Architecture#
How the Custodian works#
The purpose of the Custodian is to protect and monitor resources in an ecosystem.
It makes access decisions based on contracts that are specified in a semantic way and are stored in a Contract Knowledge Graph. Each access request is monitored and reported as an Audit Trail. These audit trails can be accessed by the resource owners. The Custodian only makes decisions, but cannot itself enforce those decisions: for that a Policy Enforcement Point is needed in the ecosystem.
All communication between the ecosystem and the Custodian happens via an API and a Reverse Proxy. All users of the Custodian need to authenticate. For authentication currently Keycloak is used. An External Identity Provider from the ecosystem can be integrated.
For signing contracts additionally all users need public keys that are stored via a Key Manager. An External Knowledge Base that exists in the ecosystem can be integrated in order to hold attributes that might be needed in the access control decision.
Microservices#
Reverse Proxy: Gateway to the custodian that redirects requests to the correct microservice
Id and Key Manager: Handles authentication and stores public keys of users that are needed for validating signatures
Contract Management System: Manages contract creation and contract signing. All events are reported to the Audit Trail
Access Control System: Decides on access request with a yes/no decision, reports all access requests and decision to the Audit Trail
Audit Trail: collects all events and access decision and can be accessed by resource owner to monitor the usage of the resources that they own
Workflow#
Contract Phase#
Resource Owner: The resource owner makes a contract template, that is stored in the Contract Knowledge Graph
Resource User: Uses the contract template to fill in additional details that might be requested by the data owner to finalize the contract. The Resource user also signs the contract
Resource Owner: The resource owner also signs the contract
Usage Phase#
Resource User: Request access to a resource. He receives a yes/ no response and the resource access is reported as an Audit Trail
Resource Owner: The resource owner can monitor the resource usage any time by accessing the Audit Trail