.1.7, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
+maven/mavencentral/org.glassfish.jersey.containers/jersey-container-servlet/3.1.7, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
+maven/mavencentral/org.glassfish.jersey.core/jersey-client/3.1.7, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
+maven/mavencentral/org.glassfish.jersey.core/jersey-common/3.1.7, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
+maven/mavencentral/org.glassfish.jersey.core/jersey-server/3.1.7, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
+maven/mavencentral/org.glassfish.jersey.ext/jersey-entity-filtering/3.1.7, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
+maven/mavencentral/org.glassfish.jersey.inject/jersey-hk2/3.1.7, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
+maven/mavencentral/org.glassfish.jersey.media/jersey-media-json-jackson/3.1.7, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
+maven/mavencentral/org.glassfish.jersey.media/jersey-media-multipart/3.1.7, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
 maven/mavencentral/org.glassfish/jakarta.json/2.0.1, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jsonp
 maven/mavencentral/org.hamcrest/hamcrest-core/1.3, BSD-2-Clause, approved, CQ11429
-maven/mavencentral/org.hdrhistogram/HdrHistogram/2.1.12, BSD-2-Clause OR LicenseRef-Public-Domain, approved, CQ13192
-maven/mavencentral/org.javassist/javassist/3.29.2-GA, Apache-2.0 AND LGPL-2.1-or-later AND MPL-1.1, approved, #6023
+maven/mavencentral/org.hdrhistogram/HdrHistogram/2.2.2, BSD-2-Clause AND CC0-1.0 AND CC0-1.0, approved, #14828
+maven/mavencentral/org.javassist/javassist/3.30.2-GA, Apache-2.0 AND LGPL-2.1-or-later AND MPL-1.1, approved, #12108
 maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-common/1.9.10, Apache-2.0, approved, #14186
 maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk7/1.8.21, Apache-2.0, approved, #8807
 maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk7/1.9.10, Apache-2.0, approved, #14193
@@ -313,53 +316,53 @@ maven/mavencentral/org.jetbrains/annotations/24.1.0, Apache-2.0, approved, clear
 maven/mavencentral/org.junit-pioneer/junit-pioneer/2.2.0, EPL-2.0, approved, #11857
 maven/mavencentral/org.junit.jupiter/junit-jupiter-api/5.10.2, EPL-2.0, approved, #9714
 maven/mavencentral/org.junit.jupiter/junit-jupiter-engine/5.10.2, EPL-2.0, approved, #9711
-maven/mavencentral/org.junit.jupiter/junit-jupiter-params/5.10.2, EPL-2.0, approved, #9708
+maven/mavencentral/org.junit.jupiter/junit-jupiter-params/5.10.2, EPL-2.0, approved, #15250
 maven/mavencentral/org.junit.platform/junit-platform-commons/1.10.2, EPL-2.0, approved, #9715
 maven/mavencentral/org.junit.platform/junit-platform-engine/1.10.2, EPL-2.0, approved, #9709
 maven/mavencentral/org.junit.platform/junit-platform-launcher/1.10.2, EPL-2.0, approved, #15216
 maven/mavencentral/org.jvnet.mimepull/mimepull/1.9.15, CDDL-1.1 OR GPL-2.0-only WITH Classpath-exception-2.0, approved, CQ21484
-maven/mavencentral/org.latencyutils/LatencyUtils/2.0.3, BSD-2-Clause, approved, CQ17408
+maven/mavencentral/org.latencyutils/LatencyUtils/2.0.3, CC0-1.0, approved, #15280
 maven/mavencentral/org.mockito/mockito-core/5.2.0, MIT AND (Apache-2.0 AND MIT) AND Apache-2.0, approved, #7401
 maven/mavencentral/org.objenesis/objenesis/3.3, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.opentest4j/opentest4j/1.3.0, Apache-2.0, approved, #9713
-maven/mavencentral/org.ow2.asm/asm-commons/9.6, BSD-3-Clause, approved, #10775
-maven/mavencentral/org.ow2.asm/asm-tree/9.6, BSD-3-Clause, approved, #10773
-maven/mavencentral/org.ow2.asm/asm/9.6, BSD-3-Clause, approved, #10776
+maven/mavencentral/org.ow2.asm/asm-commons/9.7, BSD-3-Clause, approved, #14075
+maven/mavencentral/org.ow2.asm/asm-tree/9.7, BSD-3-Clause, approved, #14073
+maven/mavencentral/org.ow2.asm/asm/9.7, BSD-3-Clause, approved, #14076
 maven/mavencentral/org.postgresql/postgresql/42.7.3, BSD-2-Clause AND Apache-2.0, approved, #11681
 maven/mavencentral/org.reactivestreams/reactive-streams/1.0.4, CC0-1.0, approved, CQ16332
 maven/mavencentral/org.rnorth.duct-tape/duct-tape/1.0.8, MIT, approved, clearlydefined
 maven/mavencentral/org.roaringbitmap/RoaringBitmap/0.9.45, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.roaringbitmap/shims/0.9.45, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.slf4j/slf4j-api/2.0.12, MIT, approved, #5915
-maven/mavencentral/org.testcontainers/junit-jupiter/1.19.7, MIT, approved, #10344
-maven/mavencentral/org.testcontainers/testcontainers/1.19.7, Apache-2.0 AND MIT, approved, #10347
+maven/mavencentral/org.slf4j/slf4j-api/2.0.13, MIT, approved, #5915
+maven/mavencentral/org.testcontainers/junit-jupiter/1.19.8, MIT, approved, #10344
+maven/mavencentral/org.testcontainers/testcontainers/1.19.8, MIT, approved, #15203
 maven/mavencentral/org.yaml/snakeyaml/2.2, Apache-2.0 AND (Apache-2.0 OR BSD-3-Clause OR EPL-1.0 OR GPL-2.0-or-later OR LGPL-2.1-or-later), approved, #10232
-maven/mavencentral/software.amazon.awssdk/annotations/2.24.10, Apache-2.0, approved, #13251
-maven/mavencentral/software.amazon.awssdk/apache-client/2.24.10, Apache-2.0, approved, #13257
-maven/mavencentral/software.amazon.awssdk/arns/2.24.10, Apache-2.0, approved, #13243
-maven/mavencentral/software.amazon.awssdk/auth/2.24.10, Apache-2.0, approved, #13256
-maven/mavencentral/software.amazon.awssdk/aws-core/2.24.10, Apache-2.0, approved, #13240
-maven/mavencentral/software.amazon.awssdk/aws-query-protocol/2.24.10, Apache-2.0, approved, #13262
-maven/mavencentral/software.amazon.awssdk/aws-xml-protocol/2.24.10, Apache-2.0, approved, #13247
-maven/mavencentral/software.amazon.awssdk/checksums-spi/2.24.10, Apache-2.0, approved, #13245
-maven/mavencentral/software.amazon.awssdk/checksums/2.24.10, Apache-2.0, approved, #13242
-maven/mavencentral/software.amazon.awssdk/crt-core/2.24.10, Apache-2.0, approved, #13252
-maven/mavencentral/software.amazon.awssdk/endpoints-spi/2.24.10, Apache-2.0, approved, #13246
-maven/mavencentral/software.amazon.awssdk/http-auth-aws/2.24.10, Apache-2.0, approved, #13253
-maven/mavencentral/software.amazon.awssdk/http-auth-spi/2.24.10, Apache-2.0, approved, #13264
-maven/mavencentral/software.amazon.awssdk/http-auth/2.24.10, Apache-2.0, approved, #13248
-maven/mavencentral/software.amazon.awssdk/http-client-spi/2.24.10, Apache-2.0, approved, #13259
-maven/mavencentral/software.amazon.awssdk/iam/2.24.10, Apache-2.0, approved, #13444
-maven/mavencentral/software.amazon.awssdk/identity-spi/2.24.10, Apache-2.0, approved, #13244
-maven/mavencentral/software.amazon.awssdk/json-utils/2.24.10, Apache-2.0, approved, #13261
-maven/mavencentral/software.amazon.awssdk/metrics-spi/2.24.10, Apache-2.0, approved, #13239
-maven/mavencentral/software.amazon.awssdk/netty-nio-client/2.24.10, Apache-2.0, approved, #13260
-maven/mavencentral/software.amazon.awssdk/profiles/2.24.10, Apache-2.0, approved, #13258
-maven/mavencentral/software.amazon.awssdk/protocol-core/2.24.10, Apache-2.0, approved, #13241
-maven/mavencentral/software.amazon.awssdk/regions/2.24.10, Apache-2.0, approved, #13255
-maven/mavencentral/software.amazon.awssdk/s3/2.24.10, Apache-2.0, approved, #13254
-maven/mavencentral/software.amazon.awssdk/sdk-core/2.24.10, Apache-2.0, approved, #13265
-maven/mavencentral/software.amazon.awssdk/sts/2.24.10, Apache-2.0, approved, #13442
-maven/mavencentral/software.amazon.awssdk/third-party-jackson-core/2.24.10, Apache-2.0, approved, #13249
-maven/mavencentral/software.amazon.awssdk/utils/2.24.10, Apache-2.0, approved, #13250
+maven/mavencentral/software.amazon.awssdk/annotations/2.26.7, Apache-2.0, approved, clearlydefined
+maven/mavencentral/software.amazon.awssdk/apache-client/2.25.66, Apache-2.0, approved, #13687
+maven/mavencentral/software.amazon.awssdk/arns/2.25.66, Apache-2.0, approved, #13695
+maven/mavencentral/software.amazon.awssdk/auth/2.25.66, Apache-2.0, approved, #13692
+maven/mavencentral/software.amazon.awssdk/aws-core/2.25.66, Apache-2.0, approved, #13702
+maven/mavencentral/software.amazon.awssdk/aws-query-protocol/2.25.66, Apache-2.0, approved, #13701
+maven/mavencentral/software.amazon.awssdk/aws-xml-protocol/2.25.66, Apache-2.0, approved, #13684
+maven/mavencentral/software.amazon.awssdk/checksums-spi/2.25.66, Apache-2.0, approved, #13686
+maven/mavencentral/software.amazon.awssdk/checksums/2.25.66, Apache-2.0, approved, #13677
+maven/mavencentral/software.amazon.awssdk/crt-core/2.25.66, Apache-2.0, approved, #13705
+maven/mavencentral/software.amazon.awssdk/endpoints-spi/2.25.66, Apache-2.0, approved, #13681
+maven/mavencentral/software.amazon.awssdk/http-auth-aws/2.25.66, Apache-2.0, approved, #13696
+maven/mavencentral/software.amazon.awssdk/http-auth-spi/2.25.66, Apache-2.0, approved, #13704
+maven/mavencentral/software.amazon.awssdk/http-auth/2.25.66, Apache-2.0, approved, #13682
+maven/mavencentral/software.amazon.awssdk/http-client-spi/2.26.7, Apache-2.0, approved, clearlydefined
+maven/mavencentral/software.amazon.awssdk/iam/2.25.66, Apache-2.0, approved, clearlydefined
+maven/mavencentral/software.amazon.awssdk/identity-spi/2.25.66, Apache-2.0, approved, #13685
+maven/mavencentral/software.amazon.awssdk/json-utils/2.25.66, Apache-2.0, approved, #13698
+maven/mavencentral/software.amazon.awssdk/metrics-spi/2.26.7, Apache-2.0, approved, clearlydefined
+maven/mavencentral/software.amazon.awssdk/netty-nio-client/2.26.7, Apache-2.0, approved, clearlydefined
+maven/mavencentral/software.amazon.awssdk/profiles/2.25.66, Apache-2.0, approved, #13697
+maven/mavencentral/software.amazon.awssdk/protocol-core/2.25.66, Apache-2.0, approved, #13679
+maven/mavencentral/software.amazon.awssdk/regions/2.25.66, Apache-2.0, approved, #13694
+maven/mavencentral/software.amazon.awssdk/s3/2.25.66, Apache-2.0, approved, #13688
+maven/mavencentral/software.amazon.awssdk/sdk-core/2.25.66, Apache-2.0, approved, #13700
+maven/mavencentral/software.amazon.awssdk/sts/2.25.66, Apache-2.0, approved, clearlydefined
+maven/mavencentral/software.amazon.awssdk/third-party-jackson-core/2.25.66, Apache-2.0, approved, #13703
+maven/mavencentral/software.amazon.awssdk/utils/2.26.7, Apache-2.0, approved, clearlydefined
 maven/mavencentral/software.amazon.eventstream/eventstream/1.0.1, Apache-2.0, approved, clearlydefined
diff --git a/README.md b/README.md
index b5cfbb3c..0bcaa934 100644
--- a/README.md
+++ b/README.md
@@ -120,8 +120,8 @@ kubectl wait --namespace ingress-nginx \
   --selector=app.kubernetes.io/component=controller \
   --timeout=90s
 # transfer images
-kind load docker-image docker.io/tractusx/agentplane-hashicorp:1.13.20-SNAPSHOT --name ka
-kind load docker-image docker.io/tractusx/agentplane-azure-vault:1.13.20-SNAPSHOT --name ka
+kind load docker-image docker.io/tractusx/agentplane-hashicorp:1.13.21-SNAPSHOT --name ka
+kind load docker-image docker.io/tractusx/agentplane-azure-vault:1.13.21-SNAPSHOT --name ka
 # run chart testing
 ct install --charts charts/agent-plane
 ct install --charts charts/agent-plane-azure-vault   
diff --git a/agent-plane/README.md b/agent-plane/README.md
index 04eabdc0..a1e33981 100644
--- a/agent-plane/README.md
+++ b/agent-plane/README.md
@@ -66,10 +66,10 @@ mvn package -Pwith-docker-image
 Alternatively, after a successful build, you can invoke docker yourself 
 
 ```console
-docker build -t tractusx/agentplane-azure-vault:1.13.20-SNAPSHOT -f agentplane-azure-vault/src/main/docker/Dockerfile .
+docker build -t tractusx/agentplane-azure-vault:1.13.21-SNAPSHOT -f agentplane-azure-vault/src/main/docker/Dockerfile .
 ```
 
 ```console
-docker build -t tractusx/agentplane-hashicorp:1.13.20-SNAPSHOT -f agentplane-hashicorp/src/main/docker/Dockerfile .
+docker build -t tractusx/agentplane-hashicorp:1.13.21-SNAPSHOT -f agentplane-hashicorp/src/main/docker/Dockerfile .
 ```
 
diff --git a/agent-plane/agent-plane-protocol/README.md b/agent-plane/agent-plane-protocol/README.md
index 767b243c..71c67373 100644
--- a/agent-plane/agent-plane-protocol/README.md
+++ b/agent-plane/agent-plane-protocol/README.md
@@ -64,7 +64,7 @@ Add the following dependency to your data-plane artifact pom:
         <dependency>
             <groupId>org.eclipse.tractusx.agents.edc</groupId>
             <artifactId>agent-plane-protocol</artifactId>
-            <version>1.13.20-SNAPSHOT</version>
+            <version>1.13.21-SNAPSHOT</version>
         </dependency>
 ```
 
@@ -88,38 +88,38 @@ For a list of environment variables to configure the behaviour of the data plane
 
 See [this sample configuration file](resources/dataplane.properties)
 
-| Property                                      | Required | Default/Example                                                                | Description                                                                                                                                                   | List |
-|-----------------------------------------------|----------|--------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|------|
-| cx.agent.matchmaking                        |          | http://matchmaking-agent.internal                                                         | URL of the matchmaking agent (use internal one if null)                                                                                          |      | 
-| cx.agent.asset.default                        |          | urn:x-arq:DefaultGraph                                                         | IRI of the default graph (federated data catalogue)                                                                                                           |      | 
-| cx.agent.asset.file                           |          | https://www.w3id.org/catenax/ontology,dataspace.ttl                            | Initial triples for the default graph (federated data catalogue)                                                                                              | L    | 
-| cx.agent.accesspoint.name                     |          | api                                                                            | Matchmaking agent endpoint name (internal)                                                                                                                    |      | 
-| cx.agent.controlplane.protocol                | (X)      | http://oem-control-plane:8182                                                  | Protocol Endpoint of the providing control plane (needed if you want to access local graphs/skills without absolute address)                                  |      | 
-| cx.agent.controlplane.management              | X        | http://oem-control-plane2:8181/management                                      | Data Management Endpoint of the consuming control plane                                                                                                       |      | 
-| cx.agent.controlplane.management.provider     | (X)      | http://oem-control-plane:8181/management                                       | Data Management Endpoint of the providing control plane (only if different from the consuming control plane)                                                  |      | 
-| edc.participant.id                            | X        | BPNL00000DUMMY                                                                 | business partner number under which the consuming control plane operates                                                                                      |      | 
-| edc.api.auth.code                             | (X)      | X-Api-Key                                                                      | Authentication Header for consuming control plane  (if any)                                                                                                   |      | 
-| edc.api.auth.key                              | (X)      | ****                                                                           | Authentication Secret for consuming control plane (if any)                                                                                                    |      | 
-| edc.dataplane.token.validation.endpoint       | X        | http://oem-control-plane2:9999/control/token / http://localhost:8082/api/validation/ | Token validation endpoint of single control plane or the address of the integrated switching validator in case of multiple control planes                     |      | 
-| edc.dataplane.token.validation.endpoints.<id> | (X)      | http://oem-control-plane:9999/control/token                                    | Additional token validation endpoints to switch between (if multiple control planes)                                                                          | *    | 
-| web.http.callback.port                        | X        | 8187                                                                           | Callback endpoint port                                                                                                                                        |      | 
-| web.http.callback.path                        | X        | /callback                                                                      | Callback endpoint path prefix                                                                                                                                 |      | 
-| cx.agent.callback                             | X        | http://oem-data-plane:8187/callback/transfer-process-started                    | Callback endpoint full address as seen from the consuming control plane                                                                                       |      | 
-| cx.agent.skill.contract                       |          | cx.agent.skill.contract.default=Contract?partner=Skill                         | Id/IRI of the default contract put in the cx-common:publishedUnderContract property for new skills                                                            |      |
-| cx.agent.dataspace.synchronization            |          | -1 / 60000                                                                     | If positive, number of seconds between each catalogue synchronization attempt                                                                                 |      | 
-| cx.agent.service.allow                        |          | (http&#124;edc)s?://.*                                                         | Regular expression for determining which IRIs are allowed in SERVICE calls (on top level/federated data catalogue)                                            |      | 
-| cx.agent.service.deny                         |          | ^$                                                                             | Regular expression for determining which IRIs are denied in SERVICE calls (on top level/federated data catalogue)                                             |      |                                                                                                                                                                       | 
-| cx.agent.service.asset.allow                  |          | (http&#124;edc)s://.*                                                          | Regular expression for determining which IRIs are allowed in delegated SERVICE calls (if not overriden by the cx-common:allowServicePattern address property) |      | 
-| cx.agent.service.asset.deny                   |          | ^$                                                                             | Regular expression for determining which IRIs are denied in delegated SERVICE calls (it not overridden by the cx-common:denyServicePattern address property)  |      |                                                                                                                                                                       | 
-| cx.agent.dataspace.remotes                    |          | BPNL00000003COJN=http://oem-control-plane:8084,BPNL00000003CPIY=http://tiera-control-plane:8084                 | business partner control plane protocol urls wkth associated partner ids to synchronize with (if using internal matchmaking)                                                                                              | L    | 
-| cx.agent.sparql.verbose                       |          | false                                                                          | Controls the verbosity of the SparQL Engine                                                                                                                   |      | 
-| cx.agent.threadpool.size                      |          | 4                                                                              | Number of threads pooled for any concurrent batch calls and synchronisation actions                                                                           |      | 
-| cx.agent.federation.batch.max                 |          | 9223372036854775807 / 8                                                        | Maximal number of tuples to send in one query                                                                                                                 |      | 
-| cx.agent.negotiation.poll                     |          | 1000                                                                           | Number of milliseconds between negotiation status checks                                                                                                      |      | 
-| cx.agent.negotiation.timeout                  |          | 30000                                                                          | Number of milliseconds after which a pending negotiation is regarded as stale                                                                                 |      | 
-| cx.agent.connect.timeout                      |          |                                                                                | Number of milliseconds after which a connection attempt is regarded as stale                                                                                  |      | 
-| cx.agent.read.timeout                         |          | 1080000                                                                        | Number of milliseconds after which a reading attempt is regarded as stale                                                                                     |      | 
-| cx.agent.call.timeout                         |          |                                                                                | Number of milliseconds after which a complete call is regarded as stale                                                                                       |      | 
-| cx.agent.write.timeout                        |          |                                                                                | Number of milliseconds after which a write attempt is regarded as stale                                                                                       |      | 
-| cx.agent.edc.version                          |          | 0.7.0                                                                          | Version of the TX EDC that is used (in case that management/transfer API changes)                                                                             |      | 
+| Property                                  | Required | Default/Example                                                                | Description                                                                                                                                                   | List |
+|-------------------------------------------|----------|--------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|------|
+| cx.agent.matchmaking                      |          | http://matchmaking-agent.internal                                                         | URL of the matchmaking agent (use internal one if null)                                                                                                       |      | 
+| cx.agent.asset.default                    |          | urn:x-arq:DefaultGraph                                                         | IRI of the default graph (federated data catalogue)                                                                                                           |      | 
+| cx.agent.asset.file                       |          | https://www.w3id.org/catenax/ontology,dataspace.ttl                            | Initial triples for the default graph (federated data catalogue)                                                                                              | L    | 
+| cx.agent.accesspoint.name                 |          | api                                                                            | Matchmaking agent endpoint name (internal)                                                                                                                    |      | 
+| cx.agent.controlplane.protocol            | (X)      | http://oem-control-plane:8182                                                  | Protocol Endpoint of the providing control plane (needed if you want to access local graphs/skills without absolute address)                                  |      | 
+| cx.agent.controlplane.management          | X        | http://oem-control-plane2:8181/management                                      | Data Management Endpoint of the consuming control plane                                                                                                       |      | 
+| cx.agent.controlplane.management.provider | (X)      | http://oem-control-plane:8181/management                                       | Data Management Endpoint of the providing control plane (only if different from the consuming control plane)                                                  |      | 
+| edc.participant.id                        | X        | BPNL00000DUMMY                                                                 | business partner number under which the consuming control plane operates                                                                                      |      | 
+| edc.api.auth.code                         | (X)      | X-Api-Key                                                                      | Authentication Header for consuming control plane  (if any)                                                                                                   |      | 
+| edc.api.auth.key                          | (X)      | ****                                                                           | Authentication Secret for consuming control plane (if any)                                                                                                    |      | 
+| web.http.callback.port                    | X        | 8187                                                                           | Callback endpoint port                                                                                                                                        |      | 
+| web.http.callback.path                    | X        | /callback                                                                      | Callback endpoint path prefix                                                                                                                                 |      | 
+| cx.agent.callback                         | X        | http://oem-data-plane:8187/callback/transfer-process-started                    | Callback endpoint full address as seen from the consuming control plane                                                                                       |      | 
+| cx.agent.skill.contract                   |          | cx.agent.skill.contract.default=Contract?partner=Skill                         | Id/IRI of the default contract put in the cx-common:publishedUnderContract property for new skills                                                            |      |
+| cx.agent.dataspace.synchronization        |          | -1 / 60000                                                                     | If positive, number of seconds between each catalogue synchronization attempt                                                                                 |      | 
+| cx.agent.service.allow                    |          | (http&#124;edc)s?://.*                                                         | Regular expression for determining which IRIs are allowed in SERVICE calls (on top level/federated data catalogue)                                            |      | 
+| cx.agent.service.deny                     |          | ^$                                                                             | Regular expression for determining which IRIs are denied in SERVICE calls (on top level/federated data catalogue)                                             |      |                                                                                                                                                                       | 
+| cx.agent.service.asset.allow              |          | (http&#124;edc)s://.*                                                          | Regular expression for determining which IRIs are allowed in delegated SERVICE calls (if not overriden by the cx-common:allowServicePattern address property) |      | 
+| cx.agent.service.asset.deny               |          | ^$                                                                             | Regular expression for determining which IRIs are denied in delegated SERVICE calls (it not overridden by the cx-common:denyServicePattern address property)  |      |                                                                                                                                                                       | 
+| cx.agent.service.connector.allow          |          | (http&#124;edc)s://.*                                                          | Regular expression for determining which URLs are allowed in remote asset calls (if not overriden by the cx-common:allowServicePattern address property)      |      | 
+| cx.agent.service.connector.deny           |          | ^$                                                                             | Regular expression for determining which URLs are denied in remote asset calls (it not overridden by the cx-common:denyServicePattern address property)       |      |                                                                                                                                                                       | 
+| cx.agent.dataspace.remotes                |          | BPNL00000003COJN=http://oem-control-plane:8084,BPNL00000003CPIY=http://tiera-control-plane:8084                 | business partner control plane protocol urls wkth associated partner ids to synchronize with (if using internal matchmaking)                                  | L    | 
+| cx.agent.sparql.verbose                   |          | false                                                                          | Controls the verbosity of the SparQL Engine                                                                                                                   |      | 
+| cx.agent.threadpool.size                  |          | 4                                                                              | Number of threads pooled for any concurrent batch calls and synchronisation actions                                                                           |      | 
+| cx.agent.federation.batch.max             |          | 9223372036854775807 / 8                                                        | Maximal number of tuples to send in one query                                                                                                                 |      | 
+| cx.agent.negotiation.poll                 |          | 1000                                                                           | Number of milliseconds between negotiation status checks                                                                                                      |      | 
+| cx.agent.negotiation.timeout              |          | 30000                                                                          | Number of milliseconds after which a pending negotiation is regarded as stale                                                                                 |      | 
+| cx.agent.connect.timeout                  |          |                                                                                | Number of milliseconds after which a connection attempt is regarded as stale                                                                                  |      | 
+| cx.agent.read.timeout                     |          | 1080000                                                                        | Number of milliseconds after which a reading attempt is regarded as stale                                                                                     |      | 
+| cx.agent.call.timeout                     |          |                                                                                | Number of milliseconds after which a complete call is regarded as stale                                                                                       |      | 
+| cx.agent.write.timeout                    |          |                                                                                | Number of milliseconds after which a write attempt is regarded as stale                                                                                       |      | 
+| cx.agent.edc.version                      |          | 0.7.0                                                                          | Version of the TX EDC that is used (in case that management/transfer API changes)                                                                             |      | 
 
diff --git a/agent-plane/agent-plane-protocol/pom.xml b/agent-plane/agent-plane-protocol/pom.xml
index 6fba60c3..0fd70e1c 100644
--- a/agent-plane/agent-plane-protocol/pom.xml
+++ b/agent-plane/agent-plane-protocol/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.eclipse.tractusx.agents.edc</groupId>
         <artifactId>agent-plane</artifactId>
-        <version>1.13.20-SNAPSHOT</version>
+        <version>1.13.21-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
@@ -478,10 +478,6 @@
             <artifactId>mockito-core</artifactId>
             <scope>test</scope>
             <exclusions>
-                <exclusion>
-                    <groupId>net.bytebuddy</groupId>
-                    <artifactId>byte-buddy</artifactId>
-                </exclusion>
             </exclusions>
         </dependency>
         <dependency>
diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentExtension.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentExtension.java
index 2a864051..df9900c3 100644
--- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentExtension.java
+++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentExtension.java
@@ -47,7 +47,6 @@
 import org.eclipse.tractusx.agents.edc.sparql.DataspaceServiceExecutor;
 import org.eclipse.tractusx.agents.edc.sparql.SparqlQueryProcessor;
 import org.eclipse.tractusx.agents.edc.sparql.SparqlQuerySerializerFactory;
-import org.eclipse.tractusx.agents.edc.validation.SwitchingDataPlaneTokenValidatorController;
 
 import java.util.Map;
 import java.util.concurrent.Executors;
@@ -139,12 +138,6 @@ public void initialize(ServiceExtensionContext context) {
         executorService = Executors.newScheduledThreadPool(config.getThreadPoolSize());
         synchronizer = new DataspaceSynchronizer(executorService, config, catalogService, rdfStore, monitor);
 
-        SwitchingDataPlaneTokenValidatorController validatorController = new SwitchingDataPlaneTokenValidatorController(httpClient, config, monitor);
-        if (validatorController.isEnabled()) {
-            monitor.debug(String.format("Registering switching validator controller %s", validatorController));
-            webService.registerResource(DEFAULT_CONTEXT_ALIAS, validatorController);
-        }
-
         // EDC Remoting Support
         ServiceExecutorRegistry reg = new ServiceExecutorRegistry();
         reg.addBulkLink(new DataspaceServiceExecutor(monitor, agreementController, config, httpClient, executorService, typeManager));
@@ -170,8 +163,22 @@ public void initialize(ServiceExtensionContext context) {
         monitor.debug(String.format("Initialized %s", name()));
 
         HttpRequestFactory httpRequestFactory = new HttpRequestFactory();
-        AgentSourceFactory sourceFactory = new AgentSourceFactory(edcHttpClient, new AgentSourceRequestParamsSupplier(vault, typeManager, config, monitor), monitor, httpRequestFactory, processor, skillStore);
-        pipelineService.registerFactory(sourceFactory);
+        AgentSourceFactory sparqlSourceFactory = new AgentSourceFactory(AgentProtocol.SPARQL_HTTP.getProtocolId(),
+                edcHttpClient,
+                new AgentSourceRequestParamsSupplier(vault, typeManager, config, monitor),
+                monitor,
+                httpRequestFactory,
+                processor,
+                skillStore);
+        AgentSourceFactory skillSourceFactory = new AgentSourceFactory(AgentProtocol.SKILL_HTTP.getProtocolId(),
+                edcHttpClient,
+                new AgentSourceRequestParamsSupplier(vault, typeManager, config, monitor),
+                monitor,
+                httpRequestFactory,
+                processor,
+                skillStore);
+        pipelineService.registerFactory(sparqlSourceFactory);
+        pipelineService.registerFactory(skillSourceFactory);
 
         var publicEndpoint = context.getSetting("edc.dataplane.api.public.baseurl", null);
         if (publicEndpoint == null) {
diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceFactory.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceFactory.java
index 3dd4c368..b7cb953e 100644
--- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceFactory.java
+++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceFactory.java
@@ -22,7 +22,6 @@
 import org.eclipse.edc.http.spi.EdcHttpClient;
 import org.eclipse.edc.spi.monitor.Monitor;
 import org.eclipse.edc.spi.types.domain.transfer.DataFlowStartMessage;
-import org.eclipse.tractusx.agents.edc.AgentProtocol;
 import org.eclipse.tractusx.agents.edc.SkillStore;
 import org.eclipse.tractusx.agents.edc.sparql.SparqlQueryProcessor;
 
@@ -37,7 +36,7 @@ public class AgentSourceFactory extends org.eclipse.edc.connector.dataplane.http
     final SparqlQueryProcessor processor;
     final SkillStore skillStore;
     final HttpRequestFactory requestFactory;
-
+    final String protocol;
 
     /**
      * create a new agent source factory
@@ -49,8 +48,9 @@ public class AgentSourceFactory extends org.eclipse.edc.connector.dataplane.http
      * @param processor the query processor/sparql engine
      * @param skillStore store for skills
      */
-    public AgentSourceFactory(EdcHttpClient httpClient, AgentSourceRequestParamsSupplier supplier, Monitor monitor, HttpRequestFactory requestFactory, SparqlQueryProcessor processor, SkillStore skillStore) {
+    public AgentSourceFactory(String protocol, EdcHttpClient httpClient, AgentSourceRequestParamsSupplier supplier, Monitor monitor, HttpRequestFactory requestFactory, SparqlQueryProcessor processor, SkillStore skillStore) {
         super(httpClient, supplier, monitor, requestFactory);
+        this.protocol = protocol;
         this.supplier = supplier;
         this.monitor = monitor;
         this.httpClient = httpClient;
@@ -59,6 +59,11 @@ public AgentSourceFactory(EdcHttpClient httpClient, AgentSourceRequestParamsSupp
         this.requestFactory = requestFactory;
     }
 
+    @Override
+    public String supportedType() {
+        return protocol;
+    }
+
     /**
      * choose the agent protocol
      *
@@ -67,8 +72,7 @@ public AgentSourceFactory(EdcHttpClient httpClient, AgentSourceRequestParamsSupp
      */
     @Override
     public boolean canHandle(DataFlowStartMessage request) {
-        return AgentProtocol.SPARQL_HTTP.getProtocolId().equals(request.getSourceDataAddress().getType()) ||
-                AgentProtocol.SKILL_HTTP.getProtocolId().equals(request.getSourceDataAddress().getType());
+        return protocol.equals(request.getSourceDataAddress().getType());
     }
 
     /**
diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java
index 24572250..a13b33df 100644
--- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java
+++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java
@@ -115,15 +115,17 @@ public class DataManagement {
 
     public static final String ASSET_CALL = "%s%s/assets/request";
 
-    // negotiation request 0.5.>=1
+    // negotiation request 0.7.>=3
     public static final String NEGOTIATION_REQUEST_BODY =
             "{\n" +
                     "    \"@context\": {\n" +
-                    "        \"@vocab\": \"https://w3id.org/edc/v0.0.1/ns/\"\n" +
+                    "        \"@vocab\": \"https://w3id.org/edc/v0.0.1/ns/\",\n" +
+                    "        \"edc\": \"https://w3id.org/edc/v0.0.1/ns/\"\n" +
                     "    },\n" +
                     "    \"@type\": \"https://w3id.org/edc/v0.0.1/ns/ContractRequest\",\n" +
                     "    \"counterPartyAddress\": \"%1$s\",\n" +
                     "    \"protocol\": \"dataspace-protocol-http\",\n" +
+                    "    \"providerId\": \"%2$s\",\n" +
                     "    \"policy\": {\n" +
                     "        \"@context\": \"http://www.w3.org/ns/odrl.jsonld\",\n" +
                     "        \"@type\": \"odrl:Offer\",\n" +
diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/validation/DataPlaneTokenValidationApi.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/validation/DataPlaneTokenValidationApi.java
deleted file mode 100644
index f0bbcd29..00000000
--- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/validation/DataPlaneTokenValidationApi.java
+++ /dev/null
@@ -1,26 +0,0 @@
-// Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
-//
-// See the NOTICE file(s) distributed with this work for additional
-// information regarding copyright ownership.
-//
-// This program and the accompanying materials are made available under the
-// terms of the Apache License, Version 2.0 which is available at
-// https://www.apache.org/licenses/LICENSE-2.0.
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-// License for the specific language governing permissions and limitations
-// under the License.
-//
-// SPDX-License-Identifier: Apache-2.0
-package org.eclipse.tractusx.agents.edc.validation;
-
-import jakarta.ws.rs.core.Response;
-
-/**
- * Rest interface to the token validator
- */
-public interface DataPlaneTokenValidationApi {
-    Response validate(String token);
-}
diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/validation/SwitchingDataPlaneTokenValidatorController.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/validation/SwitchingDataPlaneTokenValidatorController.java
deleted file mode 100644
index f5e4db7b..00000000
--- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/validation/SwitchingDataPlaneTokenValidatorController.java
+++ /dev/null
@@ -1,98 +0,0 @@
-// Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
-//
-// See the NOTICE file(s) distributed with this work for additional
-// information regarding copyright ownership.
-//
-// This program and the accompanying materials are made available under the
-// terms of the Apache License, Version 2.0 which is available at
-// https://www.apache.org/licenses/LICENSE-2.0.
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-// License for the specific language governing permissions and limitations
-// under the License.
-//
-// SPDX-License-Identifier: Apache-2.0
-package org.eclipse.tractusx.agents.edc.validation;
-
-import jakarta.ws.rs.GET;
-import jakarta.ws.rs.HeaderParam;
-import jakarta.ws.rs.Path;
-import jakarta.ws.rs.Produces;
-import jakarta.ws.rs.core.HttpHeaders;
-import jakarta.ws.rs.core.MediaType;
-import jakarta.ws.rs.core.Response;
-import okhttp3.OkHttpClient;
-import okhttp3.Request;
-import org.eclipse.edc.spi.monitor.Monitor;
-import org.eclipse.tractusx.agents.edc.AgentConfig;
-
-import java.io.IOException;
-
-/**
- * a token validator that may delegate to several control plane validators
- */
-@Path("/validation")
-public class SwitchingDataPlaneTokenValidatorController implements DataPlaneTokenValidationApi {
-
-    protected final OkHttpClient httpClient;
-    protected final Monitor monitor;
-    protected final AgentConfig config;
-    protected final String[] endpoints;
-
-    /**
-     * creates a new controller
-     *
-     * @param httpClient to use
-     * @param config     to obey
-     * @param monitor    to log
-     */
-    public SwitchingDataPlaneTokenValidatorController(OkHttpClient httpClient, AgentConfig config, Monitor monitor) {
-        this.httpClient = httpClient;
-        this.config = config;
-        this.monitor = monitor;
-        this.endpoints = config.getValidatorEndpoints();
-    }
-
-    /**
-     * access
-     *
-     * @return a flag indicating whether this endpoint is enabled
-     */
-    public boolean isEnabled() {
-        return endpoints != null && endpoints.length > 0;
-    }
-
-    /**
-     * Validate the token provided in input by delegating to the multiple endpoints
-     *
-     * @param token Input token.
-     * @return Decrypted DataAddress contained in the input token claims.
-     */
-    @GET
-    @Produces({ MediaType.APPLICATION_JSON })
-    @Override
-    public Response validate(@HeaderParam(HttpHeaders.AUTHORIZATION) String token) {
-        Response result = Response.status(400, "No validation endpoint could be found to switch to.").build();
-        if (isEnabled()) {
-            for (String endpoint : endpoints) {
-                var request = new Request.Builder().url(endpoint).header(HttpHeaders.AUTHORIZATION, token).get().build();
-                try (var response = httpClient.newCall(request).execute()) {
-                    var body = response.body();
-                    var stringBody = body != null ? body.string() : null;
-                    if (stringBody == null) {
-                        result = Response.status(400, "Token validation server returned null body").build();
-                    } else if (response.isSuccessful()) {
-                        return Response.ok(stringBody).build();
-                    } else {
-                        result = Response.status(response.code(), String.format("Call to token validation sever failed: %s - %s. %s", response.code(), response.message(), stringBody)).build();
-                    }
-                } catch (IOException e) {
-                    result = Response.status(500, "Unhandled exception occurred during call to token validation server: " + e.getMessage()).build();
-                }
-            }
-        }
-        return result;
-    }
-}
diff --git a/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/service/TestDataspaceSynchronizer.java b/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/service/TestDataspaceSynchronizer.java
index 4b8f57af..39029a28 100644
--- a/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/service/TestDataspaceSynchronizer.java
+++ b/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/service/TestDataspaceSynchronizer.java
@@ -123,7 +123,7 @@ private static JsonObjectBuilder createOffer() {
         JsonObjectBuilder offerBuilder = Json.createObjectBuilder()
                 .add("@id", "cx-taxo:GraphAsset?test=ExampleAsset")
                 .add("https://w3id.org/edc/v0.0.1/ns/contenttype", "application/json, application/xml")
-                .add("https://w3id.org/catenax/ontology/common#version", "1.13.20-SNAPSHOT")
+                .add("https://w3id.org/catenax/ontology/common#version", "1.13.21-SNAPSHOT")
                 .add("https://w3id.org/catenax/ontology/common#name", "Test Asset")
                 .add("https://w3id.org/catenax/ontology/common#description", "Test Asset for RDF Representation")
                 .add("https://w3id.org/catenax/ontology/common#description@de", "Beispiel Asset für RDF Darstellung")
@@ -212,7 +212,7 @@ public void testCatalogDeserialization() {
                 "                },\n" +
                 "                \"dcat:accessService\": \"ddd4b79e-f785-4e71-9fe5-4a177b3ccf54\"\n" +
                 "            },\n" +
-                "            \"edc:version\": \"1.13.20-SNAPSHOT\",\n" +
+                "            \"edc:version\": \"1.13.21-SNAPSHOT\",\n" +
                 "            \"http://www.w3.org/2000/01/rdf-schema#isDefinedBy\": \"<https://w3id.org/catenax/ontology/diagnosis>\",\n" +
                 "            \"edc:name\": \"Diagnostic Trouble Code Catalogue Version 2022\",\n" +
                 "            \"http://www.w3.org/ns/shacl#shapesGraph\": \"@prefix cx-common: <https://w3id.org/catenax/ontology/common#>. \\n@prefix : <https://w3id.org/catenax/taxonomy#GraphAsset?oem=Diagnosis2022&shapeObject=> .\\n@prefix cx-diag: <https://w3id.org/catenax/ontology/diagnosis#> .\\n@prefix owl: <http://www.w3.org/2002/07/owl#> .\\n@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .\\n@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .\\n@prefix sh: <http://www.w3.org/ns/shacl#> .\\n\\n:OemDTC rdf:type sh:NodeShape ;\\n  sh:targetClass cx-diag:DTC ;\\n  sh:property [\\n        sh:path cx-diag:provisionedBy ;\\n        sh:hasValue <urn:bpn:legal:BPNL00000003COJN> ;\\n    ] ;\\n  sh:property [\\n        sh:path cx-diag:version ;\\n        sh:hasValue \\\"0\\\"^^xsd:long ;\\n    ] ;\\n  sh:property [\\n        sh:path cx-diag:affects ;\\n        sh:class :OemDiagnosedParts ;\\n    ].\\n\\n:OemDiagnosedParts rdf:type sh:NodeShape ;\\n  sh:targetClass cx-diag:DiagnosedPart ;\\n  sh:property [\\n        sh:path cx-diag:provisionedBy ;\\n        sh:hasValue <urn:bpn:legal:BPNL00000003COJN> ;\\n    ] .\\n\",\n" +
diff --git a/agent-plane/agentplane-azure-vault/README.md b/agent-plane/agentplane-azure-vault/README.md
index 1b6c896e..c22baa67 100644
--- a/agent-plane/agentplane-azure-vault/README.md
+++ b/agent-plane/agentplane-azure-vault/README.md
@@ -54,7 +54,7 @@ mvn -s ../../../settings.xml install -Pwith-docker-image
 Alternatively, after a sucessful [build](#building) the docker image of the Agent Plane is created using
 
 ```console
-docker build -t tractusx//agentplane-azure-vault:1.13.20-SNAPSHOT -f src/main/docker/Dockerfile .
+docker build -t tractusx//agentplane-azure-vault:1.13.21-SNAPSHOT -f src/main/docker/Dockerfile .
 ```
 
 To run the docker image, you could invoke this command
@@ -90,7 +90,7 @@ Project license: Apache License, Version 2.0
 
 **Used base image**
 
-- [eclipse-temurin:17-jre-alpine](https://github.com/adoptium/containers)
+- [eclipse-temurin:22-jre-alpine](https://github.com/adoptium/containers)
 - Official Eclipse Temurin DockerHub page: https://hub.docker.com/_/eclipse-temurin
 - Eclipse Temurin Project: https://projects.eclipse.org/projects/adoptium.temurin
 - Additional information about the Eclipse Temurin images: https://github.com/docker-library/repo-info/tree/master/repos/eclipse-temurin
diff --git a/agent-plane/agentplane-azure-vault/pom.xml b/agent-plane/agentplane-azure-vault/pom.xml
index bf4c59cc..10174bc8 100644
--- a/agent-plane/agentplane-azure-vault/pom.xml
+++ b/agent-plane/agentplane-azure-vault/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.eclipse.tractusx.agents.edc</groupId>
         <artifactId>agent-plane</artifactId>
-        <version>1.13.20-SNAPSHOT</version>
+        <version>1.13.21-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
@@ -160,6 +160,26 @@
                     <groupId>net.java.dev.jna</groupId>
                     <artifactId>jna-platform</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.eclipse.edc</groupId>
+                    <artifactId>core-spi</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.eclipse.edc</groupId>
+                    <artifactId>contract-spi</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.eclipse.edc</groupId>
+                    <artifactId>catalog-spi</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.eclipse.edc</groupId>
+                    <artifactId>asset-index-sql</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.eclipse.edc</groupId>
+                    <artifactId>control-plane-spi</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
 
diff --git a/agent-plane/agentplane-azure-vault/src/main/docker/Dockerfile b/agent-plane/agentplane-azure-vault/src/main/docker/Dockerfile
index 43210948..5ca2d89d 100644
--- a/agent-plane/agentplane-azure-vault/src/main/docker/Dockerfile
+++ b/agent-plane/agentplane-azure-vault/src/main/docker/Dockerfile
@@ -25,7 +25,7 @@ HEALTHCHECK NONE
 RUN apk update && apk add curl=8.5.0-r0 --no-cache
 RUN curl -L --proto "=https" -sSf ${OTEL_AGENT_LOCATION} --output /tmp/opentelemetry-javaagent.jar
 
-FROM eclipse-temurin:22_36-jre-alpine
+FROM eclipse-temurin:22-jre-alpine
 
 ARG APP_USER=docker
 ARG APP_UID=10100
diff --git a/agent-plane/agentplane-hashicorp/README.md b/agent-plane/agentplane-hashicorp/README.md
index 2309845f..6c076ab4 100644
--- a/agent-plane/agentplane-hashicorp/README.md
+++ b/agent-plane/agentplane-hashicorp/README.md
@@ -54,7 +54,7 @@ mvn -s ../../../settings.xml install -Pwith-docker-image
 Alternatively, after a sucessful [build](#building) the docker image of the Agent Plane is created using
 
 ```console
-docker build -t tractusx/agentplane-hashicorp:1.13.20-SNAPSHOT -f src/main/docker/Dockerfile .
+docker build -t tractusx/agentplane-hashicorp:1.13.21-SNAPSHOT -f src/main/docker/Dockerfile .
 ```
 
 To run the docker image, you could invoke this command
@@ -66,7 +66,7 @@ docker run -p 8082:8082 \
   -v $(pwd)/resources/dataplane.properties:/app/configuration.properties \
   -v $(pwd)/resources/opentelemetry.properties:/app/opentelemetry.properties \
   -v $(pwd)/resources/logging.properties:/app/logging.properties \
-  tractusx/agentplane-hashicorp:1.13.20-SNAPSHOT
+  tractusx/agentplane-hashicorp:1.13.21-SNAPSHOT
 ````
 
 Afterwards, you should be able to access the [local SparQL endpoint](http://localhost:8082/api/agent) via
@@ -90,7 +90,7 @@ Project license: Apache License, Version 2.0
 
 **Used base image**
 
-- [eclipse-temurin:17-jre-alpine](https://github.com/adoptium/containers)
+- [eclipse-temurin:22-jre-alpine](https://github.com/adoptium/containers)
 - Official Eclipse Temurin DockerHub page: https://hub.docker.com/_/eclipse-temurin
 - Eclipse Temurin Project: https://projects.eclipse.org/projects/adoptium.temurin
 - Additional information about the Eclipse Temurin images: https://github.com/docker-library/repo-info/tree/master/repos/eclipse-temurin
diff --git a/agent-plane/agentplane-hashicorp/pom.xml b/agent-plane/agentplane-hashicorp/pom.xml
index 217aca0f..b545d1dc 100644
--- a/agent-plane/agentplane-hashicorp/pom.xml
+++ b/agent-plane/agentplane-hashicorp/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.eclipse.tractusx.agents.edc</groupId>
         <artifactId>agent-plane</artifactId>
-        <version>1.13.20-SNAPSHOT</version>
+        <version>1.13.21-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
@@ -157,6 +157,22 @@
                     <groupId>io.netty</groupId>
                     <artifactId>netty-transport-classes-epoll</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.eclipse.edc</groupId>
+                    <artifactId>contract-spi</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.eclipse.edc</groupId>
+                    <artifactId>catalog-spi</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.eclipse.edc</groupId>
+                    <artifactId>asset-index-sql</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.eclipse.edc</groupId>
+                    <artifactId>control-plane-spi</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
 
diff --git a/agent-plane/agentplane-hashicorp/src/main/docker/Dockerfile b/agent-plane/agentplane-hashicorp/src/main/docker/Dockerfile
index e36a378a..b9f63f06 100644
--- a/agent-plane/agentplane-hashicorp/src/main/docker/Dockerfile
+++ b/agent-plane/agentplane-hashicorp/src/main/docker/Dockerfile
@@ -24,7 +24,7 @@ HEALTHCHECK NONE
 RUN apk update && apk add curl=8.5.0-r0 --no-cache
 RUN curl -L --proto "=https" -sSf ${OTEL_AGENT_LOCATION} --output /tmp/opentelemetry-javaagent.jar
 
-FROM eclipse-temurin:22_36-jre-alpine
+FROM eclipse-temurin:22-jre-alpine
 
 ARG APP_USER=docker
 ARG APP_UID=10100
diff --git a/agent-plane/pom.xml b/agent-plane/pom.xml
index 694d3442..0fc7efa9 100644
--- a/agent-plane/pom.xml
+++ b/agent-plane/pom.xml
@@ -28,7 +28,7 @@
     <parent>
         <groupId>org.eclipse.tractusx.agents</groupId>
         <artifactId>edc</artifactId>
-        <version>1.13.20-SNAPSHOT</version>
+        <version>1.13.21-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>    
     </parent>
     <name>Tractus-X EDC Agent Plane</name>
diff --git a/charts/agent-plane-azure-vault/Chart.yaml b/charts/agent-plane-azure-vault/Chart.yaml
index aa7b184d..ca5da94a 100644
--- a/charts/agent-plane-azure-vault/Chart.yaml
+++ b/charts/agent-plane-azure-vault/Chart.yaml
@@ -3,7 +3,7 @@
 #  Copyright (c) 2023 ZF Friedrichshafen AG
 #  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
 #  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
+#  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
 #
 #  See the NOTICE file(s) distributed with this work for additional
 #  information regarding copyright ownership.
@@ -41,12 +41,12 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.13.20-SNAPSHOT
+version: 1.13.21-SNAPSHOT
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.13.20-SNAPSHOT"
+appVersion: "1.13.21-SNAPSHOT"
 home: https://github.com/eclipse-tractusx/knowledge-agents-edc/
 sources:
   - https://github.com/eclipse-tractusx/knowledge-agents-edc/tree/main/charts/agent-connector
diff --git a/charts/agent-plane-azure-vault/README.md b/charts/agent-plane-azure-vault/README.md
index b10508cb..0c842055 100644
--- a/charts/agent-plane-azure-vault/README.md
+++ b/charts/agent-plane-azure-vault/README.md
@@ -21,7 +21,7 @@
 
 # agent-plane-azure-vault
 
-![Version: 1.13.20-SNAPSHOT](https://img.shields.io/badge/Version-1.12.19--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.13.20-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.12.19--SNAPSHOT-informational?style=flat-square)
+![Version: 1.13.21-SNAPSHOT](https://img.shields.io/badge/Version-1.13.21--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.13.21-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.13.21--SNAPSHOT-informational?style=flat-square)
 
 A Helm chart for an Agent-Enabled Tractus-X Data Plane which registers at a running
 Control Plane.
@@ -59,7 +59,7 @@ Combined, run this shell command to start the in-memory Tractus-X EDC runtime:
 
 ```shell
 helm repo add eclipse-tractusx https://eclipse-tractusx.github.io/charts/dev
-helm install my-release eclipse-tractusx/agent-plane --version 1.13.20-SNAPSHOT
+helm install my-release eclipse-tractusx/agent-plane --version 1.13.21-SNAPSHOT
 ```
 
 ## Maintainers
@@ -82,7 +82,7 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.13.20-SNAPSHOT
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| affinity | object | `{}` |  |
+| affinity | object | `{}` | [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on |
 | agent | object | `{"connectors":{},"default":["dataspace.ttl","https://w3id.org/catenax/ontology.ttl"],"maxbatchsize":"9223372036854775807","services":{"allow":"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)","asset":{"allow":"(edcs?://.*)","deny":"https?://.*"},"deny":"http://.*"},"skillcontract":"Contract?partner=Skill","synchronization":-1}` | Agent-Specific Settings |
 | agent.connectors | object | `{}` | A map of partner ids to remote connector IDS URLs to synchronize with |
 | agent.default | list | `["dataspace.ttl","https://w3id.org/catenax/ontology.ttl"]` | A list of local or remote graph descriptions to build the default meta-graph/federated data catalogue |
@@ -116,40 +116,52 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.13.20-SNAPSHOT
 | configs | object | `{"dataspace.ttl":"#################################################################\n# Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT\n#################################################################\n@prefix : <GraphAsset?local=Dataspace> .\n@base <GraphAsset?local=Dataspace> .\n"}` | A set of additional configuration files |
 | configs."dataspace.ttl" | string | `"#################################################################\n# Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT\n#################################################################\n@prefix : <GraphAsset?local=Dataspace> .\n@base <GraphAsset?local=Dataspace> .\n"` | An example of an empty graph in ttl syntax |
 | connector | string | `""` | Name of the connector deployment |
-| controlplane | object | `{"endpoints":{"control":{"path":"/control","port":8083},"management":{"authKey":"","path":"/management","port":8081},"protocol":{"path":"/api/v1/dsp","port":8084}},"ingresses":[{"enabled":false}]}` | References to the control plane deployment |
+| controlplane | object | `{"endpoints":{"control":{"path":"/control","port":8083},"management":{"authKey":"password","path":"/management","port":8081},"protocol":{"path":"/api/v1/dsp","port":8084}},"ingresses":[{"enabled":false}]}` | References to the control plane deployment |
 | controlplane.endpoints.control | object | `{"path":"/control","port":8083}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not |
 | controlplane.endpoints.control.path | string | `"/control"` | path for incoming api calls |
 | controlplane.endpoints.control.port | int | `8083` | port for incoming api calls |
-| controlplane.endpoints.management | object | `{"authKey":"","path":"/management","port":8081}` | data management api, used by internal users, can be added to an ingress and must not be internet facing |
-| controlplane.endpoints.management.authKey | string | `""` | authentication key, must be attached to each 'X-Api-Key' request header |
+| controlplane.endpoints.management | object | `{"authKey":"password","path":"/management","port":8081}` | data management api, used by internal users, can be added to an ingress and must not be internet facing |
+| controlplane.endpoints.management.authKey | string | `"password"` | authentication key, must be attached to each request as `X-Api-Key` header |
 | controlplane.endpoints.management.path | string | `"/management"` | path for incoming api calls |
 | controlplane.endpoints.management.port | int | `8081` | port for incoming api calls |
 | controlplane.endpoints.protocol | object | `{"path":"/api/v1/dsp","port":8084}` | dsp api, used for inter connector communication and must be internet facing |
 | controlplane.endpoints.protocol.path | string | `"/api/v1/dsp"` | path for incoming api calls |
 | controlplane.endpoints.protocol.port | int | `8084` | port for incoming api calls |
-| customLabels | object | `{}` | To add some custom labels |
-| debug.enabled | bool | `false` |  |
-| debug.port | int | `1044` |  |
-| debug.suspendOnStart | bool | `false` |  |
+| customCaCerts | object | `{}` | Add custom ca certificates to the truststore |
+| customLabels | object | `{}` | Add some custom labels |
+| debug.enabled | bool | `false` | Enables java debugging mode. |
+| debug.port | int | `1044` | Port where the debuggee can connect to. |
+| debug.suspendOnStart | bool | `false` | Defines if the JVM should wait with starting the application until someone connected to the debugging port. |
 | destinationTypes | string | `"HttpProxy,AmazonS3"` | a comma-separated list of supported transfer types |
-| endpoints.callback.path | string | `"/callback"` |  |
-| endpoints.callback.port | int | `8087` |  |
-| endpoints.default.path | string | `"/api"` |  |
-| endpoints.default.port | int | `8080` |  |
-| endpoints.public.path | string | `"/api/public"` |  |
-| endpoints.public.port | int | `8081` |  |
-| endpoints.signaling.path | string | `"/api/signaling"` |  |
-| endpoints.signaling.port | int | `8083` |  |
-| env | object | `{}` |  |
-| envConfigMapNames | list | `[]` |  |
-| envSecretNames | list | `[]` |  |
-| envValueFrom | object | `{}` |  |
+| endpoints | object | `{"callback":{"path":"/callback","port":8087},"control":{"path":"/api/control","port":8084},"default":{"path":"/api","port":8080},"metrics":{"path":"/metrics","port":9090},"proxy":{"authKey":"password","path":"/proxy","port":8186},"public":{"path":"/api/public","port":8081}}` | endpoints of the dataplane |
+| endpoints.callback | object | `{"path":"/callback","port":8087}` | callback api, used for listening on control plane callbacks, must not be internet facing |
+| endpoints.callback.path | string | `"/callback"` | path for incoming api calls |
+| endpoints.callback.port | int | `8087` | port for incoming api calls |
+| endpoints.control | object | `{"path":"/api/control","port":8084}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not |
+| endpoints.control.path | string | `"/api/control"` | path for incoming api calls |
+| endpoints.control.port | int | `8084` | port for incoming api calls |
+| endpoints.default | object | `{"path":"/api","port":8080}` | default api for health checks, should not be added to any ingress |
+| endpoints.default.path | string | `"/api"` | path for incoming api calls |
+| endpoints.default.port | int | `8080` | port for incoming api calls |
+| endpoints.metrics | object | `{"path":"/metrics","port":9090}` | metrics api, used for application metrics, must not be internet facing |
+| endpoints.metrics.path | string | `"/metrics"` | path for incoming api calls |
+| endpoints.metrics.port | int | `9090` | port for incoming api calls |
+| endpoints.proxy.authKey | string | `"password"` | authentication key, must be attached to each request as `X-Api-Key` header |
+| endpoints.proxy.path | string | `"/proxy"` | path for incoming api calls |
+| endpoints.proxy.port | int | `8186` | port for incoming api calls |
+| endpoints.public | object | `{"path":"/api/public","port":8081}` | public endpoint where the data can be fetched from if HttpPull was used. Must be internet facing. |
+| endpoints.public.path | string | `"/api/public"` | path for incoming api calls |
+| endpoints.public.port | int | `8081` | port for incoming api calls |
+| env | object | `{}` | Extra environment variables that will be pass onto deployment pods |
+| envConfigMapNames | list | `[]` | [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from |
+| envSecretNames | list | `[]` | [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from |
+| envValueFrom | object | `{}` | "valueFrom" environment variable references that will be added to deployment pods. Name is templated. ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core |
 | fullnameOverride | string | `""` |  |
-| iatp.id | string | `"did:web:changeme"` |  |
-| iatp.sts.dim.url | string | `nil` |  |
-| iatp.sts.oauth.client.id | string | `nil` |  |
-| iatp.sts.oauth.client.secret_alias | string | `nil` |  |
-| iatp.sts.oauth.token_url | string | `nil` |  |
+| iatp.id | string | `"did:web:changeme"` | Decentralized IDentifier (DID) of the connector |
+| iatp.sts.dim.url | string | `nil` | URL where connectors can request SI tokens |
+| iatp.sts.oauth.client.id | string | `nil` | Client ID for requesting OAuth2 access token for DIM access |
+| iatp.sts.oauth.client.secret_alias | string | `nil` | Alias under which the client secret is stored in the vault for requesting OAuth2 access token for DIM access |
+| iatp.sts.oauth.token_url | string | `nil` | URL where connectors can request OAuth2 access tokens for DIM access |
 | iatp.trustedIssuers | list | `[]` | Configures the trusted issuers for this runtime |
 | image.pullPolicy | string | `"IfNotPresent"` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use |
 | image.repository | string | `""` | Which derivate of the data plane to use. when left empty the deployment will select the correct image automatically |
@@ -167,10 +179,9 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.13.20-SNAPSHOT
 | ingresses[0].tls.enabled | bool | `false` | Enables TLS on the ingress resource |
 | ingresses[0].tls.secretName | string | `""` | If present overwrites the default secret name |
 | initContainers | list | `[]` |  |
-| install.postgresql | bool | `false` |  |
-| install.vault | bool | `false` |  |
-| limits.cpu | float | `1.5` |  |
-| limits.memory | string | `"1024Mi"` |  |
+| install.postgresql | bool | `false` | Deploying a PostgreSQL instance |
+| limits.cpu | float | `1.5` | Maximum CPU limit |
+| limits.memory | string | `"1024Mi"` | Maximum memory limit |
 | livenessProbe.enabled | bool | `true` | Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) |
 | livenessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up |
 | livenessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first liveness check |
@@ -180,7 +191,9 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.13.20-SNAPSHOT
 | logging | string | `".level=INFO\norg.eclipse.edc.level=ALL\nhandlers=java.util.logging.ConsoleHandler\njava.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter\njava.util.logging.ConsoleHandler.level=ALL\njava.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n"` | configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) |
 | name | string | `"agentplane"` | the name of the dataplane |
 | nameOverride | string | `""` |  |
-| nodeSelector | object | `{}` |  |
+| networkPolicy.enabled | bool | `false` | If `true` network policy will be created to restrict access to control- and dataplane |
+| networkPolicy.from | list | `[{"namespaceSelector":{}}]` | Specify from rule network policy for dp (defaults to all namespaces) |
+| nodeSelector | object | `{}` | [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes |
 | opentelemetry | string | `"otel.javaagent.enabled=false\notel.javaagent.debug=false"` | configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics |
 | participant.id | string | `""` | BPN Number |
 | podAnnotations | object | `{}` | additional annotations for the pod |
@@ -190,12 +203,7 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.13.20-SNAPSHOT
 | podSecurityContext.runAsGroup | int | `10001` | Processes within a pod will belong to this guid |
 | podSecurityContext.runAsUser | int | `10001` | Runs all processes within a pod with a special uid |
 | podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | Restrict a Container's Syscalls with seccomp |
-| postgresql.auth.database | string | `"edc"` |  |
-| postgresql.auth.password | string | `"password"` |  |
-| postgresql.auth.username | string | `"user"` |  |
-| postgresql.jdbcUrl | string | `"jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc"` |  |
-| postgresql.primary.persistence.enabled | bool | `false` |  |
-| postgresql.readReplicas.persistence.enabled | bool | `false` |  |
+| postgresql | object | `{"auth":{"database":"edc","password":"password","username":"user"},"jdbcUrl":"jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc","primary":{"persistence":{"enabled":false}},"readReplicas":{"persistence":{"enabled":false}}}` | Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden |
 | readinessProbe.enabled | bool | `true` | Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) |
 | readinessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up |
 | readinessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first readiness check |
@@ -203,35 +211,35 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.13.20-SNAPSHOT
 | readinessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed |
 | readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out |
 | replicaCount | int | `1` |  |
-| requests.cpu | string | `"500m"` |  |
-| requests.memory | string | `"128Mi"` |  |
+| requests.cpu | string | `"500m"` | Initial CPU request |
+| requests.memory | string | `"128Mi"` | Initial memory request |
 | resources | object | `{}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container |
+| securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"add":[],"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":10001}` | The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod |
 | securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID |
 | securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls |
 | securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface |
 | securityContext.readOnlyRootFilesystem | bool | `true` | Whether the root filesystem is mounted in read-only mode |
 | securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges |
 | securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid |
+| service.annotations | object | `{}` | additional annotations for the service |
+| service.labels | object | `{}` | additional labels for the service |
 | service.port | int | `80` |  |
 | service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. |
-| serviceAccount.annotations | object | `{}` |  |
-| serviceAccount.create | bool | `true` |  |
+| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
+| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
 | serviceAccount.imagePullSecrets | list | `[]` | Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) |
-| serviceAccount.name | string | `""` |  |
+| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
 | sourceTypes | string | `"cx-common:Protocol?w3c:http:SPARQL,cx-common:Protocol?w3c:http:SKILL,HttpData,AmazonS3"` | a comma-separated list of supported asset types |
 | tests | object | `{"hookDeletePolicy":"before-hook-creation,hook-succeeded"}` | Configurations for Helm tests |
 | tests.hookDeletePolicy | string | `"before-hook-creation,hook-succeeded"` | Configure the hook-delete-policy for Helm tests |
-| token.refresh.expiry_seconds | int | `300` |  |
-| token.refresh.expiry_tolerance_seconds | int | `10` |  |
-| token.refresh.refresh_endpoint | string | `nil` |  |
-| token.signer.privatekey_alias | string | `nil` |  |
-| token.verifier.publickey_alias | string | `nil` |  |
-| tolerations | list | `[]` |  |
+| token.refresh.expiry_seconds | int | `300` | TTL in seconds for access tokens (also known as EDR token) |
+| token.refresh.expiry_tolerance_seconds | int | `10` | Tolerance for token expiry in seconds |
+| token.refresh.refresh_endpoint | string | `nil` | Optional endpoint for an OAuth2 token refresh. Default endpoint is `<PUBLIC_API>/token` |
+| token.signer.privatekey_alias | string | `nil` | Alias under which the private key (JWK or PEM format) is stored in the vault |
+| token.verifier.publickey_alias | string | `nil` | Alias under which the public key (JWK or PEM format) is stored in the vault, that belongs to the private key which was referred to at `dataplane.token.signer.privatekey_alias` |
+| tolerations | list | `[]` | [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes |
 | url.public | string | `""` | Explicitly declared url for reaching the public api (e.g. if ingresses not used) |
-| vault | object | `{"azure":{"certificate":null,"client":null,"name":"<AZURE_NAME>","secret":null,"tenant":null},"secretNames":{"transferProxyTokenEncryptionAesKey":null,"transferProxyTokenSignerPrivateKey":null,"transferProxyTokenSignerPublicKey":null}}` | Standard settings for vault, "client", "tenant", "secret" or "certificate", "transferProxyTokenSignerPrivateKey" and "transferProxyTokenSignerPublicKey" need to be overridden |
-| vault.secretNames.transferProxyTokenEncryptionAesKey | string | `nil` | encrypt handed out tokens with this symmetric key |
-| vault.secretNames.transferProxyTokenSignerPrivateKey | string | `nil` | sign handed out tokens with this key |
-| vault.secretNames.transferProxyTokenSignerPublicKey | string | `nil` | sign handed out tokens with this certificate |
+| vault | object | `{"azure":{"certificate":null,"client":null,"name":"<AZURE_NAME>","secret":null,"tenant":null}}` | Standard settings for vault |
 | volumeMounts | list | `[]` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container |
 | volumes | list | `[]` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories |
 
diff --git a/charts/agent-plane-azure-vault/ci/integration-values.yaml b/charts/agent-plane-azure-vault/ci/integration-values.yaml
index 1d59406f..f0e2db9e 100644
--- a/charts/agent-plane-azure-vault/ci/integration-values.yaml
+++ b/charts/agent-plane-azure-vault/ci/integration-values.yaml
@@ -29,12 +29,22 @@ participant:
 
 # image:
 #  repository: ghcr.io/catenax-ng/tx-knowledge-agents-edc/agentplane-azure-vault
-#  tag: 1.13.20-SNAPSHOT
+#  tag: 1.13.21-SNAPSHOT
 
 controlplane:
   endpoints:
     management:
       authKey: "bla"
+  ingresses:
+    - enabled: true
+      hostname: 67dd349198194b508a8fd5e2dd24c173.api.mockbin.io
+      tls:
+        enabled: true
+
+livenessProbe:
+  initialDelaySeconds: 60
+readinessProbe:
+  initialDelaySeconds: 60
 
 vault:
   azure:
@@ -69,3 +79,8 @@ iatp:
         secret_alias: "dummy"
     dim:
       url: "http://sts.server"
+
+# debug:
+#  enabled: true
+#  port: 4046
+#  suspendOnStart: true
diff --git a/charts/agent-plane-azure-vault/templates/NOTES.txt b/charts/agent-plane-azure-vault/templates/NOTES.txt
index ddd034b6..451c7144 100644
--- a/charts/agent-plane-azure-vault/templates/NOTES.txt
+++ b/charts/agent-plane-azure-vault/templates/NOTES.txt
@@ -15,7 +15,7 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
-2. Get the data plane URL(s) by running these commands:
+2. Get the data plane URL by running these commands:
 {{- $dataplane_name := .Values.name }}
 {{- $dataplane := .Values }}
 {{ with index $dataplane.ingresses 0}}
diff --git a/charts/agent-plane-azure-vault/templates/_helpers.tpl b/charts/agent-plane-azure-vault/templates/_helpers.tpl
index d809d091..a6df4f64 100644
--- a/charts/agent-plane-azure-vault/templates/_helpers.tpl
+++ b/charts/agent-plane-azure-vault/templates/_helpers.tpl
@@ -117,7 +117,7 @@ Control DSP URL
 {{- .Values.controlplane.url.protocol }}
 {{- else }}{{/* else when dsp api url has not been specified explicitly */}}
 {{- with (index .Values.controlplane.ingresses 0) }}
-{{- if .enabled }}{{/* if ingress enabled */}}
+{{- if or .enabled (not .enabled) }}{{/* if ingress enabled */}}
 {{- if .tls.enabled }}{{/* if TLS enabled */}}
 {{- printf "https://%s" .hostname -}}
 {{- else }}{{/* else when TLS not enabled */}}
@@ -126,16 +126,24 @@ Control DSP URL
 {{- else }}{{/* else when ingress not enabled */}}
 {{- printf "http://%s-controlplane:%v" ( include "txap.connector.fullname" $ ) $.Values.controlplane.endpoints.protocol.port -}}
 {{- end }}{{/* end if ingress */}}
-{{- end }}{{/* end with ingress */}}
-{{- end }}{{/* end if .Values.controlplane.url.protocol */}}
+{{- end }}{{/* end with ingress */}}{{- end }}{{/* end if .Values.controlplane.url.protocol */}}
 {{- end }}
 
 {{/*
-Validation URL
+Control URL
 */}}
 {{- define "txap.controlplane.url.control" -}}
-{{- printf "http://%s-controlplane:%v%s" ( include "txap.connector.fullname" $ ) .Values.controlplane.endpoints.control.port .Values.controlplane.endpoints.control.path -}}
-{{- end }}
+{{- with (index .Values.controlplane.ingresses 0) }}
+{{- if or .enabled (not .enabled) }}{{/* if ingress enabled */}}
+{{- if .tls.enabled }}{{/* if TLS enabled */}}
+{{- printf "https://%s%s" .hostname $.Values.controlplane.endpoints.control.path -}}
+{{- else }}{{/* else when TLS not enabled */}}
+{{- printf "http://%s%s" .hostname $.Values.controlplane.endpoints.control.path -}}
+{{- end }}{{/* end if tls */}}
+{{- else }}{{/* else when ingress not enabled */}}
+{{- printf "http://%s-controlplane:%v%s" ( include "txap.connector.fullname" $ ) $.Values.controlplane.endpoints.control.port .Values.controlplane.endpoints.control.path -}}
+{{- end }}{{/* end if ingress */}}
+{{- end }}{{/* end with ingress */}}{{- end }}{{/* end if .Values.controlplane.url.protocol */}}
 
 {{/*
 Validation URL
@@ -147,8 +155,8 @@ Validation URL
 {{/*
 Data Control URL (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane)
 */}}
-{{- define "txap.dataplane.url.signaling" -}}
-{{- printf "http://%s-%s:%v%s" (include "txap.fullname" . ) .Values.name .Values.endpoints.signaling.port .Values.endpoints.signaling.path -}}
+{{- define "txap.dataplane.url.control" -}}
+{{- printf "http://%s-%s:%v%s" (include "txap.fullname" . ) .Values.name .Values.endpoints.control.port .Values.endpoints.control.path -}}
 {{- end }}
 
 {{/*
diff --git a/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml b/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml
index 0f4d7833..1c51e56b 100644
--- a/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml
+++ b/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml
@@ -1,7 +1,7 @@
 {{ $dataplane_name := .Values.name }}
 {{ $dataplane := .Values }}
 ---
-#
+#################################################################################
 #  Copyright (c) 2023,2024 T-Systems International GmbH
 #  Copyright (c) 2023 ZF Friedrichshafen AG
 #  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
@@ -13,7 +13,7 @@
 #
 #  This program and the accompanying materials are made available under the
 #  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
+#  https://www.apache.org/licenses/LICENSE-2.0.
 #
 #  Unless required by applicable law or agreed to in writing, software
 #  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
@@ -22,7 +22,7 @@
 #  under the License.
 #
 #  SPDX-License-Identifier: Apache-2.0
-#
+#################################################################################
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -55,8 +55,40 @@ spec:
       serviceAccountName: {{ include "txap.serviceAccountName" . }}
       securityContext:
         {{- toYaml $dataplane.podSecurityContext | nindent 8 }}
+      {{- if or $dataplane.initContainers .Values.customCaCerts }}
       initContainers:
+        {{- if $dataplane.initContainers }}
         {{- toYaml $dataplane.initContainers | nindent 8 }}
+        {{- end }}
+        {{- if .Values.customCaCerts }}
+        - name: custom-cacerts
+          # either use the specified image, or use the default one
+          {{- if $dataplane.image.repository }}
+          image: "{{ $dataplane.image.repository }}:{{ $dataplane.image.tag | default .Chart.AppVersion }}"
+          {{- else }}
+          image: "{{ .Values.imageRegistry }}tractusx/agentplane-hashicorp:{{ $dataplane.image.tag | default .Chart.AppVersion }}"
+          {{- end }}
+          imagePullPolicy: {{ $dataplane.image.pullPolicy }}
+          command:
+            - /bin/sh
+            - -c
+            - |
+              cp /opt/java/openjdk/lib/security/cacerts /workdir/
+              find /cacerts -type f \( -iname \*.crt -o -iname \*.pem \) -exec echo "{}" \; | while read PEM_FILE_PATH; do
+                PEM_FILE=${PEM_FILE_PATH##*/}
+                ALIAS=${PEM_FILE%.*}
+                echo "adding ${PEM_FILE} with alias ${ALIAS} to cacerts ..."
+                keytool -import -noprompt -trustcacerts -alias ${ALIAS} -file ${PEM_FILE_PATH} -keystore /workdir/cacerts -storepass changeit
+              done
+          securityContext:
+            {{- toYaml $dataplane.securityContext | nindent 12 }}
+          volumeMounts:
+            - name: custom-cacertificates
+              mountPath: /cacerts
+            - name: custom-cacerts
+              mountPath: /workdir
+        {{- end }}
+      {{- end }}
       containers:
         - name: {{ .Chart.Name }}
           securityContext:
@@ -122,26 +154,45 @@ spec:
             #######
             - name: "EDC_API_AUTH_KEY"
               value: {{ .Values.controlplane.endpoints.management.authKey | required ".Values.controlplane.endpoints.mangement.authKey is required" | quote }}
+            - name: "TX_EDC_DPF_CONSUMER_PROXY_AUTH_APIKEY"
+              value: {{ $dataplane.endpoints.proxy.authKey | required ".Values.dataplane.endpoints.proxy.authKey is required" | quote }}
 
             - name: "WEB_HTTP_DEFAULT_PORT"
               value: {{ $dataplane.endpoints.default.port | quote }}
             - name: "WEB_HTTP_DEFAULT_PATH"
               value: {{ $dataplane.endpoints.default.path | quote }}
+            - name: "WEB_HTTP_CONTROL_PORT"
+              value: {{ $dataplane.endpoints.control.port | quote }}
+            - name: "WEB_HTTP_CONTROL_PATH"
+              value: {{ $dataplane.endpoints.control.path | quote }}
             - name: "WEB_HTTP_PUBLIC_PORT"
               value: {{ $dataplane.endpoints.public.port | quote }}
             - name: "WEB_HTTP_PUBLIC_PATH"
               value: {{ $dataplane.endpoints.public.path | quote }}
-            - name: "WEB_HTTP_SIGNALING_PORT"
-              value: {{ $dataplane.endpoints.signaling.port | quote }}
-            - name: "WEB_HTTP_SIGNALING_PATH"
-              value: {{ $dataplane.endpoints.signaling.path | quote }}
             - name: "WEB_HTTP_CALLBACK_PORT"
               value: {{ $dataplane.endpoints.callback.port | quote }}
             - name: "WEB_HTTP_CALLBACK_PATH"
               value: {{ $dataplane.endpoints.callback.path | quote }}
+            - name: "EDC_CONTROL_ENDPOINT"
+              value: {{ include "txap.dataplane.url.control" . }}
+            - name: "EDC_DPF_SELECTOR_URL"
+              value: {{ include "txap.controlplane.url.control" . }}/v1/dataplanes
 
-            - name: "EDC_DATAPLANE_TOKEN_VALIDATION_ENDPOINT"
-              value: {{ include "txap.controlplane.url.control" .}}/token
+            #######
+            # AWS #
+            #######
+            {{- if $dataplane.aws.endpointOverride }}
+            - name: "EDC_AWS_ENDPOINT_OVERRIDE"
+              value: {{ $dataplane.aws.endpointOverride | quote }}
+            {{- end   }}
+            {{- if $dataplane.aws.secretAccessKey }}
+            - name: "AWS_SECRET_ACCESS_KEY"
+              value: {{ $dataplane.aws.secretAccessKey | quote }}
+            {{- end }}
+            {{- if $dataplane.aws.accessKeyId }}
+            - name: "AWS_ACCESS_KEY_ID"
+              value: {{ $dataplane.aws.accessKeyId | quote }}
+            {{- end }}
 
             ###########
             ## VAULT ##
@@ -168,32 +219,6 @@ spec:
               value: {{ .Values.vault.azure.certificate | quote }}
             {{- end }}
 
-            ##################
-            ## TOKEN REFRESH
-            ##################
-            {{- if $dataplane.token.refresh.expiry_seconds }}
-            - name: "EDC_DATAPLANE_TOKEN_EXPIRY"
-              value: {{ $dataplane.token.refresh.expiry_seconds | quote}}
-            {{- end}}
-
-            {{- if $dataplane.token.refresh.expiry_tolerance_seconds }}
-            - name: "EDC_DATAPLANE_TOKEN_EXPIRY_TOLERANCE"
-              value: {{ $dataplane.token.refresh.expiry_tolerance_seconds | quote }}
-            {{- end}}
-
-            {{- if $dataplane.token.refresh.refresh_endpoint }}
-            - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT"
-              value: {{ $dataplane.token.refresh.refresh_endpoint }}
-            {{- else}}
-            - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT"
-              value: {{ include "txap.dataplane.url.public" . }}/token
-            {{- end}}
-
-            - name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS"
-              value: {{ $dataplane.token.signer.privatekey_alias | required ".Values.token.signer.privatekey_alias is required" | quote}}
-
-            - name: "EDC_TRANSFER_PROXY_TOKEN_VERIFIER_PUBLICKEY_ALIAS"
-              value: {{ $dataplane.token.verifier.publickey_alias | required ".Values.token.verifier.publickey_alias" | quote }}
 
             ###################
             # AUTH (JWT)      #
@@ -240,19 +265,13 @@ spec:
               value: {{ .Values.iatp.sts.oauth.client.id | required ".Values.iatp.sts.oauth.client.id is required" | quote}}
             - name: "EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS"
               value: {{ .Values.iatp.sts.oauth.client.secret_alias | required ".Values.iatp.sts.oauth.client.secret_alias is required" | quote}}
-            - name: "EDC_IAM_STS_DIM_URL"
+            - name: "TX_EDC_IAM_STS_DIM_URL"
               value: {{ .Values.iatp.sts.dim.url | required ".Values.iatp.sts.dim.url is required" | quote}}
             {{- range $index, $issuer := .Values.iatp.trustedIssuers }}
             - name: "EDC_IAM_TRUSTED-ISSUER_{{$index}}-ISSUER_ID"
               value: {{ $issuer | quote }}
             {{- end }}
 
-            #########################
-            ## DATA PLANE PUBLIC API
-            ########################
-            - name: "EDC_DATAPLANE_API_PUBLIC_BASEURL"
-              value: {{ include "txap.dataplane.url.public" . }}
-
             ###################
             # AGENT CALLBACK  #
             ###################
@@ -303,6 +322,16 @@ spec:
               value: {{ $dataplane.agent.services.asset.deny | quote }} 
           {{- end }}
           {{- end }}
+          {{- if $dataplane.agent.services.connector }}
+          {{- if $dataplane.agent.services.connector.allow }}
+            - name: "CX_AGENT_SERVICE_CONNECTOR_ALLOW"
+              value: {{ $dataplane.agent.services.connector.allow | quote }} 
+          {{- end }}
+          {{- if $dataplane.agent.services.connector.deny }}
+            - name: "CX_AGENT_SERVICE_CONNECTOR_DENY"
+              value: {{ $dataplane.agent.services.connector.deny | quote }} 
+          {{- end }}
+          {{- end }}
           {{- end }}
           
             ###################
@@ -315,22 +344,6 @@ spec:
             - name: "CX_AGENT_FEDERATION_BATCH_MAX"
               value: {{ $dataplane.agent.maxbatchsize | quote }} 
 
-            #######
-            # AWS #
-            #######
-            {{- if $dataplane.aws.endpointOverride }}
-            - name: "EDC_AWS_ENDPOINT_OVERRIDE"
-              value: {{ $dataplane.aws.endpointOverride | quote }}
-            {{- end   }}
-            {{- if $dataplane.aws.secretAccessKey }}
-            - name: "AWS_SECRET_ACCESS_KEY"
-              value: {{ $dataplane.aws.secretAccessKey | quote }}
-            {{- end }}
-            {{- if $dataplane.aws.accessKeyId }}
-            - name: "AWS_ACCESS_KEY_ID"
-              value: {{ $dataplane.aws.accessKeyId | quote }}
-            {{- end }}
-
             ################
             ## POSTGRESQL ##
             ################
@@ -365,10 +378,44 @@ spec:
             - name: "EDC_DATASOURCE_ACCESSTOKENDATA_URL"
               value: {{ tpl .Values.postgresql.jdbcUrl . | quote }}
 
+            #########################
+            ## DATA PLANE PUBLIC API
+            ########################
+            - name: "EDC_DATAPLANE_API_PUBLIC_BASEURL"
+              value: {{ include "txap.dataplane.url.public" . }}
+
+
+            ##################
+            ## TOKEN REFRESH
+            ##################
+            {{- if $dataplane.token.refresh.expiry_seconds }}
+            - name: "EDC_DATAPLANE_TOKEN_EXPIRY"
+              value: {{ $dataplane.token.refresh.expiry_seconds | quote}}
+            {{- end}}
+
+            {{- if $dataplane.token.refresh.expiry_tolerance_seconds }}
+            - name: "EDC_DATAPLANE_TOKEN_EXPIRY_TOLERANCE"
+              value: {{ $dataplane.token.refresh.expiry_tolerance_seconds | quote }}
+            {{- end}}
+
+            {{- if $dataplane.token.refresh.refresh_endpoint }}
+            - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT"
+              value: {{ $dataplane.token.refresh.refresh_endpoint }}
+            {{- else}}
+            - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT"
+              value: {{ include "txap.dataplane.url.public" . }}/token
+            {{- end}}
+
+            - name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS"
+              value: {{ $dataplane.token.signer.privatekey_alias | required ".Values.token.signer.privatekey_alias is required" | quote}}
+
+            - name: "EDC_TRANSFER_PROXY_TOKEN_VERIFIER_PUBLICKEY_ALIAS"
+              value: {{ $dataplane.token.verifier.publickey_alias | required ".Values.token.verifier.publickey_alias" | quote }}
+
             ######################################
             ## Additional environment variables ##
             ######################################
-            - name: "EDC_CONNECTOR_NAME"
+            - name: "EDC_RUNTIME_ID"
               value: {{ include "txap.fullname" .}}-{{ $dataplane.name }}
           {{- range $key, $value := $dataplane.envValueFrom }}
             - name: {{ $key | quote }}
@@ -391,21 +438,31 @@ spec:
           {{- end }}
           {{- end }}
           volumeMounts:
+           {{- if $dataplane.volumeMounts }}
+           {{- toYaml $dataplane.volumeMounts | nindent 12 }}
+           {{- end}}
             - name: "configuration"
               mountPath: "/app/opentelemetry.properties"
               subPath: "opentelemetry.properties"
             - name: "configuration"
               mountPath: "/app/logging.properties"
               subPath: "logging.properties"
+            {{- if .Values.customCaCerts }}
+            - name: custom-cacerts
+              mountPath: /opt/java/openjdk/lib/security/cacerts
+              subPath: cacerts
+            {{- end }}
             - name: "tmp"
               mountPath: "/tmp"
-
             {{- range $config_name, $config_value := $dataplane.configs }}
             - name: "configuration"
               mountPath: {{ printf "/app/%s" $config_name | quote }}
               subPath: {{ printf "%s" $config_name | quote }}
             {{- end }}
       volumes:
+       {{- if $dataplane.volumeMounts }}
+       {{- toYaml $dataplane.volumes | nindent 8 }}
+       {{- end}}
         - name: "configuration"
           configMap:
             name: {{ include "txap.fullname" . }}-{{ $dataplane_name }}
@@ -418,6 +475,15 @@ spec:
               - key: {{ printf "%s" $config_name | quote }}
                 path: {{ printf "%s" $config_name | quote }}
             {{- end }}
+        {{- if .Values.customCaCerts }}
+        - name: custom-cacertificates
+          configMap:
+            name: {{ include "txdc.fullname" . }}-custom-cacerts
+            defaultMode: 0400
+        - name: custom-cacerts
+          emptyDir:
+            sizeLimit: 1Mi
+        {{- end }}        
         - name: "tmp"
           emptyDir: { }
       {{- with $dataplane.nodeSelector }}
diff --git a/charts/agent-plane-azure-vault/templates/networkpolicy.yaml b/charts/agent-plane-azure-vault/templates/networkpolicy.yaml
new file mode 100644
index 00000000..4c72a93d
--- /dev/null
+++ b/charts/agent-plane-azure-vault/templates/networkpolicy.yaml
@@ -0,0 +1,42 @@
+#################################################################################
+#  Copyright (c) 2023 Contributors to the Eclipse Foundation
+#
+#  See the NOTICE file(s) distributed with this work for additional
+#  information regarding copyright ownership.
+#
+#  This program and the accompanying materials are made available under the
+#  terms of the Apache License, Version 2.0 which is available at
+#  https://www.apache.org/licenses/LICENSE-2.0.
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations
+#  under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#################################################################################
+
+{{- if eq (.Values.networkPolicy.enabled | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ include "txap.fullname" $ }}-{{ .Values.name }}
+  labels:
+    {{- include "txap.dataplane.labels" $ | nindent 4 }}
+spec:
+  podSelector:
+    matchLabels:
+      {{- include "txap.dataplane.selectorLabels" $ | nindent 6 }}
+  ingress:
+    - from:
+      {{- toYaml .Values.networkPolicy.from | nindent 6 }}
+      ports:
+      {{- range $key,$value := .Values.endpoints }}
+        - port: {{ $value.port }}
+          protocol: TCP
+      {{- end }}
+  policyTypes:
+    - Ingress
+---
+{{- end }}
diff --git a/charts/agent-plane-azure-vault/templates/service-dataplane.yaml b/charts/agent-plane-azure-vault/templates/service-dataplane.yaml
index 34f5b3ec..cd3bcd5e 100644
--- a/charts/agent-plane-azure-vault/templates/service-dataplane.yaml
+++ b/charts/agent-plane-azure-vault/templates/service-dataplane.yaml
@@ -1,5 +1,5 @@
 ---
-#
+#################################################################################
 #  Copyright (c) 2024 T-Systems International GmbH
 #  Copyright (c) 2024 Contributors to the Eclipse Foundation
 #
@@ -8,7 +8,7 @@
 #
 #  This program and the accompanying materials are made available under the
 #  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
+#  https://www.apache.org/licenses/LICENSE-2.0.
 #
 #  Unless required by applicable law or agreed to in writing, software
 #  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
@@ -17,14 +17,21 @@
 #  under the License.
 #
 #  SPDX-License-Identifier: Apache-2.0
-#
+#################################################################################
 apiVersion: v1
 kind: Service
 metadata:
   name: {{ include "txap.fullname" . }}-{{ .Values.name }}
   namespace: {{.Release.Namespace | default "default" | quote }}
+  {{- with .Values.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
   labels:
     {{- include "txap.dataplane.labels" . | nindent 4 }}
+    {{- with .Values.service.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
 spec:
   type: {{ .Values.service.type }}
   ports:
@@ -32,14 +39,22 @@ spec:
       targetPort: default
       protocol: TCP
       name: default
-    - port: {{ .Values.endpoints.signaling.port }}
-      targetPort: signaling
+    - port: {{ .Values.endpoints.control.port }}
+      targetPort: control
       protocol: TCP
-      name: signaling
+      name: control
     - port: {{ .Values.endpoints.public.port }}
       targetPort: public
       protocol: TCP
       name: public
+    - port: {{ .Values.endpoints.metrics.port }}
+      targetPort: metrics
+      protocol: TCP
+      name: metrics
+    - port: {{ .Values.endpoints.proxy.port }}
+      targetPort: proxy
+      protocol: TCP
+      name: proxy
     - port: {{ .Values.endpoints.callback.port }}
       targetPort: callback
       protocol: TCP
diff --git a/charts/agent-plane-azure-vault/values.yaml b/charts/agent-plane-azure-vault/values.yaml
index 40d297e1..99e178d9 100644
--- a/charts/agent-plane-azure-vault/values.yaml
+++ b/charts/agent-plane-azure-vault/values.yaml
@@ -1,4 +1,4 @@
-#
+#################################################################################
 #  Copyright (c) 2024 T-Systems International GmbH
 #  Copyright (c) 2024 Contributors to the Eclipse Foundation
 #
@@ -7,7 +7,7 @@
 #
 #  This program and the accompanying materials are made available under the
 #  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
+#  https://www.apache.org/licenses/LICENSE-2.0.
 #
 #  Unless required by applicable law or agreed to in writing, software
 #  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
@@ -16,7 +16,7 @@
 #  under the License.
 #
 #  SPDX-License-Identifier: Apache-2.0
-#
+#################################################################################
 
 ---
 # Default values for agent-plane.
@@ -24,8 +24,8 @@
 # Declare variables to be passed into your templates.
 
 install:
+  # -- Deploying a PostgreSQL instance
   postgresql: false
-  vault: false
 
 fullnameOverride: ""
 nameOverride: ""
@@ -33,40 +33,34 @@ nameOverride: ""
 imageRegistry: docker.io/
 # -- Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry)
 imagePullSecrets: []
-# -- To add some custom labels
+# -- Add some custom labels
 customLabels: {}
 
-postgresql:
-  jdbcUrl: "jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc"
-  primary:
-    persistence:
-      enabled: false
-  readReplicas:
-    persistence:
-      enabled: false
-  auth:
-    database: "edc"
-    username: "user"
-    password: "password"
-
 participant:
   # -- BPN Number
   id: ""
 
 iatp:
-  # Decentralized IDentifier
+  # -- Decentralized IDentifier (DID) of the connector
   id: "did:web:changeme"
   # -- Configures the trusted issuers for this runtime
   trustedIssuers: []
   sts:
     dim:
+      # -- URL where connectors can request SI tokens
       url:
     oauth:
+      # -- URL where connectors can request OAuth2 access tokens for DIM access
       token_url:
       client:
+        # -- Client ID for requesting OAuth2 access token for DIM access
         id:
+        # -- Alias under which the client secret is stored in the vault for requesting OAuth2 access token for DIM access
         secret_alias:
 
+# -- Add custom ca certificates to the truststore
+customCaCerts: {}
+
 # -- Name of the connector deployment
 connector: ""
 
@@ -79,8 +73,8 @@ controlplane:
       port: 8081
       # -- path for incoming api calls
       path: /management
-      # -- authentication key, must be attached to each 'X-Api-Key' request header
-      authKey: ""
+      # -- authentication key, must be attached to each request as `X-Api-Key` header
+      authKey: "password"
     # -- control api, used for internal control calls. can be added to the internal ingress, but should probably not
     control:
       # -- port for incoming api calls
@@ -111,8 +105,11 @@ image:
   tag: ""
 initContainers: []
 debug:
+  # -- Enables java debugging mode.
   enabled: false
+  # -- Port where the debuggee can connect to.
   port: 1044
+  # -- Defines if the JVM should wait with starting the application until someone connected to the debugging port.
   suspendOnStart: false
 livenessProbe:
   # -- Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
@@ -140,35 +137,69 @@ readinessProbe:
   failureThreshold: 6
   # -- number of consecutive successes for the probe to be considered successful after having failed
   successThreshold: 1
+
 service:
   # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service.
   type: ClusterIP
   port: 80
+  # -- additional labels for the service
+  labels: {}
+  # -- additional annotations for the service
+  annotations: {}
+
+# -- endpoints of the dataplane
 endpoints:
+  # -- default api for health checks, should not be added to any ingress
   default:
+    # -- port for incoming api calls
     port: 8080
+    # -- path for incoming api calls
     path: /api
+  # -- public endpoint where the data can be fetched from if HttpPull was used. Must be internet facing.
   public:
+    # -- port for incoming api calls
     port: 8081
+    # -- path for incoming api calls
     path: /api/public
-  signaling:
-    port: 8083
-    path: /api/signaling
+  # -- control api, used for internal control calls. can be added to the internal ingress, but should probably not
+  control:
+    # -- port for incoming api calls
+    port: 8084
+    # -- path for incoming api calls
+    path: /api/control
+  proxy:
+    # -- port for incoming api calls
+    port: 8186
+    # -- path for incoming api calls
+    path: /proxy
+    # -- authentication key, must be attached to each request as `X-Api-Key` header
+    authKey: "password"
+  # -- metrics api, used for application metrics, must not be internet facing
+  metrics:
+    # -- port for incoming api calls
+    port: 9090
+    # -- path for incoming api calls
+    path: /metrics
+  # -- callback api, used for listening on control plane callbacks, must not be internet facing
   callback:
+    # -- port for incoming api calls
     port: 8087
+    # -- path for incoming api calls
     path: /callback
 
 token:
   refresh:
+    # -- TTL in seconds for access tokens (also known as EDR token)
     expiry_seconds: 300
+    # -- Tolerance for token expiry in seconds
     expiry_tolerance_seconds: 10
-    # optional URL that can be provided where clients go to refresh tokens.
+    # -- Optional endpoint for an OAuth2 token refresh. Default endpoint is `<PUBLIC_API>/token`
     refresh_endpoint:
   signer:
-    # alias under which the private key is stored in the vault (JWK or PEM format)
+    # -- Alias under which the private key (JWK or PEM format) is stored in the vault
     privatekey_alias:
   verifier:
-    # alias under which the public key is stored in the vault, that belongs to the private key ("privatekey_alias", JWK or PEM format)
+    # -- Alias under which the public key (JWK or PEM format) is stored in the vault, that belongs to the private key which was referred to at `dataplane.token.signer.privatekey_alias`
     publickey_alias:
 
 # -- Data Plane Authentication using the KA-EDC-AUTH-JWT extension, any entry has a type (api-key, jwt or composite) and a (set of) path contexts (see endpoints) followed by type-specific entries
@@ -191,6 +222,7 @@ auth:
     publicKey:
     # -- controls whether the expiry date of jwt tokens is checked when type=jwt
     checkExpiry: true
+
 aws:
   endpointOverride: ""
   accessKeyId: ""
@@ -210,7 +242,7 @@ podSecurityContext:
   runAsGroup: 10001
   # -- The owner for volumes and any files created within volumes will belong to this guid
   fsGroup: 10001
-# The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod
+# -- The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod
 securityContext:
   capabilities:
     # -- Specifies which capabilities to drop to reduce syscall attack surface
@@ -226,11 +258,11 @@ securityContext:
   runAsNonRoot: true
   # -- The container's process will run with the specified uid
   runAsUser: 10001
-# Extra environment variables that will be pass onto deployment pods
+# -- Extra environment variables that will be pass onto deployment pods
 env: {}
 #  ENV_NAME: value
 
-# "valueFrom" environment variable references that will be added to deployment pods. Name is templated.
+# -- "valueFrom" environment variable references that will be added to deployment pods. Name is templated.
 # ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core
 envValueFrom: {}
 #  ENV_NAME:
@@ -241,12 +273,12 @@ envValueFrom: {}
 #      name: secret-name
 #      key: value_key
 
-# [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from
+# -- [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from
 envSecretNames: []
 #  - first-secret
 #  - second-secret
 
-# [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from
+# -- [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from
 envConfigMapNames: []
 #  - first-config-map
 #  - second-config-map
@@ -280,10 +312,12 @@ ingresses:
       issuer: ""
       # -- If preset enables certificate generation via cert-manager cluster-wide issuer
       clusterIssuer: ""
+
 # -- declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container
 volumeMounts: []
 # -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories
 volumes: []
+
 # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container
 resources: {}
 # We usually recommend not to specify default resources and to leave this as a conscious
@@ -291,12 +325,18 @@ resources: {}
 # resources, such as Minikube. If you do want to specify resources, uncomment the following
 # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
 limits:
+  # -- Maximum CPU limit
   cpu: 1.5
+  # -- Maximum memory limit
   memory: 1024Mi
 requests:
+  # -- Initial CPU request
   cpu: 500m
+  # -- Initial memory request
   memory: 128Mi
+
 replicaCount: 1
+
 autoscaling:
   # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)
   enabled: false
@@ -308,6 +348,7 @@ autoscaling:
   targetCPUUtilizationPercentage: 80
   # -- targetAverageUtilization of memory provided to a pod
   targetMemoryUtilizationPercentage: 80
+
 # -- configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics
 opentelemetry: |-
   otel.javaagent.enabled=false
@@ -320,15 +361,17 @@ logging: |-
   java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter
   java.util.logging.ConsoleHandler.level=ALL
   java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n
-# [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes
+
+# -- [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes
 nodeSelector: {}
-# [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes
+# -- [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes
 tolerations: []
-# [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on
+# -- [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on
 affinity: {}
 url:
   # -- Explicitly declared url for reaching the public api (e.g. if ingresses not used)
   public: ""
+
 # -- A set of additional configuration files
 configs:
   # -- An example of an empty graph in ttl syntax
@@ -338,6 +381,7 @@ configs:
     #################################################################
     @prefix : <GraphAsset?local=Dataspace> .
     @base <GraphAsset?local=Dataspace> .
+
 # -- Agent-Specific Settings
 agent:
   # -- A list of local or remote graph descriptions to build the default meta-graph/federated data catalogue
@@ -365,7 +409,21 @@ agent:
       # -- A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property)
       deny: 'https?://.*'
 
-# -- Standard settings for vault, "client", "tenant", "secret" or "certificate", "transferProxyTokenSignerPrivateKey" and "transferProxyTokenSignerPublicKey" need to be overridden
+# -- Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden
+postgresql:
+  jdbcUrl: "jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc"
+  primary:
+    persistence:
+      enabled: false
+  readReplicas:
+    persistence:
+      enabled: false
+  auth:
+    database: "edc"
+    username: "user"
+    password: "password"
+
+# -- Standard settings for vault
 vault:
   azure:
     name: "<AZURE_NAME>"
@@ -374,20 +432,19 @@ vault:
     secret:
     certificate:
 
-  secretNames:
-    # -- sign handed out tokens with this key
-    transferProxyTokenSignerPrivateKey:
-    # -- sign handed out tokens with this certificate
-    transferProxyTokenSignerPublicKey:
-    # -- encrypt handed out tokens with this symmetric key
-    transferProxyTokenEncryptionAesKey:
+networkPolicy:
+  # -- If `true` network policy will be created to restrict access to control- and dataplane
+  enabled: false
+  # -- Specify from rule network policy for dp (defaults to all namespaces)
+  from:
+    - namespaceSelector: {}
 
 serviceAccount:
-  # Specifies whether a service account should be created
+  # -- Specifies whether a service account should be created
   create: true
-  # Annotations to add to the service account
+  # -- Annotations to add to the service account
   annotations: {}
-  # The name of the service account to use.
+  # -- The name of the service account to use.
   # If not set and create is true, a name is generated using the fullname template
   name: ""
   # -- Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry)
diff --git a/charts/agent-plane/Chart.yaml b/charts/agent-plane/Chart.yaml
index d5548a13..c0db787e 100644
--- a/charts/agent-plane/Chart.yaml
+++ b/charts/agent-plane/Chart.yaml
@@ -3,7 +3,7 @@
 #  Copyright (c) 2023 ZF Friedrichshafen AG
 #  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
 #  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
+#  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
 #
 #  See the NOTICE file(s) distributed with this work for additional
 #  information regarding copyright ownership.
@@ -41,12 +41,12 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.13.20-SNAPSHOT
+version: 1.13.21-SNAPSHOT
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.13.20-SNAPSHOT"
+appVersion: "1.13.21-SNAPSHOT"
 home: https://github.com/eclipse-tractusx/knowledge-agents-edc/
 sources:
   - https://github.com/eclipse-tractusx/knowledge-agents-edc/tree/main/charts/agent-connector
@@ -65,3 +65,4 @@ dependencies:
     condition: install.postgresql
 maintainers:
   - name: 'Tractus-X Knowledge Agents Team'
+    url: https://github.com/eclipse-tractusx
diff --git a/charts/agent-plane/README.md b/charts/agent-plane/README.md
index c71917d4..0a0cac59 100644
--- a/charts/agent-plane/README.md
+++ b/charts/agent-plane/README.md
@@ -21,7 +21,7 @@
 
 # agent-plane
 
-![Version: 1.13.20-SNAPSHOT](https://img.shields.io/badge/Version-1.12.19--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.13.20-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.12.19--SNAPSHOT-informational?style=flat-square)
+![Version: 1.13.21-SNAPSHOT](https://img.shields.io/badge/Version-1.13.21--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.13.21-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.13.21--SNAPSHOT-informational?style=flat-square)
 
 A Helm chart for an Agent-Enabled Tractus-X Data Plane which registers at a running
 Control Plane.
@@ -59,14 +59,14 @@ Combined, run this shell command to start the in-memory Tractus-X EDC runtime:
 
 ```shell
 helm repo add eclipse-tractusx https://eclipse-tractusx.github.io/charts/dev
-helm install my-release eclipse-tractusx/agent-plane --version 1.13.20-SNAPSHOT
+helm install my-release eclipse-tractusx/agent-plane --version 1.13.21-SNAPSHOT
 ```
 
 ## Maintainers
 
 | Name | Email | Url |
 | ---- | ------ | --- |
-| Tractus-X Knowledge Agents Team |  |  |
+| Tractus-X Knowledge Agents Team |  | <https://github.com/eclipse-tractusx> |
 
 ## Source Code
 
@@ -83,7 +83,7 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.13.20-SNAPSHOT
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| affinity | object | `{}` |  |
+| affinity | object | `{}` | [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on |
 | agent | object | `{"connectors":{},"default":["dataspace.ttl","https://w3id.org/catenax/ontology.ttl"],"maxbatchsize":"9223372036854775807","services":{"allow":"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)","asset":{"allow":"(edcs?://.*)","deny":"https?://.*"},"deny":"http://.*"},"skillcontract":"Contract?partner=Skill","synchronization":-1}` | Agent-Specific Settings |
 | agent.connectors | object | `{}` | A map of partner ids to remote connector IDS URLs to synchronize with |
 | agent.default | list | `["dataspace.ttl","https://w3id.org/catenax/ontology.ttl"]` | A list of local or remote graph descriptions to build the default meta-graph/federated data catalogue |
@@ -117,40 +117,52 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.13.20-SNAPSHOT
 | configs | object | `{"dataspace.ttl":"#################################################################\n# Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT\n#################################################################\n@prefix : <GraphAsset?local=Dataspace> .\n@base <GraphAsset?local=Dataspace> .\n"}` | A set of additional configuration files |
 | configs."dataspace.ttl" | string | `"#################################################################\n# Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT\n#################################################################\n@prefix : <GraphAsset?local=Dataspace> .\n@base <GraphAsset?local=Dataspace> .\n"` | An example of an empty graph in ttl syntax |
 | connector | string | `""` | Name of the connector deployment |
-| controlplane | object | `{"endpoints":{"control":{"path":"/control","port":8083},"management":{"authKey":"","path":"/management","port":8081},"protocol":{"path":"/api/v1/dsp","port":8084}},"ingresses":[{"enabled":false}]}` | References to the control plane deployment |
+| controlplane | object | `{"endpoints":{"control":{"path":"/control","port":8083},"management":{"authKey":"password","path":"/management","port":8081},"protocol":{"path":"/api/v1/dsp","port":8084}},"ingresses":[{"enabled":true,"hostname":"67dd349198194b508a8fd5e2dd24c173.api.mockbin.io","tls":{"enabled":true}}]}` | References to the control plane deployment |
 | controlplane.endpoints.control | object | `{"path":"/control","port":8083}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not |
 | controlplane.endpoints.control.path | string | `"/control"` | path for incoming api calls |
 | controlplane.endpoints.control.port | int | `8083` | port for incoming api calls |
-| controlplane.endpoints.management | object | `{"authKey":"","path":"/management","port":8081}` | data management api, used by internal users, can be added to an ingress and must not be internet facing |
-| controlplane.endpoints.management.authKey | string | `""` | authentication key, must be attached to each 'X-Api-Key' request header |
+| controlplane.endpoints.management | object | `{"authKey":"password","path":"/management","port":8081}` | data management api, used by internal users, can be added to an ingress and must not be internet facing |
+| controlplane.endpoints.management.authKey | string | `"password"` | authentication key, must be attached to each request as `X-Api-Key` header |
 | controlplane.endpoints.management.path | string | `"/management"` | path for incoming api calls |
 | controlplane.endpoints.management.port | int | `8081` | port for incoming api calls |
 | controlplane.endpoints.protocol | object | `{"path":"/api/v1/dsp","port":8084}` | dsp api, used for inter connector communication and must be internet facing |
 | controlplane.endpoints.protocol.path | string | `"/api/v1/dsp"` | path for incoming api calls |
 | controlplane.endpoints.protocol.port | int | `8084` | port for incoming api calls |
-| customLabels | object | `{}` | To add some custom labels |
-| debug.enabled | bool | `false` |  |
-| debug.port | int | `1044` |  |
-| debug.suspendOnStart | bool | `false` |  |
+| customCaCerts | object | `{}` | Add custom ca certificates to the truststore |
+| customLabels | object | `{}` | Add some custom labels |
+| debug.enabled | bool | `false` | Enables java debugging mode. |
+| debug.port | int | `1044` | Port where the debuggee can connect to. |
+| debug.suspendOnStart | bool | `false` | Defines if the JVM should wait with starting the application until someone connected to the debugging port. |
 | destinationTypes | string | `"HttpProxy,AmazonS3"` | a comma-separated list of supported transfer types |
-| endpoints.callback.path | string | `"/callback"` |  |
-| endpoints.callback.port | int | `8087` |  |
-| endpoints.default.path | string | `"/api"` |  |
-| endpoints.default.port | int | `8080` |  |
-| endpoints.public.path | string | `"/api/public"` |  |
-| endpoints.public.port | int | `8081` |  |
-| endpoints.signaling.path | string | `"/api/signaling"` |  |
-| endpoints.signaling.port | int | `8083` |  |
-| env | object | `{}` |  |
-| envConfigMapNames | list | `[]` |  |
-| envSecretNames | list | `[]` |  |
-| envValueFrom | object | `{}` |  |
+| endpoints | object | `{"callback":{"path":"/callback","port":8087},"control":{"path":"/api/control","port":8084},"default":{"path":"/api","port":8080},"metrics":{"path":"/metrics","port":9090},"proxy":{"authKey":"password","path":"/proxy","port":8186},"public":{"path":"/api/public","port":8081}}` | endpoints of the dataplane |
+| endpoints.callback | object | `{"path":"/callback","port":8087}` | callback api, used for listening on control plane callbacks, must not be internet facing |
+| endpoints.callback.path | string | `"/callback"` | path for incoming api calls |
+| endpoints.callback.port | int | `8087` | port for incoming api calls |
+| endpoints.control | object | `{"path":"/api/control","port":8084}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not |
+| endpoints.control.path | string | `"/api/control"` | path for incoming api calls |
+| endpoints.control.port | int | `8084` | port for incoming api calls |
+| endpoints.default | object | `{"path":"/api","port":8080}` | default api for health checks, should not be added to any ingress |
+| endpoints.default.path | string | `"/api"` | path for incoming api calls |
+| endpoints.default.port | int | `8080` | port for incoming api calls |
+| endpoints.metrics | object | `{"path":"/metrics","port":9090}` | metrics api, used for application metrics, must not be internet facing |
+| endpoints.metrics.path | string | `"/metrics"` | path for incoming api calls |
+| endpoints.metrics.port | int | `9090` | port for incoming api calls |
+| endpoints.proxy.authKey | string | `"password"` | authentication key, must be attached to each request as `X-Api-Key` header |
+| endpoints.proxy.path | string | `"/proxy"` | path for incoming api calls |
+| endpoints.proxy.port | int | `8186` | port for incoming api calls |
+| endpoints.public | object | `{"path":"/api/public","port":8081}` | public endpoint where the data can be fetched from if HttpPull was used. Must be internet facing. |
+| endpoints.public.path | string | `"/api/public"` | path for incoming api calls |
+| endpoints.public.port | int | `8081` | port for incoming api calls |
+| env | object | `{}` | Extra environment variables that will be pass onto deployment pods |
+| envConfigMapNames | list | `[]` | [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from |
+| envSecretNames | list | `[]` | [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from |
+| envValueFrom | object | `{}` | "valueFrom" environment variable references that will be added to deployment pods. Name is templated. ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core |
 | fullnameOverride | string | `""` |  |
-| iatp.id | string | `"did:web:changeme"` |  |
-| iatp.sts.dim.url | string | `nil` |  |
-| iatp.sts.oauth.client.id | string | `nil` |  |
-| iatp.sts.oauth.client.secret_alias | string | `nil` |  |
-| iatp.sts.oauth.token_url | string | `nil` |  |
+| iatp.id | string | `"did:web:changeme"` | Decentralized IDentifier (DID) of the connector |
+| iatp.sts.dim.url | string | `nil` | URL where connectors can request SI tokens |
+| iatp.sts.oauth.client.id | string | `nil` | Client ID for requesting OAuth2 access token for DIM access |
+| iatp.sts.oauth.client.secret_alias | string | `nil` | Alias under which the client secret is stored in the vault for requesting OAuth2 access token for DIM access |
+| iatp.sts.oauth.token_url | string | `nil` | URL where connectors can request OAuth2 access tokens for DIM access |
 | iatp.trustedIssuers | list | `[]` | Configures the trusted issuers for this runtime |
 | image.pullPolicy | string | `"IfNotPresent"` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use |
 | image.repository | string | `""` | Which derivate of the data plane to use. when left empty the deployment will select the correct image automatically |
@@ -168,10 +180,10 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.13.20-SNAPSHOT
 | ingresses[0].tls.enabled | bool | `false` | Enables TLS on the ingress resource |
 | ingresses[0].tls.secretName | string | `""` | If present overwrites the default secret name |
 | initContainers | list | `[]` |  |
-| install.postgresql | bool | `false` |  |
-| install.vault | bool | `false` |  |
-| limits.cpu | float | `1.5` |  |
-| limits.memory | string | `"1024Mi"` |  |
+| install.postgresql | bool | `false` | Deploying a PostgreSQL instance |
+| install.vault | bool | `false` | Deploying a HashiCorp Vault instance |
+| limits.cpu | float | `1.5` | Maximum CPU limit |
+| limits.memory | string | `"1024Mi"` | Maximum memory limit |
 | livenessProbe.enabled | bool | `true` | Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) |
 | livenessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up |
 | livenessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first liveness check |
@@ -181,7 +193,9 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.13.20-SNAPSHOT
 | logging | string | `".level=INFO\norg.eclipse.edc.level=ALL\nhandlers=java.util.logging.ConsoleHandler\njava.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter\njava.util.logging.ConsoleHandler.level=ALL\njava.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n"` | configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) |
 | name | string | `"agentplane"` | the name of the dataplane |
 | nameOverride | string | `""` |  |
-| nodeSelector | object | `{}` |  |
+| networkPolicy.enabled | bool | `false` | If `true` network policy will be created to restrict access to control- and dataplane |
+| networkPolicy.from | list | `[{"namespaceSelector":{}}]` | Specify from rule network policy for dp (defaults to all namespaces) |
+| nodeSelector | object | `{}` | [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes |
 | opentelemetry | string | `"otel.javaagent.enabled=false\notel.javaagent.debug=false"` | configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics |
 | participant.id | string | `""` | BPN Number |
 | podAnnotations | object | `{}` | additional annotations for the pod |
@@ -191,12 +205,7 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.13.20-SNAPSHOT
 | podSecurityContext.runAsGroup | int | `10001` | Processes within a pod will belong to this guid |
 | podSecurityContext.runAsUser | int | `10001` | Runs all processes within a pod with a special uid |
 | podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | Restrict a Container's Syscalls with seccomp |
-| postgresql.auth.database | string | `"edc"` |  |
-| postgresql.auth.password | string | `"password"` |  |
-| postgresql.auth.username | string | `"user"` |  |
-| postgresql.jdbcUrl | string | `"jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc"` |  |
-| postgresql.primary.persistence.enabled | bool | `false` |  |
-| postgresql.readReplicas.persistence.enabled | bool | `false` |  |
+| postgresql | object | `{"auth":{"database":"edc","password":"password","username":"user"},"jdbcUrl":"jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc","primary":{"persistence":{"enabled":false}},"readReplicas":{"persistence":{"enabled":false}}}` | Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden |
 | readinessProbe.enabled | bool | `true` | Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) |
 | readinessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up |
 | readinessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first readiness check |
@@ -204,39 +213,39 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.13.20-SNAPSHOT
 | readinessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed |
 | readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out |
 | replicaCount | int | `1` |  |
-| requests.cpu | string | `"500m"` |  |
-| requests.memory | string | `"128Mi"` |  |
+| requests.cpu | string | `"500m"` | Initial CPU request |
+| requests.memory | string | `"128Mi"` | Initial memory request |
 | resources | object | `{}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container |
+| securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"add":[],"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":10001}` | The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod |
 | securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID |
 | securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls |
 | securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface |
 | securityContext.readOnlyRootFilesystem | bool | `true` | Whether the root filesystem is mounted in read-only mode |
 | securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges |
 | securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid |
+| service.annotations | object | `{}` | additional annotations for the service |
+| service.labels | object | `{}` | additional labels for the service |
 | service.port | int | `80` |  |
 | service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. |
-| serviceAccount.annotations | object | `{}` |  |
-| serviceAccount.create | bool | `true` |  |
+| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
+| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
 | serviceAccount.imagePullSecrets | list | `[]` | Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) |
-| serviceAccount.name | string | `""` |  |
+| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
 | sourceTypes | string | `"cx-common:Protocol?w3c:http:SPARQL,cx-common:Protocol?w3c:http:SKILL,HttpData,AmazonS3"` | a comma-separated list of supported asset types |
 | tests | object | `{"hookDeletePolicy":"before-hook-creation,hook-succeeded"}` | Configurations for Helm tests |
 | tests.hookDeletePolicy | string | `"before-hook-creation,hook-succeeded"` | Configure the hook-delete-policy for Helm tests |
-| token.refresh.expiry_seconds | int | `300` |  |
-| token.refresh.expiry_tolerance_seconds | int | `10` |  |
-| token.refresh.refresh_endpoint | string | `nil` |  |
-| token.signer.privatekey_alias | string | `nil` |  |
-| token.verifier.publickey_alias | string | `nil` |  |
-| tolerations | list | `[]` |  |
+| token.refresh.expiry_seconds | int | `300` | TTL in seconds for access tokens (also known as EDR token) |
+| token.refresh.expiry_tolerance_seconds | int | `10` | Tolerance for token expiry in seconds |
+| token.refresh.refresh_endpoint | string | `nil` | Optional endpoint for an OAuth2 token refresh. Default endpoint is `<PUBLIC_API>/token` |
+| token.signer.privatekey_alias | string | `nil` | Alias under which the private key (JWK or PEM format) is stored in the vault |
+| token.verifier.publickey_alias | string | `nil` | Alias under which the public key (JWK or PEM format) is stored in the vault, that belongs to the private key which was referred to at `dataplane.token.signer.privatekey_alias` |
+| tolerations | list | `[]` | [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes |
 | url.public | string | `""` | Explicitly declared url for reaching the public api (e.g. if ingresses not used) |
-| vault | object | `{"hashicorp":{"healthCheck":{"enabled":true,"standbyOk":true},"paths":{"health":"/v1/sys/health","secret":"/v1/secret"},"timeout":30,"token":"","url":"http://{{ .Release.Name }}-vault:8200"},"injector":{"enabled":false},"secretNames":{"transferProxyTokenEncryptionAesKey":null,"transferProxyTokenSignerPrivateKey":null,"transferProxyTokenSignerPublicKey":null},"server":{"dev":{"devRootToken":"root","enabled":true},"postStart":null}}` | Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden |
+| vault | object | `{"hashicorp":{"healthCheck":{"enabled":true,"standbyOk":true},"paths":{"health":"/v1/sys/health","secret":"/v1/secret"},"timeout":30,"token":"root","url":"http://{{ .Release.Name }}-vault:8200"},"injector":{"enabled":false},"server":{"dev":{"devRootToken":"root","enabled":true},"postStart":null}}` | Standard settings for vault |
 | vault.hashicorp.paths.health | string | `"/v1/sys/health"` | Default health api |
 | vault.hashicorp.paths.secret | string | `"/v1/secret"` | Path to secrets needs to be changed if install.vault=false |
-| vault.hashicorp.token | string | `""` | Access token to the vault service needs to be changed if install.vault=false |
+| vault.hashicorp.token | string | `"root"` | Access token to the vault service needs to be changed if install.vault=false |
 | vault.hashicorp.url | string | `"http://{{ .Release.Name }}-vault:8200"` | URL to the vault service, needs to be changed if install.vault=false |
-| vault.secretNames.transferProxyTokenEncryptionAesKey | string | `nil` | encrypt handed out tokens with this symmetric key |
-| vault.secretNames.transferProxyTokenSignerPrivateKey | string | `nil` | sign handed out tokens with this key |
-| vault.secretNames.transferProxyTokenSignerPublicKey | string | `nil` | sign handed out tokens with this certificate |
 | volumeMounts | list | `[]` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container |
 | volumes | list | `[]` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories |
 
diff --git a/charts/agent-plane/ci/integration-values.yaml b/charts/agent-plane/ci/integration-values.yaml
index 5533818a..8a2168da 100644
--- a/charts/agent-plane/ci/integration-values.yaml
+++ b/charts/agent-plane/ci/integration-values.yaml
@@ -23,18 +23,29 @@
 
 install:
   postgresql: true
+  vault: true
 
 participant:
   id: "BPNL0000000DUMMY"
 
 # image:
 #  repository: ghcr.io/catenax-ng/tx-knowledge-agents-edc/agentplane-hashicorp
-#  tag: 1.13.20-SNAPSHOT
+#  tag: 1.13.21-SNAPSHOT
 
 controlplane:
   endpoints:
     management:
       authKey: "bla"
+  ingresses:
+    - enabled: true
+      hostname: 67dd349198194b508a8fd5e2dd24c173.api.mockbin.io
+      tls:
+        enabled: true
+
+livenessProbe:
+  initialDelaySeconds: 60
+readinessProbe:
+  initialDelaySeconds: 60
 
 vault:
   azure:
@@ -42,15 +53,6 @@ vault:
     tenant: "AZURE_TENANT"
     client: "AZURE_CLIENT"
     secret: "AZURE_SECRET"
-  hashicorp:
-    url: "https://vault.demo"
-    token: "VAULT_TOKEN"
-    paths:
-      secret: "/v1/secrets"
-  secretNames:
-    transferProxyTokenSignerPrivateKey: "key"
-    transferProxyTokenSignerPublicKey: "cert"
-    transferProxyTokenEncryptionAesKey: "symmetric-key"
 
 token:
   signer:
@@ -69,3 +71,8 @@ iatp:
         secret_alias: "dummy"
     dim:
       url: "http://sts.server"
+
+# debug:
+#  enabled: true
+#  port: 4046
+#  suspendOnStart: true
diff --git a/charts/agent-plane/templates/NOTES.txt b/charts/agent-plane/templates/NOTES.txt
index ddd034b6..451c7144 100644
--- a/charts/agent-plane/templates/NOTES.txt
+++ b/charts/agent-plane/templates/NOTES.txt
@@ -15,7 +15,7 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
-2. Get the data plane URL(s) by running these commands:
+2. Get the data plane URL by running these commands:
 {{- $dataplane_name := .Values.name }}
 {{- $dataplane := .Values }}
 {{ with index $dataplane.ingresses 0}}
diff --git a/charts/agent-plane/templates/_helpers.tpl b/charts/agent-plane/templates/_helpers.tpl
index d809d091..a6df4f64 100644
--- a/charts/agent-plane/templates/_helpers.tpl
+++ b/charts/agent-plane/templates/_helpers.tpl
@@ -117,7 +117,7 @@ Control DSP URL
 {{- .Values.controlplane.url.protocol }}
 {{- else }}{{/* else when dsp api url has not been specified explicitly */}}
 {{- with (index .Values.controlplane.ingresses 0) }}
-{{- if .enabled }}{{/* if ingress enabled */}}
+{{- if or .enabled (not .enabled) }}{{/* if ingress enabled */}}
 {{- if .tls.enabled }}{{/* if TLS enabled */}}
 {{- printf "https://%s" .hostname -}}
 {{- else }}{{/* else when TLS not enabled */}}
@@ -126,16 +126,24 @@ Control DSP URL
 {{- else }}{{/* else when ingress not enabled */}}
 {{- printf "http://%s-controlplane:%v" ( include "txap.connector.fullname" $ ) $.Values.controlplane.endpoints.protocol.port -}}
 {{- end }}{{/* end if ingress */}}
-{{- end }}{{/* end with ingress */}}
-{{- end }}{{/* end if .Values.controlplane.url.protocol */}}
+{{- end }}{{/* end with ingress */}}{{- end }}{{/* end if .Values.controlplane.url.protocol */}}
 {{- end }}
 
 {{/*
-Validation URL
+Control URL
 */}}
 {{- define "txap.controlplane.url.control" -}}
-{{- printf "http://%s-controlplane:%v%s" ( include "txap.connector.fullname" $ ) .Values.controlplane.endpoints.control.port .Values.controlplane.endpoints.control.path -}}
-{{- end }}
+{{- with (index .Values.controlplane.ingresses 0) }}
+{{- if or .enabled (not .enabled) }}{{/* if ingress enabled */}}
+{{- if .tls.enabled }}{{/* if TLS enabled */}}
+{{- printf "https://%s%s" .hostname $.Values.controlplane.endpoints.control.path -}}
+{{- else }}{{/* else when TLS not enabled */}}
+{{- printf "http://%s%s" .hostname $.Values.controlplane.endpoints.control.path -}}
+{{- end }}{{/* end if tls */}}
+{{- else }}{{/* else when ingress not enabled */}}
+{{- printf "http://%s-controlplane:%v%s" ( include "txap.connector.fullname" $ ) $.Values.controlplane.endpoints.control.port .Values.controlplane.endpoints.control.path -}}
+{{- end }}{{/* end if ingress */}}
+{{- end }}{{/* end with ingress */}}{{- end }}{{/* end if .Values.controlplane.url.protocol */}}
 
 {{/*
 Validation URL
@@ -147,8 +155,8 @@ Validation URL
 {{/*
 Data Control URL (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane)
 */}}
-{{- define "txap.dataplane.url.signaling" -}}
-{{- printf "http://%s-%s:%v%s" (include "txap.fullname" . ) .Values.name .Values.endpoints.signaling.port .Values.endpoints.signaling.path -}}
+{{- define "txap.dataplane.url.control" -}}
+{{- printf "http://%s-%s:%v%s" (include "txap.fullname" . ) .Values.name .Values.endpoints.control.port .Values.endpoints.control.path -}}
 {{- end }}
 
 {{/*
diff --git a/charts/agent-plane/templates/deployment-dataplane.yaml b/charts/agent-plane/templates/deployment-dataplane.yaml
index 0d374aff..a1209016 100644
--- a/charts/agent-plane/templates/deployment-dataplane.yaml
+++ b/charts/agent-plane/templates/deployment-dataplane.yaml
@@ -1,7 +1,7 @@
 {{ $dataplane_name := .Values.name }}
 {{ $dataplane := .Values }}
 ---
-#
+#################################################################################
 #  Copyright (c) 2023,2024 T-Systems International GmbH
 #  Copyright (c) 2023 ZF Friedrichshafen AG
 #  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
@@ -13,7 +13,7 @@
 #
 #  This program and the accompanying materials are made available under the
 #  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
+#  https://www.apache.org/licenses/LICENSE-2.0.
 #
 #  Unless required by applicable law or agreed to in writing, software
 #  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
@@ -22,7 +22,7 @@
 #  under the License.
 #
 #  SPDX-License-Identifier: Apache-2.0
-#
+#################################################################################
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -55,8 +55,40 @@ spec:
       serviceAccountName: {{ include "txap.serviceAccountName" . }}
       securityContext:
         {{- toYaml $dataplane.podSecurityContext | nindent 8 }}
+      {{- if or $dataplane.initContainers .Values.customCaCerts }}
       initContainers:
+        {{- if $dataplane.initContainers }}
         {{- toYaml $dataplane.initContainers | nindent 8 }}
+        {{- end }}
+        {{- if .Values.customCaCerts }}
+        - name: custom-cacerts
+          # either use the specified image, or use the default one
+          {{- if $dataplane.image.repository }}
+          image: "{{ $dataplane.image.repository }}:{{ $dataplane.image.tag | default .Chart.AppVersion }}"
+          {{- else }}
+          image: "{{ .Values.imageRegistry }}tractusx/agentplane-hashicorp:{{ $dataplane.image.tag | default .Chart.AppVersion }}"
+          {{- end }}
+          imagePullPolicy: {{ $dataplane.image.pullPolicy }}
+          command:
+            - /bin/sh
+            - -c
+            - |
+              cp /opt/java/openjdk/lib/security/cacerts /workdir/
+              find /cacerts -type f \( -iname \*.crt -o -iname \*.pem \) -exec echo "{}" \; | while read PEM_FILE_PATH; do
+                PEM_FILE=${PEM_FILE_PATH##*/}
+                ALIAS=${PEM_FILE%.*}
+                echo "adding ${PEM_FILE} with alias ${ALIAS} to cacerts ..."
+                keytool -import -noprompt -trustcacerts -alias ${ALIAS} -file ${PEM_FILE_PATH} -keystore /workdir/cacerts -storepass changeit
+              done
+          securityContext:
+            {{- toYaml $dataplane.securityContext | nindent 12 }}
+          volumeMounts:
+            - name: custom-cacertificates
+              mountPath: /cacerts
+            - name: custom-cacerts
+              mountPath: /workdir
+        {{- end }}
+      {{- end }}
       containers:
         - name: {{ .Chart.Name }}
           securityContext:
@@ -122,26 +154,45 @@ spec:
             #######
             - name: "EDC_API_AUTH_KEY"
               value: {{ .Values.controlplane.endpoints.management.authKey | required ".Values.controlplane.endpoints.mangement.authKey is required" | quote }}
+            - name: "TX_EDC_DPF_CONSUMER_PROXY_AUTH_APIKEY"
+              value: {{ $dataplane.endpoints.proxy.authKey | required ".Values.dataplane.endpoints.proxy.authKey is required" | quote }}
 
             - name: "WEB_HTTP_DEFAULT_PORT"
               value: {{ $dataplane.endpoints.default.port | quote }}
             - name: "WEB_HTTP_DEFAULT_PATH"
               value: {{ $dataplane.endpoints.default.path | quote }}
+            - name: "WEB_HTTP_CONTROL_PORT"
+              value: {{ $dataplane.endpoints.control.port | quote }}
+            - name: "WEB_HTTP_CONTROL_PATH"
+              value: {{ $dataplane.endpoints.control.path | quote }}
             - name: "WEB_HTTP_PUBLIC_PORT"
               value: {{ $dataplane.endpoints.public.port | quote }}
             - name: "WEB_HTTP_PUBLIC_PATH"
               value: {{ $dataplane.endpoints.public.path | quote }}
-            - name: "WEB_HTTP_SIGNALING_PORT"
-              value: {{ $dataplane.endpoints.signaling.port | quote }}
-            - name: "WEB_HTTP_SIGNALING_PATH"
-              value: {{ $dataplane.endpoints.signaling.path | quote }}
             - name: "WEB_HTTP_CALLBACK_PORT"
               value: {{ $dataplane.endpoints.callback.port | quote }}
             - name: "WEB_HTTP_CALLBACK_PATH"
               value: {{ $dataplane.endpoints.callback.path | quote }}
+            - name: "EDC_CONTROL_ENDPOINT"
+              value: {{ include "txap.dataplane.url.control" . }}
+            - name: "EDC_DPF_SELECTOR_URL"
+              value: {{ include "txap.controlplane.url.control" . }}/v1/dataplanes
 
-            - name: "EDC_DATAPLANE_TOKEN_VALIDATION_ENDPOINT"
-              value: {{ include "txap.controlplane.url.control" .}}/token
+            #######
+            # AWS #
+            #######
+            {{- if $dataplane.aws.endpointOverride }}
+            - name: "EDC_AWS_ENDPOINT_OVERRIDE"
+              value: {{ $dataplane.aws.endpointOverride | quote }}
+            {{- end   }}
+            {{- if $dataplane.aws.secretAccessKey }}
+            - name: "AWS_SECRET_ACCESS_KEY"
+              value: {{ $dataplane.aws.secretAccessKey | quote }}
+            {{- end }}
+            {{- if $dataplane.aws.accessKeyId }}
+            - name: "AWS_ACCESS_KEY_ID"
+              value: {{ $dataplane.aws.accessKeyId | quote }}
+            {{- end }}
 
             ###########
             ## VAULT ##
@@ -163,33 +214,6 @@ spec:
             - name: "EDC_VAULT_HASHICORP_API_HEALTH_CHECK_PATH"
               value: {{ .Values.vault.hashicorp.paths.health | quote }}
 
-            ##################
-            ## TOKEN REFRESH
-            ##################
-            {{- if $dataplane.token.refresh.expiry_seconds }}
-            - name: "EDC_DATAPLANE_TOKEN_EXPIRY"
-              value: {{ $dataplane.token.refresh.expiry_seconds | quote}}
-            {{- end}}
-
-            {{- if $dataplane.token.refresh.expiry_tolerance_seconds }}
-            - name: "EDC_DATAPLANE_TOKEN_EXPIRY_TOLERANCE"
-              value: {{ $dataplane.token.refresh.expiry_tolerance_seconds | quote }}
-            {{- end}}
-
-            {{- if $dataplane.token.refresh.refresh_endpoint }}
-            - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT"
-              value: {{ $dataplane.token.refresh.refresh_endpoint }}
-            {{- else}}
-            - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT"
-              value: {{ include "txap.dataplane.url.public" . }}/token
-            {{- end}}
-
-            - name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS"
-              value: {{ $dataplane.token.signer.privatekey_alias | required ".Values.token.signer.privatekey_alias is required" | quote}}
-
-            - name: "EDC_TRANSFER_PROXY_TOKEN_VERIFIER_PUBLICKEY_ALIAS"
-              value: {{ $dataplane.token.verifier.publickey_alias | required ".Values.token.verifier.publickey_alias" | quote }}
-
             ###################
             # AUTH (JWT)      #
             ###################
@@ -235,19 +259,13 @@ spec:
               value: {{ .Values.iatp.sts.oauth.client.id | required ".Values.iatp.sts.oauth.client.id is required" | quote}}
             - name: "EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS"
               value: {{ .Values.iatp.sts.oauth.client.secret_alias | required ".Values.iatp.sts.oauth.client.secret_alias is required" | quote}}
-            - name: "EDC_IAM_STS_DIM_URL"
+            - name: "TX_EDC_IAM_STS_DIM_URL"
               value: {{ .Values.iatp.sts.dim.url | required ".Values.iatp.sts.dim.url is required" | quote}}
             {{- range $index, $issuer := .Values.iatp.trustedIssuers }}
             - name: "EDC_IAM_TRUSTED-ISSUER_{{$index}}-ISSUER_ID"
               value: {{ $issuer | quote }}
             {{- end }}
 
-            #########################
-            ## DATA PLANE PUBLIC API
-            ########################
-            - name: "EDC_DATAPLANE_API_PUBLIC_BASEURL"
-              value: {{ include "txap.dataplane.url.public" . }}
-
             ###################
             # AGENT CALLBACK  #
             ###################
@@ -298,6 +316,16 @@ spec:
               value: {{ $dataplane.agent.services.asset.deny | quote }} 
           {{- end }}
           {{- end }}
+          {{- if $dataplane.agent.services.connector }}
+          {{- if $dataplane.agent.services.connector.allow }}
+            - name: "CX_AGENT_SERVICE_CONNECTOR_ALLOW"
+              value: {{ $dataplane.agent.services.connector.allow | quote }} 
+          {{- end }}
+          {{- if $dataplane.agent.services.connector.deny }}
+            - name: "CX_AGENT_SERVICE_CONNECTOR_DENY"
+              value: {{ $dataplane.agent.services.connector.deny | quote }} 
+          {{- end }}
+          {{- end }}
           {{- end }}
           
             ###################
@@ -310,22 +338,6 @@ spec:
             - name: "CX_AGENT_FEDERATION_BATCH_MAX"
               value: {{ $dataplane.agent.maxbatchsize | quote }} 
 
-            #######
-            # AWS #
-            #######
-            {{- if $dataplane.aws.endpointOverride }}
-            - name: "EDC_AWS_ENDPOINT_OVERRIDE"
-              value: {{ $dataplane.aws.endpointOverride | quote }}
-            {{- end   }}
-            {{- if $dataplane.aws.secretAccessKey }}
-            - name: "AWS_SECRET_ACCESS_KEY"
-              value: {{ $dataplane.aws.secretAccessKey | quote }}
-            {{- end }}
-            {{- if $dataplane.aws.accessKeyId }}
-            - name: "AWS_ACCESS_KEY_ID"
-              value: {{ $dataplane.aws.accessKeyId | quote }}
-            {{- end }}
-
             ################
             ## POSTGRESQL ##
             ################
@@ -360,10 +372,44 @@ spec:
             - name: "EDC_DATASOURCE_ACCESSTOKENDATA_URL"
               value: {{ tpl .Values.postgresql.jdbcUrl . | quote }}
 
+            #########################
+            ## DATA PLANE PUBLIC API
+            ########################
+            - name: "EDC_DATAPLANE_API_PUBLIC_BASEURL"
+              value: {{ include "txap.dataplane.url.public" . }}
+
+
+            ##################
+            ## TOKEN REFRESH
+            ##################
+            {{- if $dataplane.token.refresh.expiry_seconds }}
+            - name: "EDC_DATAPLANE_TOKEN_EXPIRY"
+              value: {{ $dataplane.token.refresh.expiry_seconds | quote}}
+            {{- end}}
+
+            {{- if $dataplane.token.refresh.expiry_tolerance_seconds }}
+            - name: "EDC_DATAPLANE_TOKEN_EXPIRY_TOLERANCE"
+              value: {{ $dataplane.token.refresh.expiry_tolerance_seconds | quote }}
+            {{- end}}
+
+            {{- if $dataplane.token.refresh.refresh_endpoint }}
+            - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT"
+              value: {{ $dataplane.token.refresh.refresh_endpoint }}
+            {{- else}}
+            - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT"
+              value: {{ include "txap.dataplane.url.public" . }}/token
+            {{- end}}
+
+            - name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS"
+              value: {{ $dataplane.token.signer.privatekey_alias | required ".Values.token.signer.privatekey_alias is required" | quote}}
+
+            - name: "EDC_TRANSFER_PROXY_TOKEN_VERIFIER_PUBLICKEY_ALIAS"
+              value: {{ $dataplane.token.verifier.publickey_alias | required ".Values.token.verifier.publickey_alias" | quote }}
+
             ######################################
             ## Additional environment variables ##
             ######################################
-            - name: "EDC_CONNECTOR_NAME"
+            - name: "EDC_RUNTIME_ID"
               value: {{ include "txap.fullname" .}}-{{ $dataplane.name }}
           {{- range $key, $value := $dataplane.envValueFrom }}
             - name: {{ $key | quote }}
@@ -386,21 +432,31 @@ spec:
           {{- end }}
           {{- end }}
           volumeMounts:
+           {{- if $dataplane.volumeMounts }}
+           {{- toYaml $dataplane.volumeMounts | nindent 12 }}
+           {{- end}}
             - name: "configuration"
               mountPath: "/app/opentelemetry.properties"
               subPath: "opentelemetry.properties"
             - name: "configuration"
               mountPath: "/app/logging.properties"
               subPath: "logging.properties"
+            {{- if .Values.customCaCerts }}
+            - name: custom-cacerts
+              mountPath: /opt/java/openjdk/lib/security/cacerts
+              subPath: cacerts
+            {{- end }}
             - name: "tmp"
               mountPath: "/tmp"
-
             {{- range $config_name, $config_value := $dataplane.configs }}
             - name: "configuration"
               mountPath: {{ printf "/app/%s" $config_name | quote }}
               subPath: {{ printf "%s" $config_name | quote }}
             {{- end }}
       volumes:
+       {{- if $dataplane.volumeMounts }}
+       {{- toYaml $dataplane.volumes | nindent 8 }}
+       {{- end}}
         - name: "configuration"
           configMap:
             name: {{ include "txap.fullname" . }}-{{ $dataplane_name }}
@@ -413,6 +469,15 @@ spec:
               - key: {{ printf "%s" $config_name | quote }}
                 path: {{ printf "%s" $config_name | quote }}
             {{- end }}
+        {{- if .Values.customCaCerts }}
+        - name: custom-cacertificates
+          configMap:
+            name: {{ include "txdc.fullname" . }}-custom-cacerts
+            defaultMode: 0400
+        - name: custom-cacerts
+          emptyDir:
+            sizeLimit: 1Mi
+        {{- end }}        
         - name: "tmp"
           emptyDir: { }
       {{- with $dataplane.nodeSelector }}
diff --git a/charts/agent-plane/templates/networkpolicy.yaml b/charts/agent-plane/templates/networkpolicy.yaml
new file mode 100644
index 00000000..4c72a93d
--- /dev/null
+++ b/charts/agent-plane/templates/networkpolicy.yaml
@@ -0,0 +1,42 @@
+#################################################################################
+#  Copyright (c) 2023 Contributors to the Eclipse Foundation
+#
+#  See the NOTICE file(s) distributed with this work for additional
+#  information regarding copyright ownership.
+#
+#  This program and the accompanying materials are made available under the
+#  terms of the Apache License, Version 2.0 which is available at
+#  https://www.apache.org/licenses/LICENSE-2.0.
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations
+#  under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#################################################################################
+
+{{- if eq (.Values.networkPolicy.enabled | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ include "txap.fullname" $ }}-{{ .Values.name }}
+  labels:
+    {{- include "txap.dataplane.labels" $ | nindent 4 }}
+spec:
+  podSelector:
+    matchLabels:
+      {{- include "txap.dataplane.selectorLabels" $ | nindent 6 }}
+  ingress:
+    - from:
+      {{- toYaml .Values.networkPolicy.from | nindent 6 }}
+      ports:
+      {{- range $key,$value := .Values.endpoints }}
+        - port: {{ $value.port }}
+          protocol: TCP
+      {{- end }}
+  policyTypes:
+    - Ingress
+---
+{{- end }}
diff --git a/charts/agent-plane/templates/service-dataplane.yaml b/charts/agent-plane/templates/service-dataplane.yaml
index 34f5b3ec..cd3bcd5e 100644
--- a/charts/agent-plane/templates/service-dataplane.yaml
+++ b/charts/agent-plane/templates/service-dataplane.yaml
@@ -1,5 +1,5 @@
 ---
-#
+#################################################################################
 #  Copyright (c) 2024 T-Systems International GmbH
 #  Copyright (c) 2024 Contributors to the Eclipse Foundation
 #
@@ -8,7 +8,7 @@
 #
 #  This program and the accompanying materials are made available under the
 #  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
+#  https://www.apache.org/licenses/LICENSE-2.0.
 #
 #  Unless required by applicable law or agreed to in writing, software
 #  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
@@ -17,14 +17,21 @@
 #  under the License.
 #
 #  SPDX-License-Identifier: Apache-2.0
-#
+#################################################################################
 apiVersion: v1
 kind: Service
 metadata:
   name: {{ include "txap.fullname" . }}-{{ .Values.name }}
   namespace: {{.Release.Namespace | default "default" | quote }}
+  {{- with .Values.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
   labels:
     {{- include "txap.dataplane.labels" . | nindent 4 }}
+    {{- with .Values.service.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
 spec:
   type: {{ .Values.service.type }}
   ports:
@@ -32,14 +39,22 @@ spec:
       targetPort: default
       protocol: TCP
       name: default
-    - port: {{ .Values.endpoints.signaling.port }}
-      targetPort: signaling
+    - port: {{ .Values.endpoints.control.port }}
+      targetPort: control
       protocol: TCP
-      name: signaling
+      name: control
     - port: {{ .Values.endpoints.public.port }}
       targetPort: public
       protocol: TCP
       name: public
+    - port: {{ .Values.endpoints.metrics.port }}
+      targetPort: metrics
+      protocol: TCP
+      name: metrics
+    - port: {{ .Values.endpoints.proxy.port }}
+      targetPort: proxy
+      protocol: TCP
+      name: proxy
     - port: {{ .Values.endpoints.callback.port }}
       targetPort: callback
       protocol: TCP
diff --git a/charts/agent-plane/values.yaml b/charts/agent-plane/values.yaml
index ef388318..cf8aa910 100644
--- a/charts/agent-plane/values.yaml
+++ b/charts/agent-plane/values.yaml
@@ -1,4 +1,4 @@
-#
+#################################################################################
 #  Copyright (c) 2024 T-Systems International GmbH
 #  Copyright (c) 2024 Contributors to the Eclipse Foundation
 #
@@ -7,7 +7,7 @@
 #
 #  This program and the accompanying materials are made available under the
 #  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
+#  https://www.apache.org/licenses/LICENSE-2.0.
 #
 #  Unless required by applicable law or agreed to in writing, software
 #  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
@@ -16,7 +16,7 @@
 #  under the License.
 #
 #  SPDX-License-Identifier: Apache-2.0
-#
+#################################################################################
 
 ---
 # Default values for agent-plane.
@@ -24,7 +24,9 @@
 # Declare variables to be passed into your templates.
 
 install:
+  # -- Deploying a PostgreSQL instance
   postgresql: false
+  # -- Deploying a HashiCorp Vault instance
   vault: false
 
 fullnameOverride: ""
@@ -33,40 +35,34 @@ nameOverride: ""
 imageRegistry: docker.io/
 # -- Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry)
 imagePullSecrets: []
-# -- To add some custom labels
+# -- Add some custom labels
 customLabels: {}
 
-postgresql:
-  jdbcUrl: "jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc"
-  primary:
-    persistence:
-      enabled: false
-  readReplicas:
-    persistence:
-      enabled: false
-  auth:
-    database: "edc"
-    username: "user"
-    password: "password"
-
 participant:
   # -- BPN Number
   id: ""
 
 iatp:
-  # Decentralized IDentifier
+  # -- Decentralized IDentifier (DID) of the connector
   id: "did:web:changeme"
   # -- Configures the trusted issuers for this runtime
   trustedIssuers: []
   sts:
     dim:
+      # -- URL where connectors can request SI tokens
       url:
     oauth:
+      # -- URL where connectors can request OAuth2 access tokens for DIM access
       token_url:
       client:
+        # -- Client ID for requesting OAuth2 access token for DIM access
         id:
+        # -- Alias under which the client secret is stored in the vault for requesting OAuth2 access token for DIM access
         secret_alias:
 
+# -- Add custom ca certificates to the truststore
+customCaCerts: {}
+
 # -- Name of the connector deployment
 connector: ""
 
@@ -79,8 +75,8 @@ controlplane:
       port: 8081
       # -- path for incoming api calls
       path: /management
-      # -- authentication key, must be attached to each 'X-Api-Key' request header
-      authKey: ""
+      # -- authentication key, must be attached to each request as `X-Api-Key` header
+      authKey: "password"
     # -- control api, used for internal control calls. can be added to the internal ingress, but should probably not
     control:
       # -- port for incoming api calls
@@ -94,7 +90,10 @@ controlplane:
       # -- path for incoming api calls
       path: /api/v1/dsp
   ingresses:
-    - enabled: false
+    - enabled: true
+      tls:
+        enabled: true
+      hostname: 67dd349198194b508a8fd5e2dd24c173.api.mockbin.io
 
 # -- the name of the dataplane
 name: "agentplane"
@@ -111,8 +110,11 @@ image:
   tag: ""
 initContainers: []
 debug:
+  # -- Enables java debugging mode.
   enabled: false
+  # -- Port where the debuggee can connect to.
   port: 1044
+  # -- Defines if the JVM should wait with starting the application until someone connected to the debugging port.
   suspendOnStart: false
 livenessProbe:
   # -- Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
@@ -140,35 +142,69 @@ readinessProbe:
   failureThreshold: 6
   # -- number of consecutive successes for the probe to be considered successful after having failed
   successThreshold: 1
+
 service:
   # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service.
   type: ClusterIP
   port: 80
+  # -- additional labels for the service
+  labels: {}
+  # -- additional annotations for the service
+  annotations: {}
+
+# -- endpoints of the dataplane
 endpoints:
+  # -- default api for health checks, should not be added to any ingress
   default:
+    # -- port for incoming api calls
     port: 8080
+    # -- path for incoming api calls
     path: /api
+  # -- public endpoint where the data can be fetched from if HttpPull was used. Must be internet facing.
   public:
+    # -- port for incoming api calls
     port: 8081
+    # -- path for incoming api calls
     path: /api/public
-  signaling:
-    port: 8083
-    path: /api/signaling
+  # -- control api, used for internal control calls. can be added to the internal ingress, but should probably not
+  control:
+    # -- port for incoming api calls
+    port: 8084
+    # -- path for incoming api calls
+    path: /api/control
+  proxy:
+    # -- port for incoming api calls
+    port: 8186
+    # -- path for incoming api calls
+    path: /proxy
+    # -- authentication key, must be attached to each request as `X-Api-Key` header
+    authKey: "password"
+  # -- metrics api, used for application metrics, must not be internet facing
+  metrics:
+    # -- port for incoming api calls
+    port: 9090
+    # -- path for incoming api calls
+    path: /metrics
+  # -- callback api, used for listening on control plane callbacks, must not be internet facing
   callback:
+    # -- port for incoming api calls
     port: 8087
+    # -- path for incoming api calls
     path: /callback
 
 token:
   refresh:
+    # -- TTL in seconds for access tokens (also known as EDR token)
     expiry_seconds: 300
+    # -- Tolerance for token expiry in seconds
     expiry_tolerance_seconds: 10
-    # optional URL that can be provided where clients go to refresh tokens.
+    # -- Optional endpoint for an OAuth2 token refresh. Default endpoint is `<PUBLIC_API>/token`
     refresh_endpoint:
   signer:
-    # alias under which the private key is stored in the vault (JWK or PEM format)
+    # -- Alias under which the private key (JWK or PEM format) is stored in the vault
     privatekey_alias:
   verifier:
-    # alias under which the public key is stored in the vault, that belongs to the private key ("privatekey_alias", JWK or PEM format)
+    # -- Alias under which the public key (JWK or PEM format) is stored in the vault, that belongs to the private key which was referred to at `dataplane.token.signer.privatekey_alias`
     publickey_alias:
 
 # -- Data Plane Authentication using the KA-EDC-AUTH-JWT extension, any entry has a type (api-key, jwt or composite) and a (set of) path contexts (see endpoints) followed by type-specific entries
@@ -191,6 +227,7 @@ auth:
     publicKey:
     # -- controls whether the expiry date of jwt tokens is checked when type=jwt
     checkExpiry: true
+
 aws:
   endpointOverride: ""
   accessKeyId: ""
@@ -210,7 +247,7 @@ podSecurityContext:
   runAsGroup: 10001
   # -- The owner for volumes and any files created within volumes will belong to this guid
   fsGroup: 10001
-# The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod
+# -- The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod
 securityContext:
   capabilities:
     # -- Specifies which capabilities to drop to reduce syscall attack surface
@@ -226,11 +263,11 @@ securityContext:
   runAsNonRoot: true
   # -- The container's process will run with the specified uid
   runAsUser: 10001
-# Extra environment variables that will be pass onto deployment pods
+# -- Extra environment variables that will be pass onto deployment pods
 env: {}
 #  ENV_NAME: value
 
-# "valueFrom" environment variable references that will be added to deployment pods. Name is templated.
+# -- "valueFrom" environment variable references that will be added to deployment pods. Name is templated.
 # ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core
 envValueFrom: {}
 #  ENV_NAME:
@@ -241,12 +278,12 @@ envValueFrom: {}
 #      name: secret-name
 #      key: value_key
 
-# [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from
+# -- [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from
 envSecretNames: []
 #  - first-secret
 #  - second-secret
 
-# [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from
+# -- [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from
 envConfigMapNames: []
 #  - first-config-map
 #  - second-config-map
@@ -280,10 +317,12 @@ ingresses:
       issuer: ""
       # -- If preset enables certificate generation via cert-manager cluster-wide issuer
       clusterIssuer: ""
+
 # -- declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container
 volumeMounts: []
 # -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories
 volumes: []
+
 # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container
 resources: {}
 # We usually recommend not to specify default resources and to leave this as a conscious
@@ -291,12 +330,18 @@ resources: {}
 # resources, such as Minikube. If you do want to specify resources, uncomment the following
 # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
 limits:
+  # -- Maximum CPU limit
   cpu: 1.5
+  # -- Maximum memory limit
   memory: 1024Mi
 requests:
+  # -- Initial CPU request
   cpu: 500m
+  # -- Initial memory request
   memory: 128Mi
+
 replicaCount: 1
+
 autoscaling:
   # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)
   enabled: false
@@ -308,6 +353,7 @@ autoscaling:
   targetCPUUtilizationPercentage: 80
   # -- targetAverageUtilization of memory provided to a pod
   targetMemoryUtilizationPercentage: 80
+
 # -- configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics
 opentelemetry: |-
   otel.javaagent.enabled=false
@@ -320,15 +366,17 @@ logging: |-
   java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter
   java.util.logging.ConsoleHandler.level=ALL
   java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n
-# [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes
+
+# -- [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes
 nodeSelector: {}
-# [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes
+# -- [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes
 tolerations: []
-# [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on
+# -- [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on
 affinity: {}
 url:
   # -- Explicitly declared url for reaching the public api (e.g. if ingresses not used)
   public: ""
+
 # -- A set of additional configuration files
 configs:
   # -- An example of an empty graph in ttl syntax
@@ -338,6 +386,7 @@ configs:
     #################################################################
     @prefix : <GraphAsset?local=Dataspace> .
     @base <GraphAsset?local=Dataspace> .
+
 # -- Agent-Specific Settings
 agent:
   # -- A list of local or remote graph descriptions to build the default meta-graph/federated data catalogue
@@ -366,6 +415,20 @@ agent:
       deny: 'https?://.*'
 
 # -- Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden
+postgresql:
+  jdbcUrl: "jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc"
+  primary:
+    persistence:
+      enabled: false
+  readReplicas:
+    persistence:
+      enabled: false
+  auth:
+    database: "edc"
+    username: "user"
+    password: "password"
+
+# -- Standard settings for vault
 vault:
   injector:
     enabled: false
@@ -378,7 +441,7 @@ vault:
     # -- URL to the vault service, needs to be changed if install.vault=false
     url: "http://{{ .Release.Name }}-vault:8200"
     # -- Access token to the vault service needs to be changed if install.vault=false
-    token: ""
+    token: "root"
     timeout: 30
     healthCheck:
       enabled: true
@@ -388,20 +451,20 @@ vault:
       secret: /v1/secret
       # -- Default health api
       health: /v1/sys/health
-  secretNames:
-    # -- sign handed out tokens with this key
-    transferProxyTokenSignerPrivateKey:
-    # -- sign handed out tokens with this certificate
-    transferProxyTokenSignerPublicKey:
-    # -- encrypt handed out tokens with this symmetric key
-    transferProxyTokenEncryptionAesKey:
+
+networkPolicy:
+  # -- If `true` network policy will be created to restrict access to control- and dataplane
+  enabled: false
+  # -- Specify from rule network policy for dp (defaults to all namespaces)
+  from:
+    - namespaceSelector: {}
 
 serviceAccount:
-  # Specifies whether a service account should be created
+  # -- Specifies whether a service account should be created
   create: true
-  # Annotations to add to the service account
+  # -- Annotations to add to the service account
   annotations: {}
-  # The name of the service account to use.
+  # -- The name of the service account to use.
   # If not set and create is true, a name is generated using the fullname template
   name: ""
   # -- Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry)
diff --git a/common/README.md b/common/README.md
index e6a3e1ba..41a6a371 100644
--- a/common/README.md
+++ b/common/README.md
@@ -57,7 +57,7 @@ add the following dependency to your maven dependencies (gradle should work anal
         <dependency>
           <groupId>org.eclipse.tractusx.edc</groupId>
           <artifactId>auth-jwt</artifactId>
-          <version>1.13.20-SNAPSHOT</version>
+          <version>1.13.21-SNAPSHOT</version>
         </dependency>
     </dependencies>
 </project>
diff --git a/common/auth-jwt/README.md b/common/auth-jwt/README.md
index 55ef9b9a..ecf08e57 100644
--- a/common/auth-jwt/README.md
+++ b/common/auth-jwt/README.md
@@ -37,7 +37,7 @@ Add the following dependency to your EDC artifact pom:
         <dependency>
             <groupId>org.eclipse.tractusx.agents.edc</groupId>
             <artifactId>auth-jwt</artifactId>
-            <version>1.13.20-SNAPSHOT</version>
+            <version>1.13.21-SNAPSHOT</version>
         </dependency>
 ```
 
diff --git a/common/auth-jwt/pom.xml b/common/auth-jwt/pom.xml
index 4dfc1c64..ac60ded1 100644
--- a/common/auth-jwt/pom.xml
+++ b/common/auth-jwt/pom.xml
@@ -27,7 +27,7 @@
     <parent>
         <groupId>org.eclipse.tractusx.agents</groupId>
         <artifactId>edc</artifactId>
-        <version>1.13.20-SNAPSHOT</version>
+        <version>1.13.21-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/common/auth-jwt/src/main/java/org/eclipse/tractusx/edc/auth/ExcludingAuthenticationRequestFilter.java b/common/auth-jwt/src/main/java/org/eclipse/tractusx/edc/auth/ExcludingAuthenticationRequestFilter.java
index 492932b6..ca3064f3 100644
--- a/common/auth-jwt/src/main/java/org/eclipse/tractusx/edc/auth/ExcludingAuthenticationRequestFilter.java
+++ b/common/auth-jwt/src/main/java/org/eclipse/tractusx/edc/auth/ExcludingAuthenticationRequestFilter.java
@@ -17,21 +17,26 @@
 package org.eclipse.tractusx.edc.auth;
 
 import jakarta.ws.rs.container.ContainerRequestContext;
-import org.eclipse.edc.api.auth.spi.AuthenticationRequestFilter;
+import jakarta.ws.rs.container.ContainerRequestFilter;
 import org.eclipse.edc.api.auth.spi.AuthenticationService;
+import org.eclipse.edc.web.spi.exception.AuthenticationFailedException;
 
+import java.util.List;
+import java.util.Map;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
+import java.util.stream.Collectors;
 
 /**
  * An authentication request filter with optional paths excluded
  */
-public class ExcludingAuthenticationRequestFilter extends AuthenticationRequestFilter {
+public class ExcludingAuthenticationRequestFilter implements ContainerRequestFilter {
 
     /**
      * the regex describing the excluded paths
      */
     protected final Pattern excludePattern;
+    protected final AuthenticationService service;
 
     /**
      * creates a new authentication request filter
@@ -40,8 +45,8 @@ public class ExcludingAuthenticationRequestFilter extends AuthenticationRequestF
      * @param excludePattern        the parsed regular expression of excluded paths, null if none
      */
     public ExcludingAuthenticationRequestFilter(AuthenticationService authenticationService, Pattern excludePattern) {
-        super(authenticationService);
         this.excludePattern = excludePattern;
+        this.service = authenticationService;
     }
 
     /**
@@ -59,6 +64,12 @@ public void filter(ContainerRequestContext requestContext) {
                 return;
             }
         }
-        super.filter(requestContext);
+        if (!"OPTIONS".equalsIgnoreCase(requestContext.getMethod())) {
+            Map<String, List<String>> headers = (Map) requestContext.getHeaders().entrySet().stream().collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue));
+            boolean isAuthenticated = service.isAuthenticated(headers);
+            if (!isAuthenticated) {
+                throw new AuthenticationFailedException();
+            }
+        }
     }
 }
diff --git a/docs/README.md b/docs/README.md
index d09bb0c8..8b0a8af5 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -75,7 +75,7 @@ dependencies:
       alias: my-connector
     - name: agent-plane
       repository: https://eclipse-tractusx.github.io/charts/dev
-      version: 1.13.20-SNAPSHOT
+      version: 1.13.21-SNAPSHOT
       alias: my-agent
 ```
 
@@ -90,7 +90,7 @@ dependencies:
       alias: my-connector
     - name: agent-plane-azure-vault
       repository: https://eclipse-tractusx.github.io/charts/dev
-      version: 1.13.20-SNAPSHOT
+      version: 1.13.21-SNAPSHOT
       alias: my-agent
 ```
 
diff --git a/pom.xml b/pom.xml
index 81ddf7a8..d93ff8e8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -26,7 +26,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.eclipse.tractusx.agents</groupId>
     <artifactId>edc</artifactId>
-    <version>1.13.20-SNAPSHOT</version>
+    <version>1.13.21-SNAPSHOT</version>
     <packaging>pom</packaging>
     <name>Tractus-X Knowledge Agents EDC Extensions</name>
     <description>EDC-Related Artifacts for Federated Procedure Calls</description>
@@ -39,31 +39,31 @@
 
         <junit.version>5.10.2</junit.version>
         <mockito.version>5.2.0</mockito.version>
-        <tx.edc.version>0.7.0</tx.edc.version>
-        <edc.version>0.6.1</edc.version>
+        <tx.edc.version>0.7.3</tx.edc.version>
+        <edc.version>0.7.1</edc.version>
         <failsafe.version>3.3.2</failsafe.version>
         <okhttp.version>4.12.0</okhttp.version>
         <okio.version>3.6.0</okio.version>
-        <slf4j.version>2.0.12</slf4j.version>
-        <jakarta.ws.rs-api.version>3.1.0</jakarta.ws.rs-api.version>
-        <com.nimbusds.version>9.37.3</com.nimbusds.version>
+        <slf4j.version>2.0.13</slf4j.version>
+        <jakarta.ws.rs-api.version>4.0.0</jakarta.ws.rs-api.version>
+        <com.nimbusds.version>9.40</com.nimbusds.version>
         <javax.servlet-api.version>4.0.1</javax.servlet-api.version>
         <jetty-jakarta-servlet-api.version>5.0.2</jetty-jakarta-servlet-api.version>
         <org.apache.jena.version>4.9.0</org.apache.jena.version>
-        <com.azure.azure-identity.version>1.11.4</com.azure.azure-identity.version>
-        <com.azure.azure-security-keyvault-secrets.version>4.8.1</com.azure.azure-security-keyvault-secrets.version>
-        <jackson.version>2.17.0</jackson.version>
+        <com.azure.azure-identity.version>1.13.0</com.azure.azure-identity.version>
+        <com.azure.azure-security-keyvault-secrets.version>4.8.3</com.azure.azure-security-keyvault-secrets.version>
+        <jackson.version>2.17.1</jackson.version>
         <org.yaml.snakeyaml.version>2.2</org.yaml.snakeyaml.version>
         <net.minidev.jsonsmart.version>2.5.0</net.minidev.jsonsmart.version>
         <net.java.dev.jna.version>5.13.0</net.java.dev.jna.version>
         <org.reactivestreams.version>1.0.4</org.reactivestreams.version>
         <jetbrains.kotlin.version>1.9.10</jetbrains.kotlin.version>
-        <io.micrometer.version>1.12.5</io.micrometer.version>
+        <io.micrometer.version>1.13.1</io.micrometer.version>
         <netty.nio.core-http2.version>4.1.108.Final</netty.nio.core-http2.version>
         <commons.compress.version>1.26.0</commons.compress.version>
-        <jetty.version>11.0.20</jetty.version>
+        <jetty.version>11.0.21</jetty.version>
         <reactor.netty.version>1.0.44</reactor.netty.version>
-        <awssdk.version>2.24.10</awssdk.version>
+        <awssdk.version>2.26.7</awssdk.version>
 
         <!-- Source characteristics -->
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
diff --git a/upgrade_version.sh b/upgrade_version.sh
index 4bf54af9..44a98176 100755
--- a/upgrade_version.sh
+++ b/upgrade_version.sh
@@ -16,7 +16,7 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
-OLD_VERSION=1.13.20-SNAPSHOT
+OLD_VERSION=1.13.21-SNAPSHOT
 echo Upgrading from $OLD_VERSION to $1
 PATTERN=s/$OLD_VERSION/$1/g
 LC_ALL=C