TrustedTwin Homepage

Articles

Figure 1. Objects related to data access and visibility on the Trusted Twin platform.

Data access and visibility management concept

Summary

This article describes the data access and visibility management concept on the Trusted Twin platform. 

The purpose of this article is to provide system architects and developers with conceptual knowledge required to design solutions on the Trusted Twin platform. For developer resources, please consult the Trusted Twin docs website.

5 min read.

Concept

The fundamental principle of data sharing is to retain data ownership and control over how and by whom data is used. The Trusted Twin platform is designed to provide real-time and continuous data access and visibility management from different perspectives and on multiple levels.

The Trusted Twin platform uses a shared object model based on the digital twin concept that allows for aggregating data owned by many accounts. Therefore, the shared object on the platform which ties together knowledge provided by different accounts is called a Twin. Trusted Twin shared object concept

Data access and visibility on the Trusted Twin platform can be managed from two perspectives:

  • user perspective,
  • resource perspective.
Figure 2. User and resource data access and visibility perspectives.

User perspective

Every user on the Trusted Twin platform has a role that defines their permissions:

  • Access list of API endpoints that a user can call.

Developer resources
API reference index

  • Twin access rule that defines which Twins a user can access.
  • Entry access rule that defines which Entries in the Ledger a user can access.

Access rules are logical expressions using contextual variables that resolve either to True (access granted/resource visible) or False (access denied/resource not visible). Trusted Twin access rules concept

Developer documentation
Rules

Setting access rules allows for limiting a user’s access to selected Twins (e.g., only “cats” not “dogs”) and to selected information stored in the object’s Ledger (e.g., only “breed” not “owner”). 

Figure 3. Role access rules define whether the user with the role can view given Twins.

Resource perspective

There are two types of resources that support real-time visibility and access management on the Trusted Twin platform:

  • Ledger, 
  • Identity. 

The visibility in these objects can be controlled by access rules. Access rules are logical expressions using contextual variables that resolve either to True (access granted/object visible) or False (access denied/object not visible).

Ledgers

Ledgers are used to store Twins’ state. They consist of Entries. An access rule can be set independently for each Entry. Trusted Twin ledger concept link

Figure 4. Ledger with Entries with different access rules.

Identities

Identities are used to identify Twins. They can be private or public. Visibility of public Identities can be controlled by access rules.

Figure 5. Visibility rules of Identities. 

Docs

An account can also attach Docs to Twins. Documents are by default private. Access to documents is managed by unique, time-constrained download links. 

Figure 6. Two documents attached to a Twin with unique, time-constrained download links.

Developer resources
Docs

Tips & tricks

  • User perspective and resource perspective are verified independently. User perspective access rules are most often used to control access to own resources, while resource perspective access rules are most often used to control access for foreign accounts’ users.
  • Access rules apply for direct access to resources (i.e., call to an API endpoint), but also when a referenced value is propagated automatically (see reference type Entries in Ledger concept).

Up next/ Next step

Related articles

For more information about how to use the Trusted Twin platform in your application’s architecture or technology stack, please contact hello@trustedtwin.com

ON THIS PAGE