Digital Twin Architecture and Standards
The digital twin owner controls the data
contents and access to functions using
administrative operations. The properties
and
configuration are
declaratively
specified. Column stores can be created and
deleted. The digital twin contents can be
encrypted with the owner’s certificate. Each
column store in a digital twin can be
connected to an ingest data source,
subscribing and automatically creating
records as new readings are published by the
data source or by polling the ingest source
periodic basis.
C1. App store deployment of configuration.
Digital twin information model and policy
definitions are deployed independent of
services as first class participants for
Industrial IoT. This provides a separation of
concerns between data and service
ownership
and
enables
declarative
integration of applications, services and
digital twins.
C2. Integrated information model. Asset
types and instances are crucial aspects of the
ecosystem: discoverable, navigable and
organized
independent
of
naming
conventions. Classification of types apply to
related instances and property values.
Multiple information models can be
federated within a tier to provide a broad
view of the available storage.
Digital twin clients are provisioned and
assigned to roles associated with the
different interfaces, column stores, ranges
of data and policies for access.
Programmatic callbacks are registered for
fine grained filtering of ingested, exchanged
and synchronized values. Finally, the
interoperability API makes it possible for a
digital twin to register with the ecosystem
and expose its characteristics for access to
the other APIs.
C3. Flexible classification of types,
properties and instances. Every digital twin
can invent its own type system, imposing the
constraint on clients to configure and
program accordingly. No different than the
complexity introduced by microservice APIs,
it is unrealistic that all Industrial IoT
applications will agree on a common
information model taxonomy and attributes.
A RCHITECTURAL E VALUATION
C RITERIA
C4. Encrypted data at rest and in transfer.
Digital twins can store encrypted data, i.e.
only readable with guaranteed integrity by
the provisioned users. Encryption is used for
sensitive API parameters to protect privacy
and reduce the possibility for malicious
control.
Our vision is that digital twins can be
deployed in any Industrial IoT tier, realized
with the available technology choices, and
synchronization between digital twins is the
only communication between tiers. Data
replicated into a digital twin looks like ingest
and triggers the associated published
notification
events.
The
following
expectations summarize the digital twin
architectural
capabilities
and
their
motivations.
C5. Role-based access control configured
for authenticated users. A digital twin
imposes a security domain to protect and
manage access to data. Digital twin owners
define (select) the EULA (End User License
- 80 -
November 2019