DMA Blockchain
The DMA Blockchain uses a Blockchain to share basic information about organizations, users, services, data sets, and transactional data related to the trading occuring in the Data Market Austria.
The principal functions of the Blockchain in the Data Market Austria are to:
- Uniquely identifiy organizations, users, data sets, and services.
- Register data or service offerings and support the contract conclusion. between providers and customers.
- Manage the voting process regarding new membership applications.
The basis of the DMA Blockchain is a private (permissioned) Ethereum Network.
To participate in the DMA Blockchain network, the first requirement is to be a member of the DMA. For this purpose, an organization must submit a membership application. Once this application is accepted, the organization is able to create users which operate on behalf of the organization in in various roles (such as data or service provider, or customer).
Setting up and operating an own DMA Blockchain node is only required if an organization/user wants full control over the private keyfiles which allow initiating transactions related to the own datasets, services, and other assets. Alternatively, the central DMA Blockchain node can be used to create the required keyfiles. However, this is a question of trust: if the central DMA Blockchain node is used, the private key files which allow performing transactions, are managed in separate user spaces by the DMA.
Identifiers
Accepted members of the DMA get an organization namespace assigned. This is a short ASCII string identifier, such as "dma", for example, which is used as a prefix in the URI:
info:dma/e1559efb3201018c1fd921c6e6b7f4288d99136b
In this example, the 40 characters string "e1559efb3201018c1fd921c6e6b7f4288d99136b"
is the actual identifier of an entity and is used as an identifier for
organizations, users, data sets, and services.
Technically, the DMA uses the Public Key of Ethereum Owned Accounts1 for this purpose.
For each Identifier there is a private key file which can demonstrate the "ownership" of the corresponding account. Only if a user has access to the related private key file of the identifier, it is possible to submit a transaction (e.g. a offer or a purchase transaction) related to it.
Organizations and users automatically get such an Identifier assigned which allows them to do transactions that need to be recorded in the Blockchain. For assets it is required to retrieve these identifiers. If the organization has setup its own Blockchain node, this can be done by using the Ethereum client tool "geth" or a deployment of the Blockchain API as part of the local environment. Alternatively, the DMA Blockchain API service can be used for that purpose.
Blockchain API
The Blockchain API provides functions to create offers and conclude contracts in the DMA and read the status of stored contracts. Ethereum Smart Contracts are represented by code and they are used to store information about contracts in the legal sense, i.e. contracts between different parties determining the obligations and rights related to a trade. By smart contract we always refer to the first (contract as code) whereas the short term contract always refers to the latter (legal contract).
An asset represents the traded item, i.e. it is the contractual object. The data set or service is not directly used as the asset in a contract. Instead, the asset is either a dataset distribution in the case of data sets or a service version in the case of services. While dataset distribution refers to the static delivery of either the full data set or a subset of it in form of files (e.g. parts of the data set in a specific format), a service offer can be either a service providing access to data, such as a data stream, or any other service offering added value to the customer.
Assets have an identifier (the 40 character string mentioned above) which is controlled by a private-key. When a smart contract is created, its identifier is derived from the EOA of the asset and is therefore unambiguously and permanently related to the asset’s EOA (even if the smart contract is terminated). As a consequence, changing a smart contract (e.g. assigning a new contract document or choosing another termination modality) requires assigning a new EOA so that a new smart contract can be created. This is the reason why the EOA of a data set or service is not used directly in a contract because the EOA of the data set or service is the persistent unique identifier (PUID) which is usually not desired to be changed if a related contract is modified.
An agent is an authenticated user which – similarly to the asset – is identified by an EOA. An agent interacts with the blockchain in the role of a provider or a customer. For example, creating an offer (in form of a contract) and registering it as a smart contract means acting as a provider, whereas the action of accepting an offer is performed by a customer. Functions which change the Blockchain’s state by submitting transactions (usually POST requests) require authentication. The agents of these functions are derived from the authenticated user’s object, i.e. the user’s EOA is associated with the access token (OAuth2 Bearer Token) provided in the authentication header.
A contract is usually established between a provider and a customer in relation to an asset as the contractual object. Additionally, there is the concept of “circles” which, roughly speaking, allows aggregating a series of asset contracts between a customer (acting in the role of a “circle owner”) and several providers. A customer is then able to “subscribe” a circle and thereby benefit from the access rights granted by any of the asset contracts included in the circle.
Central DMA blockchain node
The central Blockchain node can be used by accessing the Blockchain API which is deployed on the central DMA instance:
https://smart-contract-ui.datamarket.at
The API description is available as a YAML file:
https://smart-contract-ui.datamarket.at/swagger.yaml
Own DMA Blockchain node
Setting up an own Blockchain node means to install and configure an ethereum node application which synchronizes with the DMA Blockchain network.
Additionally, the DMA Blockchain API needs to be installed which allows submitting Blockchain transactions via the web3j Ethereum client.
For write operations, such as the registration of an offer, it is required to authenticate as a provider. A user session must be initiated at the central user management for this purpose. Each user has a Blockchain account which is used to initiate Blockchain transactions. The user authentication is based on OAuth2 and basically requires retrieving an access token for operating functions on the Blockchain API. However, Blockchain transactions related to organizations, users, data sets, or services can only be submitted if the corresponding private key files are under control of the respective user. If a user created the identifiers using the DMA Blockchain API service, then the keyfiles are stored on that server in a private user space. If it should be possible to initiate transactions on an own server, the corresponding key files must be transferred to that server first.
Get in contact with the Blockchain network adminstrator to get access to the codebase required to set up a node.
Notes
1: An Ethereum address represents an "externally owned account" (EOA).
For a given EOA, the address is derived from the public key associated with the
private key that controls the account. In Ethereum, a Private Key consists of 256
random bits, which can in turn be represented by a string of 64
randomly generated hexadecimal characters. The Elliptic Curve Digital
Signature Algorithm (ECDSA) is applied to the private key in order to calculate
the public key which is 64 bytes (512 bits) long. From this Public Key a 32 bytes
string is derived using the Keccak-256 algorithm. The final 20 bytes
(40 characters) of this (Keccak-256) hash (dropping the first 12 bytes)
is the public address, or the EOA. When prefixed with the hexadecimal
indicator “0x” the address becomes 42 characters long.