Standardized endpoint
To facilitate efficient and secure data exchanges, a standardized endpoint (API) is crucial. This endpoint, coupled with an authentication mechanism based on OAuth, streamlines the process of creating multiple concurrent and dynamic instances of data exchange networks. By using a standardized API, organizations reduce the complexity and cost associated with integrating different systems and ensuring secure communication across various platforms.
Authorization, policies and roles
Data at the source requires that the Data Owner maintains control over who can access the data through well-defined authorization policies. These policies are managed in an Authorization Register (AR), which keeps track of recognized entities, their roles, and their association with specific projects.
For large Data Owners, there will likely be a direct interface between their ERP systems and the AR, ensuring that the AR is consistently updated with the latest information on business partners, their roles, and their access rights. By defining common roles and corresponding policies within a sector, organizations can further reduce the maintenance costs and complexity of managing these authorization systems.
It is expected that common roles and corresponding policies will be defined in a sector, to lower the maintenance costs.
Tradeoff between notifications with metadata and data at the source
There is a critical tradeoff between the efficiency of distributing notifications with metadata and the control provided by accessing data directly at the source. Notifications with metadata are lightweight and efficient, offering a low-overhead channel for sharing control information or data with low risk. However, accessing data at the source involves additional overhead due to the need for authentication, trust assessment, and authorization. This extra overhead is justified by the increased control and security it provides, particularly for sensitive or high-risk data.