The EU funded i4Trust project has delivered an operationnal technical architecture in order to enable the implementation of DATA SPACES based on OPEN SOURCE technologies . In the framework of this i4Trust project, the DIH Faubourg Numérique has been selected - and funded - to support 4 experiments involving 23 SMEs from 13 different countries:
- CO2-Mute : a data space for public decision makers on sustainable mobility policies
- CADS : a data space for the assessment of the carbon footprint of agricultural products and tools for sound agrotechnological and management decisions
- CAST: a data space for Carbon Capture Supply Chain Trust
- DTaaS4Aero: a data space enabling Digital Twin as a service for aeronautical communications equipment and performance-based predictive maintenance
Thanks to this involvement in the i4Trust project our DIH team ran very fast through the learning curve towards concrete implementation of DATA SPACES , re-inforced by the first deliverables of the Data Spaces Support Center (DSSC).
Then, this "i4Trust stakeholder MVP stack" has been build by DIH Faubourg Numérique to assemble the technical i4Trust deliverables with the goal to ease their adoption by a wide variety of organizations, especially SMEs.
In complement to this "MVP stack", the SMEs had the opportunity to use the ouranos-ws platform to facilitate their tasks in order to leverage their active participation in DATA SPACES, following iterative steps:
- DESIGN shared and harmonized data models leveraging the Smart Data Models repository
- NAVIGATE in the graphs of NGSI-LD entities representing their digitalized assets and those shared by other stakeholders, leveraging FIWARE components
- CONTROL the access to their digitalized asset through the management of granular Access Policies, based on the iShare principles and services
In this video, you can have an overview on the way the above tools were actually used by the CO2-Mute experiment, and you can also check out the CO2-Mute immersive demo performed in the Smart Open MetaWorld during IFAT Munich 2022.
We hope this will help your organization to go faster and smoother towards an active participation in Data Spaces in order to leverage the opportunities related to the Data Economy! So please, use it, fork it, ... and contribute to improve it!! Doing so, all together, maybe we can initiate and sustain an i4Trust community of practice for (E)DIHs and SMEs beyond the end of the EU funded experimental phase ... ?
The "i4Trust stakeholder MVP stack" will allow you to rapidly deploy and configure the need components to implement the "standard" i4Trust architecture:
- Orion-LD
- Keyrock + Authorization Registry plugin + Activation Service
- Kong + i4Trus plugin
- Wilma, as alternate PEP proxy, to "internally" access Orion-LD outside the Data Space
- Git
- Docker
- Docker Compose
- Certbot
- Node.js >= 18 (with npm)
The following commands works for Debian with root accessible via sudo.
They may differ with other operating systems.
Clone the repository
git clone https://github.com/faubourg-numerique/i4trust-stakeholder-mvp-stack.git
Access the cloned repository
cd i4trust-stakeholder-mvp-stack
Create the env file
cp ./.env.example ./.env
Edit the env file with correct values
It is not recommended to use different tags, the deployment could no longer work correctly.
To simplify deployment, a tool to automatically create configuration files is provided. It will use environment variables to create activation-service.yml, kong.yaml and nginx.conf configuration files. You can also manually create files.
Install the script
npm install --prefix ./tools/config-file-builder-tool
Run the script
node ./tools/config-file-builder-tool/index.js
Generate the HTTPS certificates
You must first have created DNS A records as well as having opened ports 80 and 443 of the machine.
sudo certbot certonly --standalone -d identity-manager.example.com ; \
sudo certbot certonly --standalone -d context-broker.example.com ; \
sudo certbot certonly --standalone -d temporal-api.example.com ; \
sudo certbot certonly --standalone -d kong.example.com ; \
sudo certbot certonly --standalone -d activation-service.example.com
Please note that generated certificates have an expiration date. Make sure Certbot has scheduled tasks to renew them automatically.
To simplify deployment, a configuration tool for Keyrock is provided. This will create through the Keyrock API the application, pep proxy, permissions and role automatically. It must be executed only once. It is also quite possible not to use this script and to do the configuration manually.
Start the services
sudo docker compose up -d
Wait a few minutes for the services to be fully started (Keyrock must be accessible).
Install the script
npm install --prefix ./tools/keyrock-config-tool
Run the script
node ./tools/keyrock-config-tool/index.js
Restart the services
sudo docker compose down
sudo docker compose up -d
It will be necessary to authorize the marketplace to create delegation evidences on the authorization registry (even in case the marketplace and the authorization registry are the same party, because the authorization service will check if this policy exists).
A tool is provided to easily create this initial policy.
Install the script
npm install --prefix ./tools/initial-policy-creation-tool
Create the configuration file
cp ./tools/initial-policy-creation-tool/.env.example ./tools/initial-policy-creation-tool/.env
Edit the configuration file with correct values
Run the script
node ./tools/initial-policy-creation-tool/index.js
Start the services
sudo docker compose up -d
Stop the services
sudo docker compose down
Stop the services
sudo docker compose down
Pull the latest changes
git pull
Check env example file for changes that may need to be made then run again the config file builder tool
node ./tools/config-file-builder-tool/index.js