Merge pull request #30 from POORT8/docs/4521-revision

README + chapters 1-4 changes
POORT8 · Jul 10, 2024 · 4dddd38 · 4dddd38
2 parents 8324d34 + 4f02266
commit 4dddd38
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 22 deletions.
diff --git a/README.md b/README.md
@@ -39,7 +39,7 @@ To facilitate setting up dataspaces that follow certain principles, serving as a
 
 ## Customer Journeys
 
-The wiki describes the following [Customer Journeys](docs/3-Customer-Journeys.md) in more detail:
+The wiki describes the following [Customer Journeys](docs/3%20-%20Customer%20Journeys.md) in more detail:
 
 - Initiating Dataspace Core
 - Onboarding Data Sources
@@ -54,7 +54,7 @@ The first 3 journeys comprise the launch of a first (prototype) of a dataspace.
 The Dataspace Core provides services for the organization registry, the organization onboarding process, the dataspace manager and (optionally) an authorization registry. With the dataspace manager the dataspace standards can be managed, such as the requirements for authentication and onboarding, and the definition of a dataspace data model.
 Secondly (and optionally), the dataspace initiator can provide Dataspace Adapters to Data Providers, with services to support them with mapping to the dataspace data model, and Identification, Authentication and Authorisation (IAA) according to the Dataspace standards. Dataspace Adapters are expected to be made redundant as Data Providers create independent solutions for this.
 Thirdly (and optionally), the dataspace initiator may choose to launch the dataspace with a prototype app, using the Dataspace Prototype services for logic, IAA, and multiple front-end channels for the end user. Such a Dataspace Prototype app can be removed when additional apps are added to the dataspace.
-See the [architectural outline](docs/2-Dataspace-Concepts.md) of these functions for more detail.
+See the [architectural outline](docs/2%20-%20Dataspace%20Concepts.md) of these functions for more detail.
 
 ## Challenges
 

diff --git a/docs/1 - Introduction.md b/docs/1 - Introduction.md
@@ -46,7 +46,7 @@ NoodleBar seamlessly integrates with the iSHARE Trust Framework, leveraging its
 
 Inspired by the principles of federated data sharing, NoodleBar ensures that data remains at its source while enabling controlled access and sharing across different sectors and organizations. This approach enhances data accessibility and trust, promoting responsible data usage, privacy, and transparency.
 
-For more information on iSHARE, visit the [iSHARE Trust Framework website](https://framework.ishare.eu/is/).
+For more information on iSHARE, visit the [iSHARE Trust Framework website](https://framework.ishare.eu/).
 
 ### 1.7 Context and Objective
 

diff --git a/docs/2 - Dataspace Concepts.md b/docs/2 - Dataspace Concepts.md
@@ -32,9 +32,9 @@ NoodleBar provides different deployment models to suit various organizational ne
 
 1. **Local Identity Server**: This is the most straightforward deployment, functioning as a standalone system. It is ideal for prototypes and a "dataspace in a day."
 
-2. **OAuth Identity Server**: This version supports federated capabilities using the OAuth standard. It allows for standalone operation while enabling integration with external systems, providing a flexible and scalable solution.
+2. **OAuth Identity Server (recommended)**: This version supports federated capabilities using the OAuth standard. It allows for standalone operation while enabling integration with external systems, providing a flexible solution. The widespread adoption of OAuth also makes it highly scalable. There is extensive documentation available, numerous integration possibilities with third-party services, and the capability to be used in conjunction with federated identity providers.
 
-3. **iSHARE**: Fully iSHARE-compliant, this deployment ensures the highest level of security and interoperability. It uses X.509 certificates for authentication and iSHARE-compliant authorization mechanisms, making it suitable for organizations with stringent compliance requirements.
+3. **iSHARE**: Fully iSHARE-compliant, this deployment ensures the highest level of security. It uses X.509 certificates for authentication and iSHARE-compliant authorization mechanisms, making it suitable for organizations with stringent compliance requirements.
 
 ### 2.4 Roles in the iSHARE Trust Framework
 
@@ -55,7 +55,7 @@ These roles ensure that all parties involved in data sharing are properly authen
 - **Modularity**: The components can be customized and integrated with other systems, making it a flexible solution for various organizational needs.
 - **Scalability**: NoodleBar is designed to scale, supporting growing data sharing needs as organizations expand.
 - **Compliance**: Fully aligned with the iSHARE Trust Framework, NoodleBar ensures compliance with stringent data sharing standards.
-- **Versatility**: NoodleBar can be used to quickly set up a dataspace in a day and is also being used in fully compliant federated dataspaces.
+- **Versatility**: NoodleBar supports various [deployment models](/docs/4%20-%20NoodleBar%20Implementation%20Stages.md), from simple local [identity management](/docs/6%20-%20Deployment%20Using%20a%20Local%20Identity%20Server.md) to advanced [OAuth (recommended)](/docs/7%20-%20Deployment%20Using%20OAuth%20Server.md) and [iSHARE](/docs/8%20-%20Deployment%20Using%20iSHARE.md) compliant setups.
 
 ### 2.6 Dataspace Adapters (In Development)
 

diff --git a/docs/3 - Customer Journeys.md b/docs/3 - Customer Journeys.md
@@ -40,7 +40,7 @@ Finally, expand the dataspace by adding more providers and apps:
 - **Onboarding New Service Providers**: Integrating additional data sources and services.
 - **Launching New Applications**: Developing and deploying new apps that leverage the dataspace for enhanced functionality and user experience.
 
-### Customer Journeys Summary
+### 3.6 Customer Journeys Summary
 
 - **Initiating Dataspace Core**: Set up foundational components and management tools.
 - **Onboarding Data Sources**: Register and integrate data providers and sources.

diff --git a/docs/4 - NoodleBar Implementation Stages.md b/docs/4 - NoodleBar Implementation Stages.md
@@ -1,6 +1,9 @@
 # 4: NoodleBar Implementation Options
 
-Poort8 has been the frontrunner in creating solutions for dataspaces. We believe it is important to have a running prototype as soon as possible, which is why we created NoodleBar. Beginning with the iSHARE framework from the start has proven to be far too complex, and frankly, most use cases don't need this level of security and governance. With NoodleBar, we set out to create a solution that makes it possible to set up a dataspace prototype in a day. This prototype can be integrated with existing data sources or synthetic data to use the dataspace from day one.
+Poort8 has been the frontrunner in creating solutions for dataspaces. We believe it is important to have a running prototype as soon as possible, which is why we created NoodleBar. By following these implementation stages, organizations can leverage NoodleBar’s full potential, starting from a basic setup to a highly secure and compliant dataspace solution.
+
+### 4.1 OAuth as the recommended authentication method
+Following the iSHARE framework from the start has proven to be very complex, and frankly, most use cases don't need this level of security and governance. With NoodleBar, we set out to create a solution that makes it possible to set up a dataspace prototype in a day. This prototype can be integrated with existing data sources or synthetic data to use the dataspace from day one.
 
 Another hurdle with iSHARE is that it does not use any existing standards. This means there are no packages, middleware, or even code examples available for developers to use. Developers need to first learn this complex iSHARE standard and then implement everything from scratch. To address this, we added the de-facto standard to NoodleBar: OAuth.
 
@@ -10,7 +13,8 @@ OAuth is an open standard for access delegation, commonly used for token-based a
 - **Security**: OAuth provides a secure way to authorize access without sharing credentials, reducing the risk of credential theft.
 - **Interoperability**: OAuth supports integration with various services and platforms, enhancing the flexibility and scalability of the dataspace.
 
-### Option 1: Deploy NoodleBar Using the Local Identity Server
+### 4.2 Deployment options
+#### Option 1: Deploy NoodleBar Using the Local Identity Server
 
 The first option involves deploying NoodleBar using the Local Identity Server. This setup provides the essential components to get started quickly:
 
@@ -20,7 +24,7 @@ The first option involves deploying NoodleBar using the Local Identity Server. T
 
 Using this setup, authentication and tokens are managed by the Organization Register. Data providers can modify their existing APIs to integrate with the NoodleBar system. This involves using the enforce API of the Authorization Register to ensure that data is only returned if the enforce API returns an allowed response.
 
-### Option 2: Deploy NoodleBar Using an OAuth Server
+#### Option 2: Deploy NoodleBar Using an OAuth Server (recommended)
 
 This option leverages the OAuth protocol for enhanced federated capabilities:
 
@@ -29,21 +33,11 @@ This option leverages the OAuth protocol for enhanced federated capabilities:
 
 This stage maintains the same core functionalities as option 1 but enhances security and interoperability by using the OAuth standard. This allows for seamless integration with external systems, making it suitable for more complex and distributed environments.
 
-### Option 3: Deploy NoodleBar Using iSHARE
+#### Option 3: Deploy NoodleBar Using iSHARE
 
 For use cases that demand the highest standards of security and governance, iSHARE can be utilized:
 
 - **iSHARE Satellite**: Replaces the NoodleBar Organization Register. The iSHARE Satellite, which uses X.509 certificates for robust authentication, must be deployed and maintained by experienced developers. For more information, visit the [iSHARE Satellite GitHub repository](https://github.com/iSHAREScheme/iSHARESatellite).
 - **iSHARE Authorization Register**: Ensures compliance with stringent security and governance standards.
 
-Deploying NoodleBar using iSHARE ensures that all data exchanges are conducted with the highest level of trust and security. The NoodleBar Authorization Register can be configured to be fully iSHARE compliant. However, it's important to note that this stage has proven to be complex, costly, and time-consuming. For production environments, eIDAS certificates must be purchased by every party in the dataspace, further increasing the cost, complexity, and maintainability demands.
-
-### Advantages of NoodleBar
-
-- **Quick Deployment**: NoodleBar can be deployed in a day, providing all the essential components for a fully functional pilot.
-- **Versatility**: NoodleBar supports various deployment models, from simple local identity management to advanced OAuth and iSHARE compliant setups.
-- **Scalability**: Designed to grow with organizational needs, supporting increasing data sharing requirements.
-- **Compliance**: Aligns with the iSHARE Trust Framework, ensuring adherence to high security and governance standards.
-- **Flexibility**: NoodleBar can be used to quickly set up a dataspace in a day and is also being used in fully compliant federated dataspaces.
-
-By following these stages, organizations can leverage NoodleBar’s full potential, starting from a basic setup to a highly secure and compliant dataspace solution.
+Deploying NoodleBar using iSHARE ensures that all data exchanges are conducted with the highest level of trust and security. The NoodleBar Authorization Register can be configured to be fully iSHARE compliant. However, it's important to note that this stage has proven to be complex, costly, and time-consuming. For production environments, eIDAS certificates must be purchased by every party in the dataspace, further increasing the cost, complexity, and maintainability demands.