Deploying apps in the dataspaces

[casemsee]

Is it possible to deploy apps for processing or transforming, before the data is shared between connectors?
The aim is to include data processing capabilities, such as fixing the bad data or standardising the data?

If data providers already have pre-built processing apps, what is the recommended approach to integrate these into a dataspace architecture?
What trust and verification mechanisms (e.g., app certification, attestation) are required to ensure that third-party apps do not introduce security or compliance risks?

https://international-data-spaces-association.github.io/IDS-AppStore/data-app

[paullatzelsperger]

this discussion is too broadly scoped to give a useful answer. yes, you can absolutely manipulate your data before you serve it to consumers, and there's probably a hundred ways to skin that cat.

each data provider has to come up with their individual architecture and solution for this and each data provider has to consider security, integrity and all that good stuff. from the data consumers perspective, all they receive is data.

from the data provider's perspective, they have to set up a processing pipeline, and it's their prerogative to enlist third-party services for it.

at some point though, the data leaves the provider sphere, in whatever shape or form, and enters the consumer sphere. if the ask is a system where the consumer can trace and audit what manipulations were done, and by whom, then this would be a very specific use case for which there is no generic solution, much less in EDC.