The ExPEDite Data Space integration Suite makes use of several components in order to deploy a functional data space connector, which allows users to connect to ExPEDite’s data space to be able to exchange data.
ExPEDite wishes to use such cutting-edge technology to be prepared for future data exchanges, which would mean a huge added value for the project and, in order to do so, has decided to integrate within its architecture a data space connector based on Sovity’ components that will allow such connectivity.
Once users have created a client, the first step needed in order to get data from one connector to another consists in creating a data offer in ExPEDite’ connector, so the data can be seen by other connectors forming part of the same data space. In such data offer, users must indicate a valid HTTPS URL where the data is hosted as well as other additional parameters. As soon as the offer has been created, a corresponding data asset will appear in the assets section and any connector forming part of such data space can search for it.
In order to do so, users must introduce the endpoint URL of ExPEDite’ connector in the “Connectors endpoint” section of the catalogue browser from their connector, so the assets from such connector are shown. When the URL is introduced, the asset created in ExPEDite’ connector should appear in the list of available assets of the catalogue. Next, users should click on such asset to negotiate the conditions to acquire the data by clicking on the checkbox “I agree with the data offer terms & conditions” and clicking on the “Confirm” button. As soon as the negotiation is confirmed, a contract is created in the corresponding section. Last but not least, the user should click on the contract, press the “Transfer” button, fill in the URL where data should be sent, the authentication and headers (if required) and finally press the “Initiate transfer” button. Finally, the data is sent to the URL specified in previous step.
The suite is composed of the following components:
Keycloak/DAPS: the tandem composed by Keycloak and the DAPS is in charge of the security of the data space by allowing two connectors to communicate with each other in a secure way. In one hand, Keycloak uses authentication protocols such as OAUTH, SAML and OpenID in order to manage users and roles. In this specific configuration, Keycloak acts as a base for the security management, allowing the use of clients and tokens. In the other hand, the DAPS is a Keycloak plugin created by Sovity under Apache License 2.0 that is in charge of managing identity in data spaces through the creation of clients and tokens to allow secure communication between connectors. The component comes usually in a bundle among with Keycloak in order to ease the access configuration.
Authority portal: is a component developed by Sovity which is in charge of managing, in a centralised way, the users who can access to a connector/data space. Its main objective is helping to create all the clients/certificates of the other connectors which may access to a specific data space.
DS connector: The Sovity connector is a software component developed by Sovity under Apache License v2.0 and based in the Eclipse Data Space Connector (EDC). It is the key piece in the data space infrastructure, as it allows the data exchange itself between all the participants in a data space in an interoperable way. The configuration used in ExPEDite makes it work in conjunction with the Authority portal and the Keycloak/DAPS in a smooth way, making it very easy-to-install.
The data space connector makes it possible for a participant to connect and share data with others in a secure and transparent way while maintaining sovereignty over their own information.
The data space connector uses the following technology stack:
- Runtime: Java (JDK 21), Kotlin, PostgreSQL.
- Authentication/IDM: Oauth2, DAPS, Keycloak-based identity infrastructure.
- Frontend/web UI: Nodejs (v20) w/ Typescript, yarn package managed base, React
- Devops/Infra/Operational: Docker & kubernetes, GitHub Container Registry (ghcr.io).