Software(-architecture)

Sovereign and secure data exchange

The International Data Spaces enable open data marketplaces for the economy and serves as a blueprint for secure data ecosystems.

The architecture developed by the Fraunhofer-Gesellschaft establishes a framework allowing companies that provide data to exchange them with other companies while always maintaining control over the dissemination and use of these data. Thus, it establishes the basic conditions for genuine data sovereignty in the industrial context and serves as a key element of a data infrastructure in and for Europe. Telekom is already using the International Data Spaces reference architecture as an innovative platform (DIH) for the secure and efficient exchange of data. In data processing and analysis, it focuses on innovative data-driven services and applications related to machine learning and artificial intelligence (AI).

© Fraunhofer ISST
The solution for the data exchange versus data protection paradox

The International Data Spaces initiative enables open data marketplaces for the economy. These are used for the secure exchange of data between trusted partners. The data sovereignty of all partners is protected along the entire data value chain. The International Data Spaces are part of a secure data infrastructure and therefore a key technology for innovative artificial intelligence applications. It contributes to the future competitiveness of the economy and to social prosperity. As an important component of the digital infrastructure, the International Data Spaces help to realize the opportunities of AI for the benefit of people and companies while simultaneously alleviating risks.

Technical prerequisites

An International Data Spaces connector has to be used to utilize the benefits of International Data Spaces. This is the software interface to the International Data Spaces and permits the implementation of data sovereignty.

There are basically three variants for using an IDS connector:

Integration into the own system landscape

The IDS connector has a modular design, making it compatible with the existing IT architecture of many companies. Using the own IT infrastructure and making it IDS-compatible is therefore one of the options. Three essential components have to be used to integrate International Data Spaces into the own infrastructure: IDSA Dataspace Protocol, information model, and usage control. Subsequently the system that has been developed needs to be certified.

 

Off the shelf

Using an existing connector is the simplest option. The three most advanced connectors are the Eclipse Dataspace Connector, Trusted Connector and Open Data Connector. Other connectors are available for a wide variety of applications, for different hardware and in various programming languages. All Fraunhofer connectors are listed here: Connector.

Some central infrastructure services are also needed in addition to the connector. In particular, an identity provider is required for the definition and distribution of connector identities.

Das IDS Ökosystem

Architecture elements

The following section presents the individual architecture elements that have been developed by Fraunhofer within the framework of research projects under the auspices of the Federal Ministry of Education and Research (BMBF) and the Data Spaces Research Center.

 

Connector

The connector provides technical access to the IDS ecosystem.

 

Identity Provider

The International Data Spaces offer identity management across companies according to modern standards with low organizational hurdles.

 

Clearing House

The Clearing House is a broker that provides approval and settlement services for all financial and data exchange transactions.

 

Information Model

The semantic description, in compliance with standards, of all players and resources in a data space

 

App Store

App stores provide a secure platform for the distribution of data apps.

 

Metadata Broker

The Metadata Broker represents the reference implementation of the IDS broker and therefore also follows the generic connector architecture as described in the reference architecture model.

 

Usage Control

In digital value creation, companies repeatedly face the challenge of how to protect their sensitive and business-critical data.

Reference Architecture Model

 

RAM 3.0

Reference Architecture Model

Version 3.0