-
Authentication and authorization in Data Spaces: A relationship-based access control approach for policy specification based on ODRL
Authors:
Irene Plaza-Ortiz,
Andres Munoz-Arcentales,
Joaquín Salvachúa,
Carlos Aparicio,
Gabriel Huecas,
Enrique Barra
Abstract:
Data has become a crucial resource in the digital economy, fostering initiatives for secure and sovereign data sharing frameworks such as Data Spaces. However, these distributed environments require fine-grained access control mechanisms that balance openness with sovereignty and security. This paper proposes an extension of the Open Digital Rights Language (ODRL) standard, the ODRL Data Spaces (O…
▽ More
Data has become a crucial resource in the digital economy, fostering initiatives for secure and sovereign data sharing frameworks such as Data Spaces. However, these distributed environments require fine-grained access control mechanisms that balance openness with sovereignty and security. This paper proposes an extension of the Open Digital Rights Language (ODRL) standard, the ODRL Data Spaces (ODS) profile, aimed at supporting authorization and complementing existing authentication mechanisms throughout the data lifecycle. Additionally, a policy execution engine is introduced to translate ODRL policies into executable formats, enabling effective enforcement. The approach is validated through a use case involving OpenFGA, demonstrating its applicability to relationship-based access control scenarios.
△ Less
Submitted 30 May, 2025;
originally announced May 2025.
-
Next Generation Authentication for Data Spaces: An Authentication Flow Based On Grant Negotiation And Authorization Protocol For Verifiable Presentations (GNAP4VP)
Authors:
Rodrigo Menéndez,
Andres Munoz-Arcentales,
Joaquín Salvachúa,
Carlos Aparicio,
Irene Plaza,
Gabriel Huecas
Abstract:
Identity verification in Data Spaces is a fundamental aspect of ensuring security and privacy in digital environments. This paper presents an identity verification protocol tailored for shared data environments within Data Spaces. This protocol extends the Grant Negotiation and Authorization Protocol (GNAP) and integrates OpenID Connect for Verifiable Presentations (OIDC4VP) along with support for…
▽ More
Identity verification in Data Spaces is a fundamental aspect of ensuring security and privacy in digital environments. This paper presents an identity verification protocol tailored for shared data environments within Data Spaces. This protocol extends the Grant Negotiation and Authorization Protocol (GNAP) and integrates OpenID Connect for Verifiable Presentations (OIDC4VP) along with support for Linked Verifiable Presentations (LVP), providing a robust foundation for secure and privacy-preserving interactions. The proposed solution adheres to the principles of Self-Sovereign Identity (SSI) to facilitate decentralized, user-centric identity management while maintaining flexibility through protocol negotiation. Two alternative interaction flows are introduced: a "Wallet-Driven Interaction" utilizing OIDC4VP, and a "LVP Authorization" model for fully automated machine-to-machine communication. These flows address critical challenges encountered in Data Spaces, including privacy, interoperability, and regulatory compliance while simultaneously ensuring scalability and minimizing trust assumptions. The paper provides a detailed technical design, outlining the implementation considerations, and demonstrating how the proposed flows guarantee verifiable, secure, and efficient interactions between participants. This work contributes towards the establishment of a more trustworthy and sovereign digital infrastructure, in alignment with emerging European data governance initiatives.
△ Less
Submitted 30 May, 2025;
originally announced May 2025.
-
Real-time Spatial Retrieval Augmented Generation for Urban Environments
Authors:
David Nazareno Campo,
Javier Conde,
Álvaro Alonso,
Gabriel Huecas,
Joaquín Salvachúa,
Pedro Reviriego
Abstract:
The proliferation of Generative Artificial Ingelligence (AI), especially Large Language Models, presents transformative opportunities for urban applications through Urban Foundation Models. However, base models face limitations, as they only contain the knowledge available at the time of training, and updating them is both time-consuming and costly. Retrieval Augmented Generation (RAG) has emerged…
▽ More
The proliferation of Generative Artificial Ingelligence (AI), especially Large Language Models, presents transformative opportunities for urban applications through Urban Foundation Models. However, base models face limitations, as they only contain the knowledge available at the time of training, and updating them is both time-consuming and costly. Retrieval Augmented Generation (RAG) has emerged in the literature as the preferred approach for injecting contextual information into Foundation Models. It prevails over techniques such as fine-tuning, which are less effective in dynamic, real-time scenarios like those found in urban environments. However, traditional RAG architectures, based on semantic databases, knowledge graphs, structured data, or AI-powered web searches, do not fully meet the demands of urban contexts. Urban environments are complex systems characterized by large volumes of interconnected data, frequent updates, real-time processing requirements, security needs, and strong links to the physical world. This work proposes a real-time spatial RAG architecture that defines the necessary components for the effective integration of generative AI into cities, leveraging temporal and spatial filtering capabilities through linked data. The proposed architecture is implemented using FIWARE, an ecosystem of software components to develop smart city solutions and digital twins. The design and implementation are demonstrated through the use case of a tourism assistant in the city of Madrid. The use case serves to validate the correct integration of Foundation Models through the proposed RAG architecture.
△ Less
Submitted 4 May, 2025;
originally announced May 2025.
-
Enhanced FIWARE-Based Architecture for Cyberphysical Systems With Tiny Machine Learning and Machine Learning Operations: A Case Study on Urban Mobility Systems
Authors:
Javier Conde,
Andrés Munoz-Arcentales,
Álvaro Alonso,
Joaquín Salvachúa,
Gabriel Huecas
Abstract:
The rise of AI and the Internet of Things is accelerating the digital transformation of society. Mobility computing presents specific barriers due to its real-time requirements, decentralization, and connectivity through wireless networks. New research on edge computing and tiny machine learning (tinyML) explores the execution of AI models on low-performance devices to address these issues. Howeve…
▽ More
The rise of AI and the Internet of Things is accelerating the digital transformation of society. Mobility computing presents specific barriers due to its real-time requirements, decentralization, and connectivity through wireless networks. New research on edge computing and tiny machine learning (tinyML) explores the execution of AI models on low-performance devices to address these issues. However, there are not many studies proposing agnostic architectures that manage the entire lifecycle of intelligent cyberphysical systems. This article extends a previous architecture based on FIWARE software components to implement the machine learning operations flow, enabling the management of the entire tinyML lifecycle in cyberphysical systems. We also provide a use case to showcase how to implement the FIWARE architecture through a complete example of a smart traffic system. We conclude that the FIWARE ecosystem constitutes a real reference option for developing tinyML and edge computing in cyberphysical systems.
△ Less
Submitted 16 November, 2024;
originally announced November 2024.
-
Overcoming the Barriers of Using Linked Open Data in Smart City Applications
Authors:
Javier Conde,
Andres Munoz-Arcentales,
Johnny Choque,
Gabriel Huecas,
Álvaro Alonso
Abstract:
We study the benefits and challenges of using Linked Open Data in smart city applications and propose a set of open source, highly scalable tools within the case of a public-rental bicycle system, which can act as a reference guide for other smart city applications.
We study the benefits and challenges of using Linked Open Data in smart city applications and propose a set of open source, highly scalable tools within the case of a public-rental bicycle system, which can act as a reference guide for other smart city applications.
△ Less
Submitted 26 August, 2024;
originally announced August 2024.
-
Collaboration of Digital Twins through Linked Open Data: Architecture with FIWARE as Enabling Technology
Authors:
Javier Conde,
Andres Munoz-Arcentales,
Álvaro Alonso,
Gabriel Huecas,
Joaquín Salvachúa
Abstract:
The collaboration of the real world and the virtual world, known as Digital Twin, has become a trend with numerous successful use cases. However, there are challenges mentioned in the literature that must be addressed. One of the most important issues is the difficulty of collaboration of Digital Twins due to the lack of standardization in their implementation. This article continues a previous wo…
▽ More
The collaboration of the real world and the virtual world, known as Digital Twin, has become a trend with numerous successful use cases. However, there are challenges mentioned in the literature that must be addressed. One of the most important issues is the difficulty of collaboration of Digital Twins due to the lack of standardization in their implementation. This article continues a previous work that proposed a generic architecture based on the FIWARE components to build Digital Twins in any field. Our work proposes the use of Linked Open Data as a mechanism to facilitate the communication of Digital Twins. We validate our proposal with a use case of an urban Digital Twin that collaborates with a parking Digital Twin. We conclude that Linked Open Data in combination with the FIWARE ecosystem is a real reference option to deploy Digital Twins and to enable the collaboration between Digital Twins.
△ Less
Submitted 3 February, 2024;
originally announced February 2024.
