Digital Sovereignty 1.4 - More architecture charactistics of secure Internet services

We have already shown in Architectures for Secure Internet Services,  how decentralization, anonymity, and resilience can help to assure digital sovereignty (the what and why is discussed in more detail in "Digital Sovereignty - What is it?", "Digital Sovereignty – why we need it", "Giving up Digital Sovereignty?"). In this report we will introduce two more foundational and necessary architecture principles – object orientation and  need-to-know principle.

Real World Role Model Offset in the Digital World

Living together in our society as well as the functioning of a corporation depend on a clear role model and people acting according to a given role at a certain point in time. A number of roles are assigned to each of us, depending upon the environment in which we are acting: mother, pilot, chancellor, software programmer, trucker,…

In the digital world, persons and their roles are defined according to the data which are assigned to them. Till now, a health insurance company is managing different data than our employer, or the basket ball club, or the tax office. Some overlap of the managed information items is possible, sometimes even necessary, for example calculating the health insurance premium requires knowledge of the monthly income. This strict separation of roles is offset more and more by ongoing digitization processes.

What kinds of processes are these? On the one hand, we see Big Data as a major game changer. It has recently become possible to analyze and correlate zillions of data (on the order of terabytes) in a very short time. For example, in image archives we can find people, identify people, or even recognize and identify people via image cross check – without the person in question being aware of it. Extracting advert relevant data from emails is a known phenomenon. The current separation of person related data due to the traditional separation of processing systems is replaced by Big Data!

On the other hand, we see the detachment of a person and his/her rights on the person related data. For example, if I buy a new smart-phone and try to start it, I do not have a choice than to give away ownership rights – otherwise I could not even make a phone call. Think about it: I have paid for the phone hundreds of dollars and am the owner of the phone, but I do not necessarily own the data which I generate on or with my phone. This means the real-world role model is digitally completely ignored!

We do not necessarily have to accept this as a fact. There are well-know architecture concepts to implement a role model in the digital world.

How to Re-Establish a Role Model in the Digital World

In Architectures for Secure Internet Services we have already discussed foundational architecture elements to support digital sovereignty, a decentral approach, anonymity, resilience. Here we complement this list by object oriented design and the need-to-know principle. These characteristics are mandatory to map a real-world role model to the digital world. What do we mean by this?

Object orientation (or object oriented design) is a concept which was already established between 1970 and 1980, for example in [Parnas, D.L. (1977): The use of precise specifications in the development of software. in Gilchrist, B. (ed.): Information Processing 77. North Holland Publishing Company, Amsterdam, New York, Oxford, pp.861-867]. Each digital representation of a real-world object gets assigned a set of admissible operations. Similarly, an actor (digital agent) gets assigned use rights to the operations it is allowed to use on any given object. For example, an insurance agent may be allowed to know the income of an insured person to be able the calculate the person’s monthly insurance fees. But the agent cannot increase a person’s income. The employer may transfer the monthly income to the employee’s bank account. But deductions are not possible for the employer. In this way, for each subject (agent) there is a clear rule which objects are accessible and which operations on the object are allowed for the given subject. The feasibility of such systems has already been proven as early as 1989 (BiiN Computers), unfortunately they were not too successful businesswise. Many reasons can be named. But we should be aware that the system performance could be multiplied in recent years. And that the importance of an object oriented design is still increasing with the tremendous success of the Internet.

Also, the need-to-know principle has long been introduced. At the same time it seems to be the most broken architecture principle in the Internet. We provide, very often not even being aware of it, many more data than are necessary required to Internet based applications. Need-to-know is not only a standard concept in data protection, but also it is extremely useful as an architecture principle in general. For example, errors and faults in system components which are based on the need-to-know principle only affect a minimal set of objects and functions, exactly those which require the system component at fault. Other information items and functions, which do not require the faulty system component, are not affected. In all secret services, the need-to-know principle is applied as it protects the service from compromise if one of its units is compromised – what one does not know, one cannot disclose.


Read more on secure services and data sovereignty

  1. Security as differentiator
    Data Protection THE Business Driver for New Apps and Services
    Digital Transformation is Based on Data Sovereignty
  2. Security Architectures
    Architectures for Secure Internet Services
    More Architectural Characteristics of Secure Internet Services (this report)
  3. Security Technologies
    work ongoing
  4. Regulierung und Datenschutz
    in preparation
  5. Data Sovereignty
    Digital Sovereignty - What is it?
    Digital Sovereignty – why we need it
    Data Sovereignty - Why Do We Give It Up?