Perimeter-less trust
In principle, trust is individually assessed by each data owner for every entity seeking to exchange data. This concept of trust sovereignty means that each data owner retains full control over whom they trust. While efficiency may drive groups to establish their own trust perimeters, these perimeters are flexible and do not restrict data exchanges with entities outside their defined boundaries.
No common or global Authority
There is no overarching Authority to enforce the certification of interfaces, manage onboarding processes, or ensure adherence to data licenses. Compliance within the BDI framework is entirely voluntary, motivated by the practical benefits and business value it offers. BDI framework however does not forbid such an authority when created by the entities involved. The BDI reference architecture supports such BDI Associations.
No (unique) shared register of all onboarded parties
Registers of trusted entities are typically local or individual. For example, a platform or company may maintain its own register of trusted partners. If the need for interoperability within a group grows, a common register can be established, often through a BDI Association.
The BDI framework provides a federated mechanism for previously unknown entities to identify themselves to a data-owning party. This allows the data owner to verify the entity’s claims and decide whether sufficient trust exists to proceed with the interaction.
Discovery of endpoints
Only endpoints need to be discovered, not data services. The assumption is that a business relationship already exists before data exchanges occur as part of the operation. Endpoint discovery is treated as a generic mechanism, such as through DNS.
Quality of Identity Providers uncertainty
In a global business environment, there are various ways to identify an entity, person, or IT system. For example, dealing with SMEs in less IT-mature regions may require simpler methods of identification, albeit with lower associated trust levels. Depending on what is required, identification mechanisms are chosen to suit the needs of the parties involved.
Subsidiarity, Global Differentiation, and Local Adaptations
In the BDI framework, the principles of subsidiarity, global differentiation, and local or sectoral adaptations are prioritized over enforcing strict interoperability. Natural business drivers are expected to lead to varying degrees of interoperability among different groups.
The Core Principles of the BDI framework reflect these observations.