Creating and delivering decentralised, personalised communications solutions that let users access and manage their private information isn’t as straightforward as creating a “one size fits all” product . The reason being that it either involves aggregating information from multiple systems or requires integrating information from disparate systems.
A decentralised private solution involves transit and storage of information which could potentially include information of a sensitive nature e.g. health records, medical reports etc. Thus, adhering to compliance requirements means that a rapid creation of new systems which could handle this information is out of the picture for many organisations.
The Private Information Provider (PIP) concept is born from these needs and empowers organisations to deliver decentralised private solutions with the help of a reference architecture that enables the integrations of external information systems with the Liquid Gears Platform.
Decentralised Information
In a PIP architecture, the end-users’ devices communicate directly with the integrated third-party system to retrieve or update private information. Private information can be integrated from one or more third-party systems, including:
- Medical information systems
- Administration systems
- Clinical backend
- Internal organisational or departmental data
- Employee profiles
- Other intranet systems
- Any other third-party system
Strong Authorisation
The sensitive nature of the data being transmitted over the PIP architecture calls for strong authorisation and validation. PIPs register with the Liquid Gears Platform, defining APIs that need to be communicated with. End users, when using a native app that includes the PIP architecture, are strongly authenticated with the option of the use of Identity Federation and/or Multi-factor Authorisation (MFA).
Once authenticated, the system will retrieve authorisation tokens to communicate with registered PIPs. The PIPs in return will verify that any API call is intended for them, and comes from a particular user and the user is properly authenticated and currently has a valid session within the app.
The authorisation tokens used in the API calls to PIPs are JSON Web Tokens (JWT). They are sent within an encrypted HTTPS header and contain a cryptographical signature to verify their authenticity both in terms of origin and data. JWT is an open standard, please visit https://jwt.io for further information.
Requirements
To integrate a private information system and turn it into a PIP, only a few things need to be put in place:
- Publicly available HTTPS API: all of Liquid Gears apps and backend product use standard and secure web protocols and never use plain HTTP.
- JWT-capable authentication/authorisation layer: to understand which user is making the API call and whether they are authorised to do so. Your existing deployments might already be capable of working with JWT, if not, a simple layer can be created in front of most systems to do so.
Proof-of-Concept Ready PIP
We understand that creating a solution that involves sensitive private information being transferred over a network can be complex. Thus in order to demonstrate the capabilities of Liquid Gears PIP, we offer the ability to prove the concept without actually integrating real systems and applications.
A custom deployment of the Liquid Gears Platform can include everything you need to work with a PIP:
- A reference PIP backend implementation, run by Liquid Gears and essentially playing the role of a third-party.
- Existing open source Typescript library so your Integrated Web Apps can communicate with this PIP with just a couple of lines of code.
Reference PIP Implementation
This implementation is more than a quick mock-up of a real third-party system, and comes full featured with:
- JWT-based authentication for API
- Ability to store any type of data as simple JSON objects
- Classify objects by object type to organise all the data about a user
- Version all updates to data and retrieve the complete history of data modifications for a user
- User registration codes data models and API endpoints
- Automatically run partial or complete updates of some objects when others are updated, thereby keeping all relevant data in sync
- Trigger notifications to other systems whenever data is updated for a user
- API portal with simple UI to browse data
- Admin interface for management of PIP implementation
Existing JS Library
Our PIP-client library is written in Typescript and can easily be added to any Integrated Web App (or other Javascript project) to communicate with a PIP. With this, you can validate user registration codes and retrieve and update private user data within minutes.
The library is available on Github at https://github.com/liquid-state/pip-client
More Information
For more information and technical details about PIP and associated technologies, please refer to our Resources.