This article describes the Data Hub architecture on the Trusted Twin platform.
The purpose of this article is to provide system architects and developers with conceptual knowledge required to design Data Hub solutions on the Trusted Twin platform. In order to consult developer resources, please go to the Trusted Twin docs website. For more information, please get in touch with us at firstname.lastname@example.org.
10 min read
About Data Hub
The Trusted Twin Data Hub allows Data Providers to monetize their customer data by letting Data Users access insights from the data. Data Users can access the data in real time and enhance their decision-making process with additional insights about a given consumer, and also make such a decision in real time, thus providing a better customer experience.
Data Providers and Data Users
The Data Hub participants are:
- Data Providers: organizations to whom customers have provided their data,
- Data Users: organizations that need to access insights about a given customer with the consent of the customer in order to make a decision concerning that customer.
On the Trusted Twin platform, both Data Provider and Data User organization are represented by accounts.
Within each account, there are users with roles assigned. A role is a collection of permissions that defines operations a user is allowed or not allowed to perform, and on which resources they can perform the operations.
Read more: Account and access
Privacy enhancing technologies
You can add one or more Identities to a Twin. Identities identify Twins. They can be hashed identifiers of a given ID of a customer used for by data users accounts to check whether a customer profile is made available to them by a data provider account.
Ledgers and entries
The information about a given Twin is stored in Entries of the Ledger of that Twin. The visibility can be set at the level of a single Entry, thus enabling different Entries of a Ledger to be visible to different accounts.
Read more: Shared object
How it works
Step 1. Checking data availability
A Data User can check whether a Data Provider made a profile of a given customer available to them by checking whether a given Identity is attached to a Twin. This can be done through the resolve_twin_identity endpoint.
If an Identity is available to the Data User, they will receive a Twin UUID (unique identifier of the Twin) or a list of Twin UUIDs if more than one Twin has the given Identity. Below you can see examples of details of a single Twin (Figure 6) and details of multiple Twins (Figure 7).
If there are multiple Twins returned, they can be distinguished by unique identifiers of accounts or by information included in the optional “description” field.
If there is no Identity available to the given user of the account, the result will be an empty list.
Step 2. Accessing data
Once the Data User has obtained the Twin UUID (unique identifier of the Twin), they can use it to access the customer profile through the get_twin_ledger_entry_value endpoint.
Tips & tricks
- To log data about access to resources in your account, you can use the Resource Access Log functionality.
Read more: Resource Access Log
Resource Access Log