How real-word experience continues to strengthen the BDI: five new Requests for Change

The Basic Data Infrastructure (BDI) continues to evolve. Organizations working with the BDI gain new insights through implementations, pilots, and collaborative initiatives. These experiences regularly lead to improvements to the framework through the Request for Change (RfC) process.

Recently, the BDI Architecture Board approved five significant Requests for Change for inclusion in the next BDI release. The changes cover foundational principles, identity, federation, authorization, and onboarding. Together, they contribute to a more robust and practical BDI.

From real-world experience to improvement 
The RfC process plays an important role in the ongoing development of the BDI. New insights from implementations, pilots, and collaborative projects are collected, discussed within the community, and incorporated into the framework where relevant.

The recently approved RfCs demonstrate how practical experience helps strengthen the BDI. Below, we highlight the most important changes.

RfC #31: a renewed interpretation of the data-at-source principle
One of the most significant changes concerns the well-known data-at-source principle. This principle has been redefined to better align with the realities of data sharing across complex value chains. Where the focus was previously on the technical location of data, the new definition places greater emphasis on collaboration. Data remains at its source but is made available to participants in a trusted, contextual, and traceable manner. This better supports the event-driven collaboration model that the BDI is designed to enable. The change is fully backward compatible, meaning that existing implementations do not require any modifications.

RfC #29: federation between associations
An increasing number of collaborations extend beyond the boundaries of a single association. To support this, the new RfC introduces a standardized approach for establishing trust between different associations. Using OAuth 2.0 Token Exchange, organizations can securely collaborate across networks without relying on a centralized identity model. This enhances the scalability of the BDI and supports complex supply chain ecosystems involving multiple domains and stakeholders.

RfC #25: further formalization of digital identity
This change provides additional clarification of the Digital Identity building block within the BDI. It formally introduces the "identity triple" as a core architectural concept. The result is greater consistency in how digital identities are defined and used throughout the ecosystem.

RfC #24: updated onboarding process
The onboarding process has also been further improved. The updated version incorporates lessons learned from previous implementations and provides organizations with a clearer path to joining the BDI. This makes it easier for new participants to become part of the network in a consistent and efficient manner.

RfC #20: clear authorization guidelines
This RfC formalizes how a local policy engine handles authorization decisions for data access.

Built by the community, for the community
The five approved Requests for Change demonstrate how the BDI continues to evolve through practical experience and community collaboration. By collecting improvement proposals in a structured way and implementing them transparently, the BDI continues to mature as a trusted framework for interoperable data sharing.

Do you have ideas for improvement? Anyone involved in the BDI ecosystem can submit a Request for Change. Read the full procedure here. Interested in seeing which RfC's have been submitted and their current status? View the active RfC´s here. This is how we continue to build a future-proof digital infrastructure for data sharing together.