DADS description – Technical part

The technical infrastructure for DADS is hosted and deployed on the cloud service provider, where its datacentres resides in European Union. The Founding members of DADS are responsible for developing and maintaining the technical infrastructure.

Their responsibility also includes ensuring that services in DADS comply with modern standards regarding:

  • Data security
  • Backup of data
  • Disaster recovery
  • Compliance of services with national and EU legislative acts
  • Technical documentation

Data sharing platform

Identity and Access Management

DADS uses Azure AD B2C as its identity management solution. Azure AD B2C is a business to customer identity as a service that provides a scalable identity platform; it allows customers to sign in using social, enterprise or local accounts and supports millions of users while handling security threats such as denial of service and brute force attacks. In the DADS platform, Azure AD B2C provides signup/sign‑in flows and implements federation with external identity providers. This ensures that data providers and data users authenticate securely using standards based protocols like OpenID Connect and OAuth 2.0, and that identity lifecycle management (registration, password reset, multi‑factor authentication) is handled by a trusted cloud service.

Consent Management Platform (CMP)

This is a custom web application integrated with Azure AD B2C that allows data providers to create, view and manage consents for sharing their datasets, and enables data users to request access. The CMP provides a dashboard where data providers can grant or deny access to specific datasets, record the purpose and duration of each consent, and audit all data sharing interactions. The platform also issues and manages API keys that are bound to particular consents, ensuring that every API call can be traced back to a respective data user. By centralizing consent management, DADS ensures compliance with the Code of Conduct for Agricultural Data Sharing and provides transparent governance for personal and non personal data, aligned with European policy and regulatory framework.

API Market Service

The API Market service exposes datasets as programmable interfaces. It leverages Azure API Management, which comprises an API gateway, management plane and developer portal. The API gateway acts as a proxy to the back end services; it accepts API calls, routes them to appropriate data providers, verifies API keys and other credentials, enforces quotas and rate limits, and can transform requests and responses according to policy statements. It also caches responses to improve latency and emits logs and metrics for monitoring and troubleshooting. The developer portal is an automatically generated, customizable website that allows developers to discover and consume DADS APIs. Through the portal, data users can read documentation, test APIs in an interactive console, and download OpenAPI specification. By integrating these components, the API Market service gives data providers control over how their datasets are exposed and enables data users to integrate datasets into applications securely.

Platform architecture

Technically, the DADS platform is built as a micro service architecture with a web front end (developed using the Quasar framework) and back end services deployed in the cloud. Identity management, consent management and API management are deployed as managed services, while custom components handle dataset ingestion, metadata cataloguing and user dashboards. The platform logs all actions for accountability and auditing, and exposes an internal administration API to allow integration with other data spaces. Data providers can publish datasets to the platform via secure upload interfaces, define usage policies, and associate them with API endpoints. Data users discover available datasets through the developer portal or catalogues, request access via the CMP, and consume them through documented APIs. This modular design enables DADS to evolve as standards for data spaces mature and facilitates interoperability with future dataspace connectors.

Data space

A data space is a federated, decentralized data infrastructure designed to enable cross organizational data sharing scenarios. Rather than centralizing all data, data spaces provide mechanisms such as distributed data sharing and metadata sharing to facilitate secure and trustworthy data exchange. They guarantee data sovereignty by ensuring that the data provider maintains control over who can access the shared data and under what condition. Reference architectures such as the International Data Spaces Association (IDSA) model define layers and components of a data space: the system layer includes data space connectors, a metadata broker, clearing house, app store, vocabulary hub and identity provider. Connectors provide access to data and verify participant identities, the clearing house logs transactions and events.

Dataspace connectors and the EDC framework

DADS adopts the Eclipse Dataspace Components (EDC) framework as the basis for its dataspace components. The EDC framework is an open source technology designed to enable sovereign, secure and policy controlled data exchange between organizations. It facilitates data sharing via a contract based exchange mechanism in which both parties agree on digital contracts that define who can access the data, for what purpose and under what conditions; these agreements are governed by machine readable usage policies that the connector enforces automatically. The EDC architecture follows a dual plane approach: the control plane acts as the core that manages contract negotiations, policy enforcement, service extensions, data transfer coordination and authentication/authorization, while the data plane handles the actual transfer of data using protocols like HTTPS and implements security measures during transfer. The framework includes core capabilities for data transfer, contract negotiation, access policy enforcement and service extensibility; an identity management subsystem that supports decentralized identities and OAuth2 authentication; a policy framework that defines and enforces usage control policies; and data management components that catalog available assets and ensure data integrity.

DSX Engine enhancements

The technology is developed by Blockchain Lab:UM from University of Maribor.

The DSX Engine extends the standard EDC framework to provide a decentralized dataspace. It introduces a decentralized participant discovery extension that connects each connector to a blockchain smart contract, allowing connectors to register and deregister themselves and maintain an up to date list of participants. When a connector starts, it calls smart contract functions to register itself; when shutting down, it deregisters. Extensions then listen to blockchain events to update the participant list, and crawlers automatically dispatch to discover catalogs from other participants. DSXE also integrates decentralized identity mechanisms by adding support for Ethereum (did:ethr) and European Blockchain Services Infrastructure (did:ebsi) decentralized identifiers, which are resolved through blockchain based registries. This allows participants to manage their own identities without relying on a central identity provider. Another extension implements a decentralized clearing house, storing logs of asset creation, contract negotiations and catalog lookups on a blockchain, ensuring tamper proof audit trails. DSX retains all core EDC functionalities: control plane, data plane, identity hub and federated catalog; but enhance them with blockchain based discovery and auditing. Contract negotiations remain a core feature: participants initiate negotiations by sending a contract request through the management API, referencing the asset and its policies. Once both connectors agree, the contract state becomes “Finalized,” and data transfer proceeds through the provider’s data plane, either via a push to the consumer’s endpoint or a pull by the consumer. The DSXE also support monetization models through support for x402 protocol, where payments are automatically executed with ERC-20 based tokens.

Implications for DADS

By integrating the DSX Engine, DADS extends its data sharing platform into a IDSA compliant dataspace. The connector acts as a gateway between an organization’s internal systems and the dataspace, enforcing data usage policies, handling contract negotiations and orchestrating secure data transfers. The metadata broker and vocabulary hub ensure that datasets published by different providers use consistent semantic models, enabling discoverability and interoperability. The clearing house component records transactions in a tamper proof manner, providing verifiable audit trails that ensures trust among participants. By adopting decentralized identity mechanisms, DADS empowers participants to control their credentials and reduces reliance on centralized authorities. The dataspace architecture also supports future monetization models: usage policies and smart contracts can specify payment terms, through x402 protocol and blockchain based tokens can automate compensation. Together, these components allow DADS to evolve from a single data platform into an interoperable node in the emerging network of European data spaces.