Data Sharing in GLASS with the InterPlanetary File System
The GLASS ecosystem and Wallet operates fully decentralized and distributed without any need for centralized intermediaries. Shared evidence and documents are fully encrypted and are exchanged directly between admissible Wallets of the end users and originators, such as governments or public administrations. The Wallet employs the Hyperledger Fabric Blockchain and the OpenDSU Brick Storage to provide integrity and recoverability of the data of the user. Due to the encryption and fixed association to the user’s identity, data within the GLASS network cannot be natively shared with actors outside the ecosystem. However, users still might want to export and share documents with people outside the GLASS ecosystem or create backups for personal archiving. Therefore, GLASS offers an additional storage layer to store, and share rendered versions of evidence. This layer is based on the InterPlanetary File System (IPFS).
The InterPlanetary File System (IPFS) is an open protocol and network designed to create a peer-to-peer method of storing and sharing data. While traditional cloud storage services like Dropbox or OneDrive rely on centralized servers to store and serve data, IPFS operates on a decentralized model, spreading data across numerous nodes. In addition, instead of using centralized server addresses, IPFS identifies content by a unique content identifier (CID). A CID is cryptographically linked to the content and cannot be randomly guessed. Hence, a CID corresponds to a secure, induvial sharing link, known from established cloud storage providers. This approach aims to make the web more decentralized, efficient, and resilient against failures.
In GLASS, we deployed our own and custom IPFS network to offer data sharing and backup capabilities. This network runs alongside the other decentralized services. The concept includes that all operators of GLASS can participate and run their respective node. Besides the actual IPFS nodes we use IPFS Cluster to extend the core features of IPFS and improve availability and redundancy of the data. To provide convenient and harmonized access to the network, with developed a gateway service that encapsulates the basic features of uploading, retrieving and deleting data. We call this network the GLASS Decentralized Data Store. We integrate the service by allowing users uploading evidence from their GLASS wallet to the store via the gateway. All IPFS nodes are connected with each other, allowing access to a specific document from every node. Therefore, a third-party can retrieve a document from every node. They just need to know the CID, that should be shared securely be the user, who uploaded the data.
In summary, the GLASS Decentralized Data Store adds an extra decentralized storage layer to the GLASS ecosystem to enable users to securely share evidence and documents with third-parties or to create backups for personal use.