Logging House Extension for EDC 0.X

[jkbquabeck]

Task

Goal

Integrate feature developed by truzzt to eliminate the effort for MDS CE users to have to migrate from EDC v7.1.1 to v7.1.2.

Description

As an MDS participant who exchanges data with partners using the connector, I want to have a trusted entity to log my connector's data exchange processes such that I can rely on the third party to provide an unbiased transfer process log in the event that my data exchange partners and I disagree about its fulfilment.

Contextual Information

With Truzzt's PR https://github.com/sovity/edc-extensions/pull/732 we will include a Logging House (LH) extension in sovity EDCs. This affects both EDC CE and EE. The proposed sequence to implement the LH extension is

• first release the LH extension on EDC CE first to enable on-premise customers of MDS to include the LH extension directly when moving from MS8 EDC to DSP EDCs. This happens in scope of MDS2.0.
• For MDS 2.1 this extension also needs to become part of sovity's EDC EE given that MDS will introduce the LH extension to all customers of MDS, not just the on premise customers.

About the LH Extension:

• LH extension is open-sourced available HERE
• As of 15.02.2024, Truzzt has only developed a placeholder LH extension with the real LH extension yet to be delivered.
• Once Truzzt has developed the real LH-Extension, we need to bump up the version of the used LH-Extension both in EDC CE and EDC EE. The new extension will then need to be tested before the version gets bumped up in our EDCs.

Refinement needed: Include placeholder extension in EE before the real LH extension gets shipped? Please display decision in updating the tasklist and inform @AbdullahMuk and @jkbquabeck.

• clarify truzzt" what happens if the incorrect configuration for the LH is provided? does it breakdown the EDC?
• maintenance: how do we ensure compatibility in context of future core EDC upgrades between EDC and LH extension?

Internal alignment for sovity on Teams HERE.

Possible Implementation and Work Breakdown

Implementation should be based on https://github.com/sovity/edc-extensions/pull/732

### Implementation Phase 1 - ASAP
- [x] Review code of LH extension placeholder whether it is feasible and valid for MDS EDC
- [x] Align on go or no-go of implementation with SO / JQ
- [x] truzzt: fix CVE in LH 0.1.1 (org.json) https://nvd.nist.gov/vuln/detail/CVE-2023-5072
- [x] RT: Review PR content
- [x] Merge PR - integrate placeholder logging-house-client extension to EDC CE MDS
- [ ] Integrate placeholder logging-house-client to EDC EE MDS (control-plane)
- [ ] Do a new release of EDC CE and EDC EE for MDS
- [ ] to be considered: should infra implement health monitoring of the LH Extension?

### Implementation Phase 2 - Blocked
- [ ] Upgrade placeholder LH extension in MDS CE
- [ ] Upgrade placeholder LH extension in MDS CE
- [ ] Do a new release of EDC CE and EDC EE for MDS

[tmberthold]

Just a note regarding the current status of a Logging House in the Dataspace Protocol specification, which the EDC is based on:

In the current specification of the DSP 0.8 and also the later 1.0, the integration of a "Logging House" into a dataspace is not supported by the DSP.

"Observability, Traceability and Audit Logging of transactions, e.g. Contract Negotiation, Data Transfer and enforcement of access policies or usage policies, in a Dataspace can be a requirement. If a trusted technology system is required that records and verifies those domain events. This is not in the scope of the current version of the document and is subject of future work." https://github.com/International-Data-Spaces-Association/ids-specification/blob/0c9e50921470e5b928d0798a8df11a7b1928d99f/model/terminology.md?plain=1#L29

If you wanted to go the formally right way, you would first have to have a DSP specification of a Logging House integration in order to be able to set up and integrate a Logging House into a dataspace.

So technically the formally correct process for this would be: integrate "Logging House" into DSP -> release DSP specification -> adapt specification in core-edc -> release core-edc -> migrate CE to released core-edc -> check to what extent the core-EDC already supports a "Logging House" -> decision about manual adjustment effort of the CE -> release CE and integrate it into MDS

[jkbquabeck]

MDS took the decision to have this feature developed by truzzt in order to be able to provide end-to-end functionality more quickly.

[AbdullahMuk]

We anticipate issue will be solved with https://github.com/sovity/edc-extensions/pull/732

Awaiting delivery from partner to proceed further.

[AbdullahMuk]

We anticipate issue will be solved with #732

Awaiting delivery from partner to proceed further.

@tmberthold what's the status update on delivery of https://github.com/sovity/edc-extensions/pull/732 ?

[tmberthold]

We anticipate issue will be solved with #732 Awaiting delivery from partner to proceed further.

@tmberthold what's the status update on delivery of #732 ?

I'm the wrong person to contact for this topic.

Please discuss this with our MDS-responsibles (@jkbquabeck in this case) and the external suppliers of the code (orbiter) and those who make a decision at us as to whether we want to merge this into the current main as it is or if we wait for something or how to proceed (@jkbquabeck, @SebastianOpriel).

[AbdullahMuk]

We understand that the implementation for ClearingHouseExtension will be available by Friday 08.03. on sovity side, we plan to start necessary integrations after this date.

/cc @richardtreier @tmberthold

[tmberthold]

Should be integrated by now.