direct naar de inhoud

For Developers

Understanding the Fundamentals

Developers must thoroughly understand the fundamental principles before implementing connectors. The iSHARE Trust Framework facilitates seamless integration and secure communication between APIs, ensuring data sharing only when properly authorised. 

Key Features of the iSHARE Trust Framework

  • Federated and Decentralised Approach: The framework operates without central power, pre-exchanged authentication keys, or participant details. Parties gain access to the data space or network exclusively through trusted onboarding procedures. Each interaction validates against the trusted list (participant registry) and authorisations.
  • Technical Components: This core feature relies on the Participant Registry, authorisation checks (Policies), and Identity and Access Management (IAM) mechanisms.

Understanding Technical Implementation

Developers implement an identification, authentication & authorisation protocol for both machine-to-machine (M2M) and human-to-machine (H2M) communication based on a JSON REST API architecture. Authentication heavily depends on Public Key Infrastructure (PKI) certificates and public/private key pairs. JSON Web Tokens (JWTs) are crucial for protecting the message content integrity. Each participant validates the signatures and interprets JWT content, adhering to contextual requirements. 

Understanding Transaction Flows

To understand transaction flows, let’s consider a core example of data sovereignty: 

In a scenario where a government entity, as a data consumer, needs access to data held by organisation T (the data owner), traditional methods involve exchanging API endpoint addresses, authentication keys, and providing comprehensive API access. However, within the iSHARE Trust Framework, such pre-arrangements are unnecessary. Authentication occurs seamlessly and dynamically, enhancing efficiency and security.

The initial step involves validating an organisation’s status within the data space or iSHARE network, and verifying the availability of necessary capabilities. The data space or iSHARE network, utilising Distributed Ledger Technology (DLT), offers feedback through the Party Endpoint, typically using the organisation’s unique identification number, such as the EORI number by default. 

With this configuration of the pointer and capability, the Service Consumer gains precise data location and can initiate communication with the platform or endpoint acting as the Service Provider. 

Subsequently, the Service Provider verifies data set authorisation within the Authorisation Registry held by the Entitled Party. If no authorisation is found, a “NOK” (Not Okay) status is returned by the Authorisation Registry.

This prompts the Authorisation Registry (AR) to check with the Entitled Party to establish a policy for the Service Consumer and Service Provider combination.

Establishing Secure Data Exchange

Upon confirmation, the Authorisation Registry (AR) is promptly updated, and the Service Provider receives an “OK” status from the AR. This triggers the exchange of authentication keys, generated based on the public eIDAS keys within the network, ensuring the highest level of connection security.

This process ensures complete data sovereignty, instilling confidence in data sharing. This represents the foundational flow, with numerous additional examples available for exploration. 

For More Information: 

  • iSHARE Trust Framework Specifications: Comprehensive specifications are accessible on our Wiki and Developer Portal
  • Role Information and Source Code: More information regarding each role, source code examples, and practical implementations are available on GitHub. Note that while the software components are open source, they are intended for reference purposes only.
  • Conformance Test Tool (CTT): We also provide a fully automated testing sequence for developers in the form of the Conformance Test Tool (CTT). 

Please feel free to reach out to us for more information.