The building block aims to define BDI's technical roles, including Identity Provider, Identity Broker, Association Administrator, Data Owner, Data Service Provider, and Data Consumer. Each role plays a crucial part in managing identity, data control, and service provision within BDI's framework.
The purpose of this building block is to define the technical roles in BDI.
The technical roles of the BDI are given and explained below.
Implementation of the basic BDI mechanisms assumes the existence of these technical roles.
Identity Provider
The Identity Provider-role is fulfilled by a legal entity whose tooling identifies and authenticates humans (and specifically, Human Data Consumers representing Data Consumers).
Identity Broker
The Identity Broker-role is fulfilled by a legal entity that provides Data Service Providers access to different Identity Providers, and that offers humans the option to choose with which Identity Provider to identify and authenticate themselves.
Association Administrator
Functionary responsible for operating the services of a BDI Association reporting to its Members.
Data Owner
The data Owner is a legal entity who:
Has control over data and access to data
Controls decisions on Data Sovereignty and Trust Sovereignty
Controls authorization policies, representation rules, professional qualification verification of staff and contractors
Controls subscription to the Event Pub/Sub Service, and publishing of events to subscribers
Controls discovery and endpoints
Controls roles assumed by entity
Data Service Provider
A Data Service Provider that acts under supervision and on behalf of the Data Owner
Data Consumer
Requests access to data and/or Representation Register and/or Professional Qualification Register of the Data Owner
Controls discovery and endpoints
Requests subscription to Event Pub/Sub Service of the Data Owner, receives and evaluates events.
Sharing data via the BDI allows for a direct connection between physical processes and digital information. Physical processes — such as the delivery of materials to a construction site, the processing of an agricultural product, the transport of raw materials, or the delivery of goods to a warehouse — are supported by data and information exchange. While such communication used to occur via manual registrations, phone calls or single documents, the BDI allows for it to be structured completely digitally through connected IT systems.
After the occurrence of a physical event, such as
the delivery of hot asphalt on an infrastructure project;
the harvesting and processing of a agricultural product;
the arrival of components at a factory;
the transfer of goods, energy or materials between supply chain partners
this event can automatically be translated to digital data because of the BDI. This data is than directly made available for the authorized parties in the supply chain.
Because all involved systems use the same agreements, standards and language, a single shared and up-to-date view of reality emerges. This does not only provide better insight, but also greater flexibility, improved decision-making, and smarter collaboration between organizations, people, and systems.
The BDI allows the physical and digital worlds to grow closer together. It creates a more robust digital foundation on which sectors can innovate and increase their sustainability and efficiency — e.g. by calculating their emission footprints, reducing waste, or planning more intelligently.
Greater control over physical processes through direct, automatic support with up-to-date data
Transparency in supply chains and networks, where authorized parties have insights into relevant data
Faster and more reliable handling of physical, administrative and financial processes
Increased predictability and scheduling through real-time data availability
Faster and more effective reaction to disruptions, changes and new circumstances through faster data availability
A foundation for sustainability, innovation and chain-wide optimalisation (e.g. through CO2-monitoring and circular processes)
In many sectors, timing is of the essence. Whenever a schedule changes, a delivery arrives, a process step is completed or a malfunction occurs, the involved parties wish to be notified as soon as possible. With the use of the BDI, organizations and professionals are automatically informed via systems about events relevant to them, even when the parties do not have a direct contractual relationship. This can be referred to as event-driven coordination: the proactive, trusted and automatic sharing of information as soon as something happens that influences a process, schedule or result.
In complex processes, a lot happens simultaneously. Activities quickly follow one another, sometimes run in parallel and are often interdependent. Proper coordination is only possible if the right information is available at the right time.
With the BDI, this coordination happens as follows:
Every relevant event in a process generates its own digital notification
In this notification is stated
who owns this data (the data owner)
what organizations, roles or systems have access to this information
When data is shared, security, authorizations and agreed-upon rules are automatically taken into account.
The described process occurs over the boundaries of organizations and IT systems, without central data storage. The BDI connects parties when needed.
For every relevant event, such as
finishing a product order;
delivering material to a project location;
measuring the quality;
registering the environmental measurements;
or changing a schedule,
a temporary digital network is formed with only the involved parties. These parties automatically receive a notification when an event is relevant to them. As soon as the process is finished, this network is closed again. This results in many secure, temporary collaborations that coexist within the BDI. When needed administrators or certified institutions can (temporarily) join these networks, e.g. for control or justification.
Static processes rarely occur. Instead, the status of activities, deliveries, measurements or maintenance is constantly changing. Consider a changed schedule, an accelerated or delayed process, or new measurements.
With the use of the BDI these changes are shared in real-time through dynamic data: small, up-to-date data packages that follows the real events. This ensures all relevant parties always have the most up-to-date view.
Every status-change results in an update that is shared with the relevant, involved parties. Examples of these generic statuses are:
requested
accepted
scheduled
in progress
finished
checked
documented
confirmed
These statuses are not sector-specific, but applicable to a wide range of processes: from construction to production and monitoring, maintenance and certification.
Changes in processes are directly visible (e.g. in case of delays, accelerations or deviations).
Involved parties work with the same definitions, terms and meanings.
The agreement framework supports the dynamic character of modern processes.
Decisions are made based on up-to-date, validated information.
There is an increase in predictability, reliability and collaboration.
Frequently, not all the parties involved in chains and networks are familiar with each other. This is the case for many sectors, including construction, industries, defense, governance, agri-food and logistics. Regardless, secure and responsible data sharing is important. Therefore, the BDI is based on the Zero Trust principle: trust is never automatically granted, but based on rules, context and control. Within the BDI, trust is not assumed, but a controlled and retraceable decision.
Organizations decide:
with whom;
under what conditions;
and for what purpose
they want to share their data. Access to their data is only granted when there is a relevant cause and if the receiving party adheres to the agreed-upon conditions.
The BDI differentiates between:
organizations
persons or roles
systems or applications
Access can be regulated automatically via an authorized employee or system. The BDI follows the five zero-trust rules:
There is no central trust authority: autonomy for every party is preserved.
Identity does not equal trustworthiness; authentication is not the same as trust.
Context determines the level of trust.
One can securely collaborate with unknown parties.
Data is only shared after authentication and authorization.
Trust is not assumed, but judged dynamically.
Risks are managed without blocking innovation.
The system adjusts the level of security based on risks and context.
Collaborating requires data sharing. This does not mean, however, that one must transfer their data to the other party. Within the BDI an organization remains the owner of their own data. This principle is also known as data sovereignty: the data stays at the source, under the owner's control.
When a relevant event happens — such as a delivery, measurement, registration or a completed process — no complete dataset is distributed. Instead, only a notification with a reference (metadata) is shared. Only authorized parties (that adhere to the conditions set by the data sharer) can use this reference to request additional information.
As a data owner, one can always:
see who is requesting access to the data;
determine what information is shared;
report this for justification and auditing.
This is in line with the European legislation, such as the Data Act and the GDPR.
Organizations, regions and sectors all differ from one another. Legislation, culture, processes and ways of working are not the same everywhere. Therefore, the BDI supports local decision-making within a common set of rules. This idea is based on the subsidiarity principle: decisions are made on the lowest possible, most involved level.
The BDI agreement framework contains a shared foundation. Within this foundation it is possible for:
sectors to determine their own agreements;
regions to apply their own agreements;
organizations to design their own processes,
as long as the core principles of security, interoperability and transparency remain.
This makes the BDI:
robust
scalable
internationally applicable
locally relevant
In order to safely share data, technology, humans and processes should be coordinated. The BDI therefore focuses on Coherent Security: security on every single level and as a whole.
The BDI maintains security on three levels:
Technical security: Each component (from applications till connections) adheres to high security norms.
Secured collaboration: Safe communication between systems and organizations
Operational security: Human acting is supported by logging, access control and automatic controls.
Connect physical to digital
Support of operational activities in the physical economy
Event-driven coordination
Time-sensitive event-driven coordination between entities
Dynamic data
Changes are shared in real-time via the dynamic Data Life Cycle
Zero trust
Trust is never automatic, but based on rules, context and control.
Data at the source
Data sovereignty by maintaining data at the source
Local decision-making
Based on the subsidiarity of governance
Coherent security
Consistent security across all levels and as a whole.
The Basic Data Infrastructure Framework (BDI) is an infrastructure framework for controlled data sharing, supporting automated advanced information logistics in the physical economy. Departing from traditional messaging paradigms, the BDI shifts towards event-driven data collection at the source, fostering efficient and secure coordination through proven publish-and-subscribe architectures.
This introduction provides a short overview of some issues that play a role in the design of the architecture, starting with some observations about data in a logistics environment. These observations are used in the formulation of architectural principles which are in turn the basis of BDI building blocks. Finally, these building blocks are grouped in functional subsets called KITs.
To assist the creation of applications according to the architectural principles, BDI defines a set of building blocks. Each building block provides tools and guidelines to implement parts of the required functionality. The building blocks are shown in the BDI stack:
Implementation of the principles by means of parts of the stack is aided by the definition of KITs. A KIT is a subset of the BDI stack that forms a coherent capability. Implementing a KIT makes it easier to start with a minimal viable subset and add additional functionality later as the need for it arises.
Trust information can be shared within networks (federations).
Some observations about data in the logistics environment are given below:
The data exchange patterns in typical operational networks are a result of “doing business”. They have specific characteristics:
The network of involved parties is driven by the fulfillment of an assignment. These networks are temporary and fluid, meaning that members are added whenever necessary and the network is dissolved when the job is done.
Data exchanges are between members of a closed group, i.e. the members are vetted in advance.
There can be time constraints on the exchange of data.
Event-driven exchange of operational data within an instance must be:
Efficient, i.e. no polling, no unnecessary retrieval
Effective, i.e. easy distribution to multiple parties simultaneously
Controlled:
Limited exposure to malicious actors
Only authorized parties can retrieve information
The importance of trust in global business networks
Identification authentication and authorization play an important role in establishing trust.
Zero trust - do not trust anyone before trust is established.
Perimeterless trust - do not base trust on membership of a closed group of trusted parties
The Data Owner tracks access, providing a clear audit trail
