Developers
Understanding the Fundamentals
Developers must grasp the fundamental principles before implementing connectors. The iSHARE Trust Framework enables smooth integration and secure communication, ensuring data is shared only with proper authorisation.
Key Features of the iSHARE Trust Framework
- Federated and Decentralised Approach: The framework operates without central power, pre-exchanged authentication keys, or participant details. Parties gain access to the data space or network exclusively through trusted onboarding procedures. Each interaction validates against the trusted list (participant registry) and authorisations.
- Technical Components: This core feature relies on the Participant Registry, authorisation checks (Policies), and Identity and Access Management (IAM) mechanisms.
Understanding Technical Implementation
Developers implement an identification, authentication & authorisation protocol for machine-to-machine (M2M) and human-to-machine (H2M) communication. This is based on a JSON REST API architecture. Authentication heavily depends on Public Key Infrastructure (PKI) certificates and public/private key pairs. JSON Web Tokens (JWTs) are crucial for protecting the message content integrity. Each participant validates the signatures and interprets JWT content, adhering to contextual requirements.
Establishing Secure Data Exchange
Upon confirmation, the Authorisation Registry (AR) is promptly updated, and the Service Provider receives an “OK” status from the AR. This triggers the exchange of authentication keys, generated based on the public eIDAS keys within the network, ensuring the highest level of connection security.
This process ensures complete data sovereignty, instilling confidence in data sharing. This represents the foundational flow, with numerous additional examples available for exploration.
For More Information:
- iSHARE Trust Framework Specifications: Comprehensive specifications are accessible on our Wiki and Developer Portal.
- Role Information and Source Code: More information regarding each role, source code examples, and practical implementations are available on GitHub.
Note: Please use the open-source software components for reference only.
- Conformance Test Tool (CTT): We provide a fully automated testing sequence for developers in the form of the Conformance Test Tool (CTT).