TNO Security Gateway documentation
Welcome to the TNO Security Gateway documentation. This folder contains all the documentation that is available for the TNO Security Gateway. It is divided into apps folders for each component, describing the architecture and all of the configurable parameters. There is a seperate section Deployment for deployment of all the components.
Structure
General introduction
The TNO Security Gateway allows users to participate in data spaces, bridging the gap towards technical interoperability. The TSG consists of a couple of components that are crucial for participation in data spaces, and an Oauth server (SSO Bridge) that acts as a service to provide authentication to e.g. UIs and to ensure safe communication between the components. The crucial components are the Wallet, Control Plane and Data Plane. The Data Plane has two options: (1) the HTTP Data Plane, which is probably the one a reader should be using (2) the Analytics Data Plane, used for orchestrating distributed analyses over multiple parties.
The overall architecture (as to how the components work together and how they interact) can be seen in the figure below:
Specifications
There are several protocols in the figure above that are generic. This section provides links to the relevant specifications and highlights the choices that were made for the TSG components.
DID Resolvement
The DID Resolvement Protocols correspond to Decentralized Identifier resolvement protocols. The TSG Wallet supports did:web and did:tdw.
Verifiable Credentials
The Credential Issuance Protocols concern the issuance of Verifiable Credentials. The TSG Wallet supports OpenID for Verifiable Credential Issuance and Eclipse Decentralized Claims Protocol.
The Verfiable Presentation Protocols that are supported by the TSG Wallet are OpenID for Verifiable Presentations and Eclipse Decentralized Claims Protocol.
Data Space Protocols
The Data Space Protocols between the Control Planes are limited to one implementation, namely the Eclipse Dataspace Protocol.
Data Space Component
Within the Data Space Component we see Internal protocols between the Control Plane and the Data Plane(s). These are not specified yet and can be inspected by viewing APIs on this documentation.
Data Exchange
For communication between the Data Plane(s), several Data Exchange Protocols can be used. The specific protocol depends on the data plane implementation. Examples of these protocols are HTTP, MQTT, Apache Kafka. The TSG currently supports the HTTP Protocol with the HTTP Data Plane and specific protocols for Multi Party Computation and Federated Learning for the Analytics Data Plane.