Inzicht Verlicht: Trust Framework Concept Validation

Project description

This project focused on designing and implementing a functional Proof-of-Concept (PoC) for a secure, federated data space.
We built a system where independent participants can share data securely using modern Identity and Access Management (IAM). The core of our implementation is Verifiable Credentials (VC) and a Universal Trust Registry (UTR). With these components, we lay down a ground framework where data sovereignty is maintained. It allows the next researchers to delve deeper in implementing access based on cryptographically verified attributes, rather than just simple passwords.

Context

Data spaces and specifically the CitizenCity project require collaboration between governments and private companies. However, existing systems lack a standardized and secure mechanisms for managing identity across these different environments. While the reference architecture for the Data Space for Smart and Sustainable Cities and Communities (DS4SSCC) exists, there are few viable implementations that allow for "trustless" exchange. Trustless exchange is a process where you don't need a central authority to verify each transaction.
By building a technical foundation that supports Self-Sovereign Identity (SSI) and a Universal Trust Registry (UTR), we allow stakeholders, such as the Municipality of Eindhoven, to exchange data safely.

Results

The project’s primary achievement is the delivery of a functional Proof-of-Concept (PoC) that bridges the gap between theoretical European data space standards and a practical implementation.

The products that support this achievement are:

• Verifiable Credentials (VC) Integration
• Simulated isolated company environments using Docker Compose
• Working prototype of a Universal Trust Registry (UTR)
• Reproducible, hardened, Financial API (FAPI) IAM solution configuration.

We also gained some critical insights about the feasibility of decentralization and a hybrid implementation strategy to efficiently onboard companies to become a data space participant.
The research successfully proves that high-security requirements can be met without the need for a central authority, where we use Decentralized Identifiers (DIDs) and VC.
We found that, while implementing OID4VCI is feasible, OID4VPI is still a future target which requires more maturity. A hybrid approach where using OpenID Connect (OIDC) for internal company authentication AND VC issuance is a viable immediate step to ensure existing companies can transition smoothly to becoming a data space participant.

The solution was validated using the DOT framework, for which we used System Tests (Lab) as well as Static Program Analysis (Showroom).
Each sprint, we demonstrated the system in a simulate business environment, using the existing "Inzicht Verlicht" case and the supplied data to simulate the use case.
Therefore, we believe our TRL is 4, as we successfully integrate the parts and made them work together in a controlled, simulated single-machine environment.
TRL5 is just around the corner. To reach this level, we would need to set up the necessary infrastructure on multiple machines. We've already set up the foundation for setting up the infrastructure, it just needs to be improved upon by the next research group.

About the project group

Half of us have previous knowledge in infrastructure, while the other half has previous knowledge in software. This allowed us to split up in smaller teams. We worked in an iterative way, which allowed us to rapidly produce small prototypes of data space components and environment setups.