Technical Architecture Blueprint
OpenDPP is engineered to support decentralized digital passport validation, standard GS1 resolution, and advanced asymmetric cryptography without complex operational overhead.
Core Architecture Foundations
Decentralized Federated Model
Under CEN/CENELEC specifications, the European Commission will not host your company's product, material, or chemical data. Doing so would violate intellectual property protections and risk centralized single points of failure.
The Federated Registry System: The central EU Commission Registry operates merely as an index mapping Unique Product Identifiers (UPI) to the exact URI/URL of the corresponding passport. OpenDPP operates as a high-performance decentralized passport repository and GS1 Digital Link resolver. Product metadata resides securely in your tenant node, guaranteeing complete data sovereignty.
GS1 Digital Link Resolution Gateway
To connect physical products seamlessly with their digital product passports, we leverage standard GS1 Digital Link URIs.
When a QR code printed on a product or returnable asset is scanned, the web resolution gateway (matching GET /:ai(01|8003)/*) intercepts the request. It extracts the GS1 Application Identifier (AI), parses the GTIN or GRAI identifier, verifies its Modulo-10 checksum, and extracts subsequent key-value attributes like the unique Serial Number (AI 21). The node then performs database resolution against Postgres JSONB metadata fields and returns the content-negotiated HTML or JSON-LD representation.
Asymmetric eIDAS Cryptographic Seals
To prevent fraud and guarantee data non-repudiation, EN 18246 mandates that passports are encapsulated within Electronically Signed Data Constructs (ESDC).
OpenDPP implements secure eIDAS key custody inside the tenant database space. Brands rotate elliptic-curve ECDSA keys with a single click, keeping private keys completely protected.
When a passport is synchronized with the EU registry, the node signs the complete JSON-LD passport payload using the tenant's private key, writing the cryptographically secure digital signature directly to Neon PostgreSQL database. Auditors then verify the seal's authenticity in the Border Audit validator portal.
Asset Administration Shell (AAS v3.0) & Concept Registry
For industrial twin interoperability, OpenDPP implements full support for the **Asset Administration Shell (AAS v3.0)** specifications, dynamically converting PostgreSQL JSONB rows into standard compliance submodels.
To avoid hardcoding standard attributes, our **Semantic Concept Registry** maps local object fields to global IEC and eCl@ss IRDI dictionaries at runtime. This allows external enterprise clients to query passports using industrial standard terms or ingest raw AAS JSON Environment payloads directly.
UNTP Supply Chain Trace Lineage DAG
To enforce deforestation (EUDR) and forced labor (UFLPA) compliance, OpenDPP parses physical supply chain transactions wrapped inside signed W3C Verifiable Credentials following the UN Transparency Protocol (UNTP / EPCIS 2.0).
When trace events are registered, the node resolves the graph recursively using a cycle-resistant depth-first search walker to construct a lineage Directed Acyclic Graph (DAG). This tree is audited in real-time for geographic blacklist matching or polygon overlaps.