Skip to main content

ADR 020: Security concept for sharing

Date: 2025-11-12

Status: Accepted

Decision Makers: @DerLinne @luckey @cr0ssing

Context

In Version 2 of CIVITAS/CORE a general Sharing Approach for Datasets, Datastructures and Datasources should be implemented. The feature should enable users, to share their content with users inside and outside the own platform tenant.

Sharing open data or publicly available content can be easily done by sending deep-links to other users. This ADR targets on private data where we plan to use the deep-links concept, too, providing authenticated access.

After validating this approach with the known security requirements, we currently see the following concept as a working solution:

  • Open Data is shared over deep-links for short term access
  • Open Data is shared via APIs for long term integrations
  • All other data is shared via API with strong authentication (only known users)
  • Long Term Sharing of private data is only provided via API with strong authentication (only known users)

To provide an integration with a good UX, we combine the possibility to generate deep-links to shared objects – together with giving the respective users the needed permissions. If the recipient (external user) is not a valid platform user yet, he/she must register first and will be assigned the permissions after registration.

To simplify the invitation, the user can be granted access by email during the sharing process – if the email is not known as an existing user, the user is invited to register.

After that, the user can be handled like every already known platform user.

Checked [Architecture Principles]- [full, partial, none] Model-centric data flow

  • [full] Distributed architecture with unified user experience
  • [full] Modular design
  • [full] Integration capability through defined interfaces
  • [full] Open source as the default
  • [full] Cloud-native architecture
  • [full] Prefer standard solutions over custom development
  • [full] Self-contained deployment
  • [full] Technological consistency to ensure maintainability
  • [full] Multi-tenancy
  • [full] Security by design

Decision

We restrict sharing of non-open-data to registered users for the version 2.0 of CIVITAS/CORE. Additional approaches can be evaluated in future versions.

Consequences

Sharing without registration of users is not possible.

Alternatives

  • Using magic links for short term authorizations - postpone to later versions

See also

  • Ticket #441: Link to the issue