Skip to main content

Auditable data

This page describes how Tributech generates auditable data and ensures secure data communication channels. Furthermore, the Trust layer of each node is presented, which guarantees tamperproof storage for proofs.

An overview of the communication between nodes and the involved internal components can be seen in the image below (open it in a new tab to inspect it and zoom in). Node Architecture with channels

Channels and APIs#

Channels connect the distributed components of a DataSpace Ecosystem. They can be considered as "black-boxes" which contain synchronisation processes for exchanging data. They handle the networking, data processing, authentication and encryption between the connected components. These channels are separated into:

ChannelDescription
P2P Data Sync ChannelsA channel to exchange requested streams of sensor-, processes- or business data peer-to-peer between DataSpace Nodes.
Metadata ChannelsA channel to exchange required metadata (e.g. published Datasets) of the Ecosystem between the DataSpace Nodes and their associated DataSpace Hub.
Trust ChannelsA channel to transfer cryptographic proofs directly from the DataSpace Agents to the trust layer of the associated DataSpace Node.

APIs are well documented and supported interfaces for the different types of data in the Ecosystem in order to integrate sensors, databases and applications within the infrastructure of each participating stakeholder. These APIs are separated into:

APIDescription
Data APIThis API is integrated into each DataSpace Node and provides the interface and services in order to deliver and consume data streams.
Trust APIThis API is integrated into each DataSpace Node and provides the interface for the trust layer in order to consume cryptographic proofs for the data auditing.

Trust Layer#

Each DataSpace Ecosystem contains a Trust Layer for storing cryptographic proofs that are generated by DataSpace Agents to provide the data auditing capabilities for all stakeholders inside an Ecosystem. Each DataSpace Node contains an instance of the Trust Layer and each Node contains the required services for the supported data auditing capabilities. The Trust API connects to this Trust Layer when retrieving the proofs which are at the core of data auditability.

To ensure tamperproof storage of the proofs, the Trust Layer is based on distributed ledger technology. Proofs are shared throughout the Ecosystem like in a distributed network. Every node is thus plays its part in ensuring the data auditability of the ecosystem.
The distributed ledger contains only signed hashes (proofs) - hence no information is leaked. The hashes and signatures, generated by DataSpace Agents, allow the verification of the data integrity and data authenticity of the data streams.

Data Classification#

The different kinds of data inside a DataSpace Ecosystem are classified into 3 types:

TypeDescription
MetadataMetadata of datasets is stored at the DataSpace Hub and will be cached at the client in order to provide metadata of datasets inside a DataSpace Ecosystem.
Data StreamsData streams remain without exception at the owner's DataSpace Node. Every DataSpace Node stores his own streams and all streams that have been shared with him.
ProofsProofs that are generated through the hashing and signing process of DataSpace Agents at the data’s source, are stored in the Trust Layer. The metadata (proof location) for each proof, that is required for audit processes, is stored at the agent’s associated DataSpace Node and will be provided to other nodes if they consume that data stream portion.

Data Sharing Process#

To provide a traceable and straightforward data sharing processes, we have implemented the publish-, request- and grant workflows for Datasets into the admin web interface that is part of a DataSpace Node. Data sources and streams that are connected with DataSpace Nodes are structured into Datasets that can be requested and shared with other DataSpace Nodes participating in the Ecosystem.

The design of the data sharing process ensures that the control of data and sovereignty remains at each participating stakeholder and his DataSpace Node. The modular and fine-grained data access management enables a Subscription in every possible combination of streams and timeframes for a Dataset - to meet the demands of data providers and consumers.

WorkflowDescription
Publish a DatasetDataset owners can publish a Dataset (or just a part of it) to the whole Ecosystem or only to selected DataSpace Nodes. A Publication contains only descriptive metadata and not the data itself. A Publication makes available Datasets visible for other members inside a DataSpace Ecosystem.
Request a DatasetEvery user of a DataSpace Node within the Ecosystem can create and send a Request for selected streams, sources and timeframes to the owner of the Dataset.
Grant/Deny a RequestDataset owners can grant or deny submitted Requests for their Datasets. Once a Request is confirmed, the synchronization starts and the data can be consumed by the Requester via the integrated dashboards or via APIs.