FIWARE Data Space Connector
Overview
The FIWARE Data Space Connector (FDSC) is an integrated suite of components every organization participating in a data space should deploy to connect to a data space. Following the DSBA recommendations, it allows to:
- Interface with Trust Services aligned with EBSI specifications.
- Implement authentication based on W3C DID with VC/VP standards and SIOPv2/OIDC4VP protocols.
- Implement authorization based on attribute-based access control (ABAC) following an XACML P*P architecture using Open Digital Rights Language (ODRL) and the Open Policy Agent (OPA).
- Provide compatibility with ETSI NGSI-LD as data exchange API.
- Supports the TMForum APIs for contract negotiation.
Note
Although the FIWARE Data Space Connector provides compatibility with NGSI-LD as the data exchange API, it could also be used for any other RESTful API by replacing or extending the PDP component of the connector.
Key points
- Final and ready-to-use software (versus the framework approach of Eclipse).
- (Partial support for) IDS Dataspace Protocol (DSP).
- Not as agnostic as Eclipse, although its modular approach makes it possible (in theory) to extend its capabilities.
- It is not very tested; expect bugs and error reporting work.
- Development is relatively slow.
Getting started
A good way to start working with the connector is to deploy a Minimum Viable Data Space (MVDS) using FIWARE's minimum infrastructure. This infrastructure provides a minimal implementation of a data space using Fiware technology, which allows test the FIWARE Data Space Connector and its components in a local environment.
This MVDS is composed of the following blocks:
| Component | Description |
|---|---|
| Fiware Data Space Operator or Trust Anchor | The entity responsible for managing the issuers and credentials within the data space. It ensures the trustworthiness of the data space by managing the identities and credentials of participants. |
| FDS Connector A (Provider) | An entity that provides data from the data space. It acts as a data provider, allowing for data exchange within the data space. |
| FDS Connector B (Consumer) | An entity that consumes data from the data space. It acts as a data consumer, retrieving data from the data space without providing any data in return. |
Technical Details & Deployments
The FIWARE Data Space Connector repository provides a Helm chart for deploying the connector in a Kubernetes cluster. The chart includes all the necessary components to set up a data space connector in both consumer and provider modes. The chart is designed to be flexible and can be customized to fit the specific needs of the data space.
Consumer
The consumer mode of the FIWARE Data Space Connector is composed of the following components:
Deployments
- Minimum AWS deployment example: Code
| Component | Functionality | Description |
|---|---|---|
| DID (did-helper) | Config Services | A component that provides support for W3C Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs). It helps in managing DIDs and VCs within the data space. |
| Keycloak | Authentication | An identity and access management solution that provides authentication and authorization services. It is used to manage user identities and access to resources within the data space. |
| Rainbow | IDSA Data Space Protocol | Rainbow or also known as Dataspace Rainbow is an implementation of Dataspace Protocol 2024-1 promoted by IDSA (International Data Spaces Association). |
| PostgreSQL | Database | A relational database management system that stores data related to the data space. |
Provider
The provider mode of the FIWARE Data Space Connector is composed of the following components:
Deployments
- Minimum AWS deployment example: Code
| Component | Functionality | Description |
|---|---|---|
| APISIX | Authorization | A component that provides API gateway functionality with a OPA plugin for traffic management. |
| OPA | Authorization | An open-source policy engine that provides attribute-based access control (ABAC) for the data space. It evaluates policies and makes authorization decisions based on attributes and rules defined in the data space. |
| ODRL-PAP | Authorization | A component that implements the ODRL (Open Digital Rights Language) Policy Administration Point (PAP) for managing data access policies within the data space. |
| Scopio | Data Broker | A data broker, facilitating the exchange of data between different participants in the data space. It manages data discovery and retrieval processes. |
| VCVerifier | Authentication | A component that verifies the authenticity of Verifiable Credentials (VCs) and exchanges them for tokens. It ensures that the credentials presented by participants are valid and trustworthy. |
| Credential Config Service | Authentication | A service that manages the configuration of credentials. Holds the information which VCs are required for accessing a service. |
| Trusted Issuers List | Authentication | A list of trusted issuers for the provider. Acts as Trusted Issuers List by providing an EBSI Trusted Issuers Registry API. |
| TM Forum API | Data Discovery | A component that implements the TM Forum APIs for contract negotiation within the data space. It allows participants to negotiate and manage contracts related to data exchange. |
| Contract Management | Data Discovery | Notification listener for contract management events out of TMForum. |
| Rainbow | IDSA Data Space Protocol | Rainbow or also known as Dataspace Rainbow is an implementation of Dataspace Protocol 2024-1 promoted by IDSA (International Data Spaces Association). |
| TPP | IDSA Data Space Protocol | Integration of checks for the transfer process protocol. |
| PostgreSQL | Database | A relational database management system that stores data related to the data space. |
| PostGIS | Data Bases | PostgreSQL Database with PostGIS extensions |
| MySQL | Data Bases | An open-source relational database management system that uses SQL for data management. |
| DID (did-helper) | Config Services | A component that provides support for W3C Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs). It helps in managing DIDs and VCs within the data space. |