You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm not sure if this is the right place to ask this question as it is about the IDS-RAM architecture and not about the Dataspace connector specifically. If not, please point me to the right discussion group.
I have the following scenario. A customer (data provider) is sending data to a company (data consumer). The company uses the data to run some analytics to figure out problems with the customer's systems. Once the data reaches the company's network it stays behind a firewall and can move and be processed by several nodes inside the company's network. How can we deploy an architecture using IDS-RAM that will ensure to the customer that their data is being processed according to their usage policy given that internal nodes in the company cannot communicate with the outside world. Here is the scenario in a diagram:
Even though the diagram shows that every node deploys and IDS internal connector within the company's network, there is no way for the customer to trust these connectors. To ask the question in another way where would the identity provider be deployed in this case? If deployed inside the company's network, how can the customer trust this setup?
I came up with one solution but not sure if it is viable, please see diagram below:
The following steps are required for this architecture to work:
The IDSA identity provider would certify an identity provider proxy that would run inside the company's network
The IDSA identity provider would certify both the customer and company external connectors
In order for the company's external connector to be certified by the IDSA identity provider it's programming logic has to ensure that it communicates with the identity provider proxy before sending data to internal connectors
Internal connectors are certified by the identity provider proxy only if their programming logic ensures that they too communicate with identity provider proxy before sending data to other internal connectors.
Note: By identity provider here I mean the PKI necessary for valid IDSA communication (i.e CA, DAPS, ...)
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hello,
I'm not sure if this is the right place to ask this question as it is about the IDS-RAM architecture and not about the Dataspace connector specifically. If not, please point me to the right discussion group.
I have the following scenario. A customer (data provider) is sending data to a company (data consumer). The company uses the data to run some analytics to figure out problems with the customer's systems. Once the data reaches the company's network it stays behind a firewall and can move and be processed by several nodes inside the company's network. How can we deploy an architecture using IDS-RAM that will ensure to the customer that their data is being processed according to their usage policy given that internal nodes in the company cannot communicate with the outside world. Here is the scenario in a diagram:
Even though the diagram shows that every node deploys and IDS internal connector within the company's network, there is no way for the customer to trust these connectors. To ask the question in another way where would the identity provider be deployed in this case? If deployed inside the company's network, how can the customer trust this setup?
I came up with one solution but not sure if it is viable, please see diagram below:
The following steps are required for this architecture to work:
Note: By identity provider here I mean the PKI necessary for valid IDSA communication (i.e CA, DAPS, ...)
Thanks for your support
Beta Was this translation helpful? Give feedback.
All reactions