Legal entity that serves as trust anchor for both federated trust/authentication and local onboarding.
Functionary responsible for operating the services of a BDI Association reporting to its Members.
Legal terms and conditions a Member has to agree on when joining a specific Association.
Register of onboarded Members, and Preferred Business Partners of a particular BDI Association instance.
Authentication involves validating the Digital Identity of an entity, person or Process
Authorization ensures that the authenticated entity, person or Process has been granted permission to gain access to the specific (data) resource requested.
Holds authorization policies for one or more Data Owners on access to data
The Basic Data Infrastructure (BDI) is a framework for controlled data sharing, supporting automated advanced information logistics within next-generation OSCM networks. Departing from traditional messaging paradigms, the BDI shifts towards event-driven information collection at the source, fostering efficient and secure communication through proven publish-and-subscribe architectures.
The Basic Data Infrastructure (BDI) framework defines the creation of a perimeterless data grid supporting multiple concurrent ODS, enabling controlled system-to-system automation of processes initiated by event-based notifications.
Standard software to make APIs BDI compliant
Processing of part of protocol: client assertion to token.
The BDI network is the collection of participants and associations that are established, maintained and governed accordingly with the principles of the BDI Framework.
Register within BDI Association, holding the Reputation scores of Business Partners.
Member of a different BDI Association than the root. Note: this a relative perspective, from the position of a Member of a given instance (BDI Association).
Roles for which certification is required. Facilitate certain functions for BDI that every member within the Association must be able to rely upon.
In the context of information security, credentials are used to control access of someone or something to something, for example to services, data or other functionalities. The right credentials validate (i.e. Authentication) the identity claimed during Identification.
The best-known example of credentials is a password, but other forms include electronic keycards, biometrics and, for machines, public key certificates.
Requests access to data and/or Representation Register and/or Professional Qualification Register of the Data Owner
Controls discovery and endpoints
Requests subscription to Event Pub/Sub Service of the Data Owner, receives and evaluates events.
Controlled data exchange according to BDI principles in operational business networks
The data Owner is a legal entity who:
Has control over data and access to data
Controls decisions on Data Sovereignty and Trust Sovereignty
Controls authorization policies, representation rules, professional qualification verification of staff and contractors
Controls subscription to the Event Pub/Sub Service, and publishing of events to subscribers
Controls discovery and endpoints
Controls roles assumed by entity
A Data Service Provider that acts under supervision and on behalf of the Data Owner
A tool-independent description of all that is needed for controlled data exchange using BDI principles in operational and supply chain networks for coordination, control and compliance..
Delegation is the act of empowering someone or something to act for another or to represent others.
Standards on interacting with entities and/or persons that have IT-systems that are less mature or not BDI-compliant.
· Processes, technology, terms and conditions, liabilities
· Structured data set, describing an action in physical world, or an administrative milestone
· Multiple statuses are possible: e.g. planned, in transit, historic
· Accepts subscription to Event Pub/Sub Service managed by or on behalf of the Data Owner
· Sends pulses that the Data Owner sends to topics to subscribers of topics
· Manages a list of topics as identified by the Data Owner as channels for pulses.
The BDI Framework recognizes three interacting voluntary governance structures: Data exchange space governance, BDI Association (local trust and onboarding anchor) governance and BDI Framework governance.
Identification is the process of someone or something claiming an identity by presenting characteristics called identity attributes. Such attributes include a name, user name, e-mail address, etc. The claimed identity can be validated (i.e. Authentication) with the right credentials.
In order to support multiple Identity Providers (with possible multiple rules) and Data Service Providers, an Identity Broker is required. An Identity Broker allows Data Consumer to select the Identity Provider they prefer to authenticate themselves at. It prevents the need for a direct relationship between all Data Service Providers and all Identity Providers.
The Identity Provider:
Provides identifiers for Data Consumer;
Issues credentials to Data Consumers;
Identifies and authenticates Data Consumers based on provided credentials.
A semantic description of a standard with focus on making the meaning of the used concepts broadly accessible and understandable
An Operational Data Store (ODS) is designed to integrate data integrate from multiple sources for additional operations on the data, for reporting, controls and operational decision support.
In the BDI the ODS is intended to hold Logistics Event information, representing state, access (delegations) to source data for reliant parties etc. during the live transaction and distribute the relevant parts of this truth to the operationally involved or further eligible parties.
It enables controlled system-to-system automation of processes triggered by event-based notifications.
Operations and Supply Chain Data Spaces (ODS) are logical constructs — networks of parties, both businesses and authorities, created to generate value from the production and distribution of goods and services. Parties may participate in multiple ODS concurrently, with participation frequency and duration varying based on business characteristics.
Operations and Supply Chain Management (OSCM) represents the science and expertise of value creation in the production and distribution networks of goods and services.
The content of a message, could be Events, Data sets, streaming sensor data or any other type of data
· Definitions of access policies to data elements
· In operational data spaces, policies relate to role, (authenticated) organisation, and order-dependent authorization of access to data elements.
Business Partners who have agreed to specific terms and conditions of the local BDI Association that maintains its own Business Partner Reputation Model
Holds proof of the professional qualifications (verifiable credentials of for instance licenses) of natural persons related to them acting as a representative of a legal entity
Provenance is the chronology of the ownership of a data element allowing to trace back data to its original owner or creator
· Publishes Pulses with Payload within a Topic
· Distributes Pulses To Subscribers to a Topic
· Any party can be a Publisher (unlimited number of publishers)
· Datagram, distributed to Subscriber to a Topic
· A signal from the data Owner that there is data ready for the consumer to come and access
· When employees or contractors act on behalf of an organisation, the organisation mandates them up to a set limit. The organisation is accountable for their actions and is liable if they act outside the set limits.
· Holds proof of the mandate of natural persons acting as a representative of a specific legal entity
· Holds proof of the mandate of organisations acting as a representative of a specific legal entity
Access granted to data and services based on the Logistic Role a member or its representation has.
An architecture reference model. The stack builds up on both the management and technical level, offering a versatile architecture adaptable to the unique network requirements it serves.
· Subscribes to one of more Topics of a Publisher
· Has no knowledge of other Subscribers to a Topic (isolated)
· Receives Pulses distributed by a Publisher
· Any party can be a Publisher (unlimited number of Publishers)
· Subject or channel a Subscriber subscribes to, to receive Topis related events
· Defined by Publisher
· Used to limit amount of Pulses with non-information for Subscriber
Trust is the design and implementation of measures that evaluate the chain of trust per presented credential by any party; the decision to accept a certain level of trust is dependent on the risk of making a mistake.