Data access and visibility

Introduction

This article describes the data access and visibility management concept on the Trusted Twin platform. 

The purpose of this article is to provide system architects and developers with conceptual knowledge required to design solutions on the Trusted Twin platform. In order to consult developer resources, please navigate to the Trusted Twin docs website.

5 min read

Figure 1. Data access on the Trusted Twin platform.

Concept

Overview

The fundamental principle of data sharing is to retain data ownership and control over how and by whom data is used. The Trusted Twin platform is designed to provide real-time and continuous data access and visibility management from different perspectives and on multiple levels.

The Trusted Twin platform uses a shared object model based on the digital twin concept that allows for aggregating data owned by many accounts. Therefore, the shared object on the platform which ties together knowledge provided by different accounts is called a Twin.
Read more: Shared object

Data access and visibility on the Trusted Twin platform can be managed from two perspectives:

  • user perspective,
  • resource perspective.

 

Figure 2. User and resource data access and visibility perspectives.

User perspective

Every user on the Trusted Twin platform has a role that defines their permissions:

  • Access list of API endpoints that a user can call.

Developer resources
API reference index

  • Twin access rule that defines which Twins a user can access.
  • Entry access rule that defines which Entries in the Ledger a user can access.

Access rules are logical expressions using contextual variables that resolve either to True (access granted/resource visible) or False (access denied/resource not visible).
Read more: Rules

Developer documentation
Rules

Setting access rules allows for limiting a user’s access to selected Twins (e.g., only “cats” not “dogs”) and to selected information stored in the object’s Ledger (e.g., only “breed” not “owner”). 

 

Figure 3. Role access rules define whether the user with the role can view given Twins.

Resource perspective

There are two types of resources that support real-time visibility and access management on the Trusted Twin platform:

  • Ledger, 
  • Identity. 

The visibility in these objects can be controlled by access rules. Access rules are logical expressions using contextual variables that resolve either to True (access granted/object visible) or False (access denied/object not visible).

Ledgers

Ledgers are used to store Twins’ state. They consist of Entries. An access rule can be set independently for each Entry.
Read more: Ledger structure

Figure 4. Ledger with Entries with different access rules.

Identities

Identities are used to identify Twins. They can be private or public. Visibility of public Identities can be controlled by access rules.

Figure 5. Visibility rules of Identities. 

Docs

An account can also attach files of any type and size to Twins. These files are called Docs.  Docs are by default private. Access to documents is managed by unique, time-constrained download links. 

 

Figure 6. Two documents attached to a Twin with unique, time-constrained download links.

Developer resources
Docs

Tips & tricks

  • User perspective and resource perspective are verified independently. User perspective access rules are most often used to control access to own resources, while resource perspective access rules are most often used to control access for foreign accounts’ users.
  • Access rules apply for direct access to resources (i.e., call to an API endpoint), but also when a referenced value is propagated automatically (see reference type Entries in Ledger concept).

For more information about how to use the Trusted Twin platform in your application’s architecture or technology stack, please contact hello@trustedtwin.com or schedule a video consultation with us through Calendly.

ON THIS PAGE