search

Protocol

hashtag
Overview

This protocol is responsible for endpoint and process control as well as data transfer, and provides functionality that enables transactions to be established as the nexus connecting each layer.

The core component group of this protocol, referred to as the Transaction Component, serves as the junction point among protocols defined in ODP. It communicates with each layer and perspective (Common Functionalities, Fundamental Protocols, and Complementary Protocols).

This protocol defines the following transaction management.

  • Data transfer

    Provides functionality to transfer data from a data store endpoint in response to requests from a Data Consumer.

    To support data transfers across different data structures (structured / unstructured) and processing modes (synchronous / asynchronous), the data plane modules are logically classified into the following four types:

    • Web API Transfer Module

      A data plane module specialized for transferring synchronous structured data (e.g., Web APIs).

    • Stream Transfer Module

      A data plane module specialized for transferring asynchronous structured data (streaming data).

    • File / Bulk Transfer Module

      A data plane module specialized for transferring synchronous unstructured data (large files or bulk data).

    • Media Stream Transfer Module

      A data plane module specialized for transferring asynchronous unstructured data (real-time streaming data such as video or audio).

  • Authentication and Authorization Integration

    Provides request-level authentication and authorization control in coordination with a credential issuance service and the Identity & Trust(L3).

  • Logging Records historical information and information required for clearing and payment (DCS) in coordination with Logging (Common Functionalities).

hashtag
Abstract Normative Specification

hashtag
Concepts and Roles

The following concepts are required for this protocol:

Concept
Description

Data Provider

An entity that sends data stored in a data store to a Data Consumer

Data Consumer

An entity that receives data from a Data Provider

hashtag
Scope

This specification defines the Web API Transfer Module as a minimum implementation example.

hashtag
Normative Requirements

  • Data transfer within Open Dataspaces SHALL be performed through a data plane module.

    • Rationale: To ensure reliability and interoperability within Open Dataspaces.

  • The architecture SHOULD maintain extensibility to support multiple data structures and transfer methods.

    • Rationale: Data distribution in Open Dataspaces involves diverse use cases, including structured / unstructured and synchronous / asynchronous patterns, and a single method cannot ensure interoperability and implementation flexibility.

  • A data plane module MAY be used directly without employing the Control Plane Orchestrator.

    • Rationale: To enable ease of adoption and phased deployment, and to preserve flexibility in implementation and operation.

hashtag
Non-functional / Cross-layer Requirements

  • The module SHOULD integrate with the Identity & Trust(L3) to perform request-level authentication and authorization control.

    • Rationale: To ensure consistent access control, security, and interoperability across Open Dataspaces.

  • The module SHOULD be capable of recording the minimum data required by Dataspace Complementary Services (DCS).

    • Rationale: To enable information linkage with DCS.

hashtag
Message Types

The protocol handles the following types of messages:

Type
Sender ⇒ Receiver
Description

Request

Data Consumer ⇒ Web API Transfer Module; Web API Transfer Module ⇒ L3 Identity Component; Web API Transfer Module ⇒ Data Provider

A message sent to request data operations or authentication and authorization. It includes required header information and request parameters.

Response

Identity & Trust(L3)⇒ Web API Transfer Module; Data Provider ⇒ Web API Transfer Module; Web API Transfer Module ⇒ Data Consumer

A message sent in response to a request. It includes operation results, authentication or authorization validation results, tokens, or error information.

hashtag
Message Format

Messages exchanged in this protocol consist of the following elements:

Element
Description

Header

Located at the beginning of the message and contains metadata required for communication control.

Payload

Located in the body of the message and contains the business data.

hashtag
Protocol Flow

hashtag
Communication Flow

hashtag
Detailed Description of Each Communication

No.
Name
Sender
Receiver
Field
Description

1

Consumer Request

Data Consumer

Web API Transfer Module

Request fields depend on the target system specification. Refer to the specification published by the relevant Data Provider.

A message sent by the Data Consumer to the Web API Transfer Module to request a specific operation or information. Includes authentication information and request parameters.

2

Authentication and Authorization Request

Web API Transfer Module

Identity & Trust(L3)

Request fields depend on the Identity & Trust(L3)specification. Refer to the Identity & Trust(L3)specification.

A message sent by the Web API Transfer Module to the Identity & Trust(L3)to request authentication and authorization. Includes authentication information and request parameters.

3

Authentication and Authorization Response

Identity & Trust(L3)

Web API Transfer Module

Response fields depend on the Identity & Trust(L3)specification. Refer to the Identity & Trust(L3)specification.

A result message sent by the Identity & Trust(L3)to the Web API Transfer Module in response to a request. Includes authentication and authorization results, tokens, or error information.

4

Transfer Request

Web API Transfer Module

Data Provider

Request fields depend on the target system specification. Refer to the specification published by the Data Provider.

A message sent by the Web API Transfer Module to the Data Provider to request a specific operation or information. Includes authentication information (e.g., API key) and request parameters.

5

Provider Response

Data Provider

Web API Transfer Module

Receives either a successful response or an error response returned by the Data Provider. Refer to the specification published by the Data Provider.

A result message sent by the Data Provider to the Web API Transfer Module in response to a request. Includes API execution results or error information.

6

Consumer Response

Web API Transfer Module

Data Consumer

The successful response or error response returned by the Data Provider is, in principle, passed through as-is. Refer to the specification published by the Data Provider.

A result message sent by the Web API Transfer Module to the Data Consumer in response to a request. Includes API execution results or error information.

hashtag
State Machine

This section describes the states handled by this protocol.

hashtag
States

State
Description

Idle

Waiting for a request

Receiving

Receiving a request

Authenticating

Performing authentication

Authorizing

Performing authorization

Processing

Routing or proxying to the upstream system

Rejecting

Generating an error due to authentication or authorization failure

Responding

Returning a response (success or error) to the client

hashtag
State Machine Diagram

hashtag
Error Handling

This section describes the error handling used in this protocol.

Error Type
Description
Occurrence Timing
Handling

External System Error (Transparent)

Errors returned by an external system (4xx / 5xx specific to the external service)

Web API Transfer Module ⇒ External System

The external system response is returned as is.

Invalid Request

Request cannot be processed due to missing required headers or invalid values

Data Consumer ⇒ Web API Transfer Module

The request is validated and an error response is generated and returned if invalid.

API Key Error

API key validation failure

Data Consumer ⇒ Web API Transfer Module

The API key is validated within the module and an error response is generated and returned if invalid.

API Key Error (L3 Side)

API key validation failure at the Identity & Trust(L3)

Web API Transfer Module ⇒ Identity & Trust(L3)

The response from the Identity & Trust(L3)is returned as is.

Token-related Error (Authentication)

Access token invalid or expired

Web API Transfer Module ⇒ Identity & Trust(L3)

Based on the token validation result, an error response is returned as is if invalid or expired.

Insufficient Authorization

Access denied by authorization decision

Web API Transfer Module ⇒ Identity & Trust(L3)

Based on the authorization decision result, an authorization error response is returned as is.

Routing or Endpoint Error

Destination cannot be determined due to unregistered route or path/method mismatch

Web API Transfer Module

An error response is generated and returned.

External Connection Error

Failure to connect to L3 or external system, or invalid response received

Web API Transfer Module ⇒ Identity & Trust(L3)/ External System

Upon detecting connection failure or invalid response, an error response is generated and returned.

Timeout

No response received from L3 or external system within the defined time

Web API Transfer Module ⇒ Identity & Trust(L3)/ External System

Upon detecting timeout, an error response is generated and returned.

Internal Processing Failure

Processing cannot be completed due to internal exception

Web API Transfer Module

The exception is handled and an error response is generated and returned.

Last updated