IDT: The Core Runtime for Deploying and Connecting Dataspaces

In modern dataspaces, interoperability depends not only on standards and agreements, but also on the infrastructure that allows participants to deploy modules, manage services and exchange data reliably. Organisations need a practical environment where DS2 modules can run, connectors can communicate, and data exchange can be managed across cloud, on-premise and edge deployments. This is where the DS2 IDT Broker comes in.

What is IDT?

IDT is the core enabler of DS2. It is designed to be deployed in front of participants’ data sources or dataspaces and connected to other IDT-enabled data sources. Its purpose is to run DS2 modules, including the DS2 Connector for inter-dataspace communication and data transfer, and the Containerisation module for DS2 module deployment.

At its core, IDT provides, via the CONT module, a Kubernetes runtime for running containerised modules, together with open-source tools for module management, monitoring, networking, storage and secure access.

IDT enables participants to:

• Deploy DS2 modules in a containerised environment

• Manage modules through a Kubernetes and Rancher-based interface

• Monitor platform resources and running applications

• Expose modules securely through ingress or gateway mechanisms

• Use native Kubernetes storage for stateful applications

• Manage logs for troubleshooting and debugging

• Run the DS2 Connector for dataspace communication and data exchange

Why IDT?

Dataspaces require more than individual software components. They need a reliable operational environment where those components can be deployed, configured, updated and monitored. For many participants, this environment must also be flexible enough to run on-premise, in the cloud or at the edge.

Without such a runtime, deploying dataspace modules can become complex and inconsistent. Participants may struggle with module installation, network exposure, monitoring, security configuration and integration with connectors or catalogues.

IDT addresses this challenge by providing a pre-packaged Kubernetes-based platform for deploying and operating DS2 modules. It supports flexible installation modes, a management interface, monitoring, networking, log management, native storage, and integration with the Containerisation module.

By providing this operational foundation, IDT helps participants move from isolated data systems toward connected, manageable and interoperable dataspace environments.

DS2 Architecture Overview

At the heart of IDT is a Kubernetes runtime, currently based on K3s, which runs and orchestrates DS2 modules and IDT subcomponents as containers. K3s is used as a lightweight Kubernetes distribution that can be deployed at the edge, on-premise or in the cloud.

The IDT architecture includes several key components:

• Kubernetes Module Runtime, which runs DS2 modules and IDT services as containers

• Kubernetes UI, based on Rancher, providing a user-friendly interface for cluster management and module deployment

• Management and Monitoring Controller, acting as the main interface for managing, deploying and monitoring modules

• Ingress or Gateway Resources, exposing DS2 modules to external applications and network traffic

• Ingress Controller or Service Mesh, managing connectivity, security and observability for exposed services

• Storage Manager, mapping persistent module storage to backend storage systems

• CertManager, supporting SSL certificate management for secure connectivity

• DS2 Connector, enabling DS2 transactions and data exchange following IDSA and Gaia-X aligned dataspace principles

• Local Identity, an optional Keycloak-based component for local authentication and authorisation

IDT also connects with other DS2 capabilities. It uses the DS2 Portal and Marketplace to retrieve module descriptors, while the Containerisation module transforms those descriptors into deployable Helm Charts. The DS2 Connector then supports communication with other IDT DS2 Connectors for data exchange, and can integrate with catalogues or metadata brokers for participant and data discovery. In this way, IDT acts as the operational backbone of DS2: a deployable environment where modules can run, be managed, and connect securely with other dataspace participants.