EDC Connector

The EDC Connector: Driving Data Sovereignty

Think-it logo
Think-it Team
Engineering.12 min read
Understanding the EDC connector and it's role in dataspaces

In today's data-driven world, organizations face a critical challenge: how to share valuable data while maintaining control and sovereignty over their digital assets. The Eclipse Data Space Connector (EDC) has emerged as a groundbreaking solution to this challenge, offering a robust framework for secure, sovereign data exchange. This article explores how the EDC Connector is transforming the landscape of data sharing and sovereignty.

Understanding Data Sovereignty in the Modern Context

Data sovereignty represents a fundamental shift in how we think about data ownership and control. It's the principle that data owners should maintain complete authority over their data, including:

  • Who can access their data
  • How their data can be used
  • When and where their data can be shared
  • Under what conditions data sharing occurs

The EDC Connector was specifically designed to make these principles a practical reality, addressing the growing demands of regulations like GDPR and HIPAA while enabling efficient data sharing.

Learn more about data sovereignty

78 days ago

What Is Sovereign Data? A Comprehensive Overview

This article explores the concept of sovereign data, its implications for businesses and governments, and best practices for ensuring compliance in an interconnected world.

Think-it logo
Think-it Team
Read moreLink to the article What Is Sovereign Data? A Comprehensive Overview
145 days ago

Data Sovereignty Through Data Spaces

What is data sovereignty and why it matters in global data management

Think-it logo
Think-it Team
Read moreLink to the article Data Sovereignty Through Data Spaces

What is the EDC Connector?

The Eclipse Dataspace Components (EDC) Connector is an open-source technology designed to enable sovereign, secure, and policy-controlled data exchange between organizations. Built to support the vision of decentralized data spaces, the EDC allows participants to share data without giving up control, using standardized contracts and usage policies to govern every interaction. According to the Eclipse Dataspace Protocol Overview, “EDC is designed to enable sovereign, interoperable, and secure data exchange between trusted partners.”

It’s the foundation for building trust-based, interoperable ecosystems where data flows across organizational and geographic boundaries—without compromising ownership or compliance.

How does the EDC Connector work?

At the heart of the EDC architecture is a contract-based exchange mechanism. Before any data is transferred, both parties must agree on a digital contract that clearly defines the terms of use—who can access the data, for what purpose, and under what conditions. These agreements are governed by machine-readable usage policies that are automatically enforced by the connector. This approach aligns with the IDSA Rulebook’s Functional Requirements, which emphasize the need to maintain transparent and traceable exchanges, backed by robust audit trails and policy enforcement mechanisms.

The Architecture of the EDC Connector: A Dual-Plane Approach

The Control Plane

Think of the Control Plane as the "brain" of the EDC Connector. It manages:

  • Contract negotiations between parties
  • Policy enforcement (ODRL)
  • Service extension lifecycle
  • Data transfer coordination
  • Authentication and authorization

The Data Plane

The Data Plane serves as the "muscle," handling the actual data movement:

  • Supports multiple protocols (HTTPS, S3, etc.)
  • Manages actual data transfer operations
  • Implements security measures during transfer
  • Ensures high-throughput data movement

This separation of concerns allows for optimal performance and scalability while maintaining security.

Core Capabilities and Components

The EDC Connector framework includes several essential components:

  1. Connector Core

    • Manages data transfer processes
    • Handles contract negotiations
    • Enforces access policies
    • Coordinates service extensions

  2. Identity Management

    • Supports decentralized identities
    • Implements OAuth2 authentication
    • Manages security certificates
    • Handles trust verification

  3. Policy Framework

    • Defines usage control policies
    • Implements access control
    • Manages contract terms
    • Enforces data usage rules

  4. Data Management

    • Catalogs available data assets
    • Manages metadata
    • Coordinates data transfer
    • Ensures data integrity

Real-World Applications and Success Stories

Catena-X Automotive Network

The EDC Connector powers data exchange in the automotive industry through Catena-X, enabling:

  • Secure supply chain collaboration
  • Parts traceability
  • Quality management
  • Sustainability tracking

Eona-X Initiative

In the mobility and tourism sectors, Eona-X uses the EDC facilitates:

  • Seamless travel data exchange
  • Transport coordination
  • Tourism service integration
  • Cross-border data sharing

Mobility Data Space

The Mobility Data Space enables trusted data exchange in the mobility sector, supporting:

  • Real-time exchange of multi-modal transportation data
  • Integrated traffic management and dynamic route optimization
  • Enhanced transit planning and policy development
  • Support for sustainable urban mobility initiatives

Further reading on data sharing

162 days ago

Solving for Scope 3 Emissions: Think-it's Innovative Data Space Approach

How Think-it solves for scope 3 emissions data in the logistics industry.

Think-it logo
Think-it Team
Read moreLink to the article Solving for Scope 3 Emissions: Think-it's Innovative Data Space Approach
78 days ago

Exploring Data Sharing Systems: A Comprehensive Overview

A look at different data sharing systems and how they work

Think-it logo
Think-it Team
Read moreLink to the article Exploring Data Sharing Systems: A Comprehensive Overview

Implementation Best Practices

When implementing the EDC Connector, organizations should:

  1. Start with Clear Objectives

    • Define data sharing goals
    • Identify key stakeholders
    • Map out data flows
    • Set success metrics

  2. Ensure Proper Security Configuration

    • Implement strong authentication
    • Configure access policies
    • Set up encryption
    • Monitor security logs

  3. Plan for Scalability

    • Design for growth
    • Consider performance requirements
    • Plan resource allocation
    • Monitor system metrics

We invite you to use our open source EDC suite to help your journey.

Future Developments and Roadmap

The EDC Connector continues to evolve with planned enhancements including:

  • Enhanced policy enforcement mechanisms
  • Improved interoperability features
  • Advanced monitoring capabilities
  • Streaming capabilities
  • Extended protocol support
  • AI integrations

Getting Started with EDC Connector

To begin implementing the EDC Connector:

  1. Assessment Phase

    • Evaluate current data sharing needs
    • Identify technical requirements
    • Review security requirements
    • Plan implementation strategy

  2. Implementation Phase

    • Install and configure EDC components
    • Set up security measures
    • Configure policies
    • Test connections

  3. Operation Phase

    • Monitor performance
    • Manage policies
    • Maintain security
    • Update as needed

EDC Connector Provisioning Guide

To provision an EDC (Eclipse Dataspace Connector) connector, I'll outline the key steps and considerations involved. The EDC is an implementation of the International Data Spaces (IDS) protocol for secure data sharing across organizational boundaries.

Prerequisites

  • Java Development Kit (JDK) 11 or higher
  • Docker and Docker Compose (for containerized deployment)
  • Access to configuration management tools
  • Required certificates for secure communication

Basic Provisioning Steps

  1. Choose Deployment Method:
    • Standalone Java application
    • Docker container
    • Kubernetes deployment
    • Cloud-native services
  2. Configure Core Components:
    • Data Management API
    • Control Plane
    • Data Plane
    • Vault integration for secret management
  3. Set Up Security:
    • Configure identity provider integration
    • Set up authentication mechanisms
    • Implement authorization policies
  4. Configure Extensions:
    • Select and configure required extensions (e.g., data transfer, contract negotiation)
    • Set up persistence layer (database connection)

Step-by-Step Containerized Deployment Guide for EDC Connector

1. Setup Project Structure

First, create a project directory structure:

edc-deployment/
├── docker-compose.yml
├── config/
│   ├── control-plane.properties
│   └── data-plane.properties
├── certs/
│   ├── cert.pem
│   └── private.key
└── vault/
    └── secrets.properties

EDC connector project directory structure

2. Create Docker Compose File

Below is a sample docker-compose.yml file for deploying both control and data planes:

services:
  # Control Plane service
  control-plane:
    image: eclipseedc/edc-controlplane:latest
    ports:
      - "8181:8181"  # Management API
      - "8182:8182"  # IDS API
      - "8282:8282"  # Default API
    environment:
      - EDC_FS_CONFIG=/app/config/control-plane.properties
      - EDC_VAULT=/app/config/vault/secrets.properties
      - EDC_KEYSTORE=/app/config/certs/keystore.p12
      - EDC_KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}
      - JAVA_TOOL_OPTIONS=-Xms256m -Xmx1g
    volumes:
      - ./config:/app/config
      - ./certs:/app/config/certs
      - ./vault:/app/config/vault
    networks:
      - edc-network
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8181/api/check/health"]
      interval: 30s
      timeout: 10s
      retries: 5
      
  # Data Plane service
  data-plane:
    image: eclipseedc/edc-dataplane:latest
    ports:
      - "8185:8185"  # Public API
      - "8186:8186"  # Control API
    environment:
      - EDC_FS_CONFIG=/app/config/data-plane.properties
      - EDC_VAULT=/app/config/vault/secrets.properties
      - EDC_KEYSTORE=/app/config/certs/keystore.p12
      - EDC_KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}
      - JAVA_TOOL_OPTIONS=-Xms256m -Xmx1g
    volumes:
      - ./config:/app/config
      - ./certs:/app/config/certs
      - ./vault:/app/config/vault
    networks:
      - edc-network
    depends_on:
      - control-plane
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8186/api/check/health"]
      interval: 30s
      timeout: 10s
      retries: 5

  # Database for persistence
  postgres:
    image: postgres:13
    environment:
      - POSTGRES_USER=edc
      - POSTGRES_PASSWORD=edc
      - POSTGRES_DB=edc
    ports:
      - "5432:5432"
    volumes:
      - postgres-data:/var/lib/postgresql/data
    networks:
      - edc-network

networks:
  edc-network:
    name: edc-network
    driver: bridge

volumes:
  postgres-data:

EDC Connector Docker Compose File

3. Configure Control Plane Properties

Create a control-plane.properties file.

4. Configure Data Plane Properties

Create a data-plane.properties file.

5. Secrets Management

Create a secrets.properties file in the vault directory:

# API keys
default-api-key=change-me-in-production

# Database credentials
POSTGRES_PASSWORD=edc

# Certificate passwords
KEYSTORE_PASSWORD=keystore-password

# OAuth2 client credentials (if using OAuth)
OAUTH_CLIENT_ID=your-client-id
OAUTH_CLIENT_SECRET=your-client-secret

# Vault token for HashiCorp Vault (if using)
VAULT_TOKEN=your-vault-token

# Transfer proxy signing key alias
transfer-proxy-key=your-signing-key-alias

EDC Connector Secrets Management

6. SSL Certificate Setup

Generate a self-signed certificate for development (replace with proper certs for production).

7. Docker Environment Setup

Create a .env file in the root directory.

8. Start the Connector

# Start the connector
docker-compose up -d

# Check the logs
docker-compose logs -f

# Check the health endpoints
curl http://localhost:8181/api/check/health
curl http://localhost:8186/api/check/health

9. Verify Deployment

The connector should now be up and running. Verify by:

  1. Checking container status: docker-compose ps
  2. Accessing the management API: curl http://localhost:8181/api/management
  3. Checking health endpoints: curl http://localhost:8181/api/check/health

10. Common Issues & Troubleshooting

  • Container exits immediately: Check logs with docker-compose logs -f control-plane
  • Connection errors: Verify network settings and ports
  • Authentication failures: Check secrets configuration
  • Database connection issues: Verify PostgreSQL container is running and accessible

Conclusion

The EDC Connector represents a significant advancement in data sovereignty and secure data sharing. Its robust architecture, comprehensive features, and growing adoption make it a cornerstone technology for organizations seeking to maintain control over their data while participating in collaborative data spaces.

Organizations looking to implement the EDC Connector can benefit from its:

  • Strong security features
  • Flexible architecture
  • Comprehensive policy framework
  • Growing ecosystem support

As data sharing becomes increasingly critical to business success, the EDC Connector provides a trusted, sovereign, and efficient solution for organizations of all sizes.

Frequently Asked Questions

What is the role of the EDC Connector in data sovereignty?

The EDC Connector ensures data sovereignty by providing a secure framework for data exchange, allowing organizations to maintain control over data access, usage, and sharing conditions.

How does the dual-plane architecture of the EDC Connector enhance security?

The dual-plane architecture, consisting of the Control Plane and Data Plane, separates management and data movement tasks, optimizing security and scalability.

Share this story