Sharing data is a fundamental prerequisite for a thriving data ecosystem and the applications and services built on it. Within companies, processes can be made more efficient through the simple provision of data.
Even between companies, seamless data sharing improves collaboration — for example, along service relationships and supply chains (data portability). While data is shared, data owners must retain sovereignty and control over their data (data sovereignty). For instance, a tax advisor might share a business evaluation with their client and allow further sharing of this data with selected third parties, such as a bank for a business loan application.
In the B2B context, there is a pressing need for automated, occasion-driven, and efficient data exchange between data-providing and data-consuming companies. This can unlock new business relationships and reduce the effort required for individual API solutions. At the same time, issues associated with centralized platforms, such as power concentration, data protection, and loss of data sovereignty — common in social networks — should be avoided.
One approach to making corporate data portable and enabling sovereign data sharing is through the concept of a data intermediary, who mediates between data-providing and data-consuming companies. The BMBF-funded research project MANDAT, a collaboration between DATEV eG, KIT (Dr. Käfer, Web Science Research Group at the Karlsruhe Institute of Technology), and FAU (Prof. Dr. Harth, Chair of Information Systems, especially Technical Information Systems, at Friedrich-Alexander-Universität Erlangen-Nürnberg), explores methods to exchange corporate data in decentralized intermediary-based data ecosystems on the web.
The MANDAT project focuses on exchanging business data which is too sensitive to be transmitted to large platform corporations under weak data protection laws. Yet, this data must be shared between various parties to provide services — for instance, in tax or legal consulting or in cross-company value chains. To address these challenges, we use Solid technology.
What is Solid?
Solid (formerly Social Linked Data) is a web technology initiated by Sir Tim Berners-Lee, the inventor of the World Wide Web. Solid aims to fundamentally change how data is shared on the web by giving users back control over their personal data. The concept is based on decentralized web principles and uses existing Semantic Web and Linked Data technologies.
Solid seeks to reverse the current web model, where companies often control user data. A key #principle of Solid is the separation of data and applications, based on decentralized principles. This empowers users with greater sovereignty and responsibility over their data, enhancing both privacy and interoperability.
Decentralized Data Management
Solid separates applications from data. Users store their data in Solid Pods. Instead of apps or platforms storing user data (as is the case with Facebook or Google), the data remains under the users control and applications only gain (limited) access to this data.
Solid Pods (Personal Online Datastores)
A Solid Pod is a secure online data store, akin to a data safe, where users can store their data. Data owners control who can access which parts of their Pod, managed through fine-grained permissions. This data can be used by various applications, but the user decides who and what can access it.
Interoperability
Solid Applications access the user’s Solid Pods instead of isolated databases. This promotes interoperability between apps, as they all access the same data if the user permits it. For example, you can use your contacts and files across different social networks or applications without uploading your data multiple times.
Data Privacy and Control
With Solid, users retain full control over their data. They can decide which parts of their data are accessible to which applications and users. If they want to revoke access to an app or service, they can do so at any time.
Linked Data
Solid is based on Linked Data and Semantic Web principles, meaning data is standardized and interconnected. This enhances the discoverability and usability of data for people, machines, and applications.
Decentralized Identities
Users have a WebID (an authentication and authorization infrastructure) provided by a decentralized identity provider. This identity is not tied to a central platform, making it platform-independent and usable for authentication across various services.
APIs and Protocols
Solid uses existing web standards like HTTP, RESTful APIs, RDF (Resource Description Framework) and WebID to standardize interaction between Pods and applications.
What Does This Mean for Developers?
Developers of Solid apps can focus more on implementing business logic compared to traditional web app development. In Solid, business logic, data, and identities are modularly interconnected through W3C-standardized communication, allowing for reusability.
Solid Pods are hosted by any Pod provider, where users store and manage their data under their WebID. When using a Solid app, users log in via OIDC (an extension of the OAuth 2.0 standard) to their Pod provider, granting the app access to their data. This eliminates the need to manage a separate database. Importing or exporting data does not require individual APIs for external services. Even login interfaces become unnecessary, as the login occurs with the Pod provider. Developers no longer need to build extensive authentication and authorization infrastructures.
For managing data access permissions in Solid Pods, users choose a third-party authorization application. The URI of this application is linked in their WebID profile. When data sharing is required within an application workflow, the Solid app can redirect users to their chosen authorization application. This also eliminates the need to implement access controls in the Solid app.
Consequently, developers looking to release new apps within a Solid ecosystem can focus more on implementing essential business solutions and delivering them to users faster.
The Potential of Solid
Solid has the potential to simplify and accelerate the development of business solutions while providing an ideal foundation for sharing data within and between companies. By adhering to Solid principles, companies retain control and sovereignty over their data, enabling them to share it easily and on-demand with business partners or customers.