Technical Aspects
Exploring Technical Concepts and Specifications
The iSHARE Trust Framework provides technical specifications to govern interactions among various organisations’ software components. These specifications focus on essential aspects such as identification, authentication, and authorisation within these interactions. By leveraging widely recognized open standards, seamless interoperability is ensured. The applied technical standards are highly relevant to all parties involved.
One noteworthy aspect of the iSHARE Trust Framework is its REST API architecture, facilitating direct communication between all stakeholders involved in a data space. Modified implementations of OAuth 2.0 and OpenID Connect 1.0 establish an ecosystem where parties can interact with previously unfamiliar counterparts. Notably, pre-registration is not required, deviating from conventional standards. PKI and digital certificates are employed across all participating entities for authenticating parties in the data space, along with other pertinent technical standards such as HTTP (S), TLS (Transport Layer Security), JSON, JSON Web Token (JWT), and XACML 3.0.
Authentication within the iSHARE Trust Framework varies between human-to-machine and machine-to-machine interactions. In human interactions, the identity provider handles authentication, ensuring a secure and trustworthy connection. In contrast, machine-to-machine interactions rely on eIDAS certificates from trusted certification authorities, guaranteeing the legitimacy of the participating entities’ information. The Participant Registry maintains a record of participants and their certificates in the data space/iSHARE network, adding an extra layer of protection.This enables participants to cross-verify each other’s information and establish accountability.
Technical Applications
In the technical context, two key applications are: the Conformance Test Tool (CTT) and the Participant Registry.
Participant Registry
Organisations assuming the Data Space Governance Authority role use the Trust Anchor (& Participant Registry Management Point) to govern their data space. This application facilitates the registration of participants into the data space once they adhere to the Framework’s technical standards and sign the necessary agreements. It further enables parties within a data space to verify other participants’ compliance and accountability. Each data space implementing the iSHARE Trust Framework has an instance of the application, operated by the Data Space Governance Authority. The individual instances of the Participant Registry function as nodes on a distributed ledger, enabling participants registered in one data space to be discoverable across the network of data spaces using the iSHARE Trust Framework.
Conformance Testing Tool (CTT)
To join a data space using the iSHARE Trust Framework, organisations must utilise the CTT to ensure that their API services comply with iSHARE specifications. Role-specific test cases need to be completed according to the participant's roles within the framework. The CTT provides valuable feedback on each test case, indicating whether it passed or failed. Once a participant successfully clears all relevant test cases, they become eligible for admission into the data space by the Data Space Governance Authority, ensuring a smooth and secure integration process.
The technical aspects of the iSHARE Trust Framework play a crucial role in ensuring secure and efficient data sharing among organizations. By adhering to robust technical specifications and utilizing key applications such as the Conformance Test Tool and the Participant Registry, participants can seamlessly integrate into data spaces while maintaining compliance with the iSHARE Trust Framework.
