Citizen City - Governance in Dataspaces

Project description

The central design question of the project was: How do we design a repeatable, secure and well-founded onboarding process for (sensor) data flows within the Citizen City data space, balancing governance, IT architecture and process quality?

We investigated governance principles from data spaces (Gaia-X, IDSA), analysed the “Inzicht Verlicht” architecture (including Orion-LD, QuantumLeap/CrateDB, Keycloak, APISIX) and developed a process blueprint for data onboarding. All of this has been brought together in a comprehensive advisory report in which process design, governance proposals and enterprise architecture reinforce each other.

Context

The project took place within the context of a smart city data space, in which public organisations and partners collaborate to share data securely, transparently and interoperably. The challenge in this domain is that data flows are often scattered, standards differ and responsibilities are not always clear. This necessitates a combination of governance, architecture and process design.
We worked on the basis of the “Insight Enlightened Sandbox” model, which consists of, among other things:

• FIWARE Orion-LD for semantic processing,
• QuantumLeap + CrateDB for time series storage,
• Keycloak for identity & access,
• APISIX as API gateway,
• ODRL PAP for policy management.

Within this domain, we looked at themes such as privacy, data quality, security, interoperability and data ownership. Stakeholders ranged from policymakers to data managers, engineers and project partners from the public sector.
The ultimate goal of our project was to develop a clear, scalable and usable blueprint for the onboarding of new data streams, which can be easily applied in future data projects.

Results

The main outcome of the project is an integrated advisory report that brings together governance, IT architecture and the onboarding process for data flows in a single coherent framework. In this report, we describe how data flows can be onboarded within the Citizen City data space in a secure, scalable and reproducible manner. It includes a simplified but comprehensive layer diagram in which roles, activities, applications, data and technology are clearly organised, supplemented by an IST-SOLL-GAP analysis that provides insight into current bottlenecks and opportunities for improvement. This analysis forms the basis for a detailed process model that describes, step by step, how a new data stream is registered, semantically mapped to NGSI-LD, validated for quality and policy, and ultimately made available for use within the data space via an API gateway.

In addition, we developed a robust process blueprint that standardises the entire onboarding process. This model uses existing technical components from the Inzicht Verlicht system, such as Orion-LD for semantics, QuantumLeap and CrateDB for time series, Keycloak for identity & access, and APISIX for unlocking data. Linking these components to clear process steps creates a reproducible approach that is easily applicable to different data providers. The model supports organisations in shortening the time-to-data and limiting risks related to data quality, security and privacy.

The results were validated through interviews with stakeholders and extensive analysis of documentation, resulting in multiple iterations of both the process model and the architectural representation. The feedback from this validation led to a clearer delineation of responsibilities, improved acceptance criteria for data quality and clearer governance proposals. By also comparing governance structures of other data spaces and municipalities, we were able to identify best practices and translate these into a concrete RACI model that provides direction for decision-making, policy-making and operational implementation.

The value of these results lies at the technical, organisational and process levels. Technically, the project offers an applicable architecture that connects to existing components and forms a basis for further development. Organisationally, it creates clarity in roles and decision-making, which simplifies collaboration between policymakers, IT, data experts and suppliers. In terms of processes, the project delivers a standardised and well-founded approach for onboarding new data streams. In terms of technological maturity, the solution is at TRL 4–5: a validated concept that has been developed in a relevant context and is ready for further pilot implementation.

About the project group

Our project team consisted of six students with a mixed background in IT & Business and AI & Data. The project duration was 18 weeks. We worked without fixed roles, which meant that everyone switched flexibly between analysis, design, validation and documentation. This approach encouraged collaboration and shared ownership. Validation took place through interviews with stakeholders and reviewing existing documentation, after which we made several iterations to improve our models and recommendations.