Data management: Amadeus and Inria are exploring decentralisation

What made you decide to work on data decentralisation?

Éric Canamas: Our growth has always been driven by technological innovation. Amadeus uses search systems for journeys, bookings, check-ins and prices to connect stakeholders within the tourism ecosystem, whether these are airline companies, rail operators, airports, travel agencies, etc. We are constantly improving these systems, and switching data exchange to a decentralised environment is an enabler to access more travel-related content.

Claudia-Lavinia Ignat: A number of Inria project teams are already working on this subject, including three involved in DXP: Loreley (*), at the Inria Centre at Université de Lorraine, Cedar at the Inria Saclay Centre and Magellan at the Inria Centre at Rennes University. The project gives them an opportunity to apply their research to a real-life case on a massive scale: Amadeus operates in 190 countries and has more than 400 airlines and more than two million hotels among its clients. 

The project receives financial support from Bpi France (Banque publique d’investissement - Public investment bank) and at an EU level from the IPCEI Cloud (Important Project of Common European Interest), which aims to strengthen Europe’s digital and technological autonomy in the cloud.  

The cloud is currently structured around data centres, particularly those belonging to GAFAM (Google, Amazon, Facebook, Apple and Microsoft). Why do you want to move away from that model?

E.C.:  We’re not looking to move away from that model, but rather to add to it. Data centralisation provides effective solutions that today power the development of AI (solutions). But the decentralisation of data ecosystems allows resilience and data protection mechanisms to be implemented on a scale that is better suited to the varying expectations of the relevant stakeholders.

We are taking part in the IPCEI Cloud through the DXP project in order to explore promising technological solutions focused on key aspects of data exchange, such as trust management or access control. It’s too early to say whether or not we will be able to turn these into products one day, but if that were to be the case then we want to be in a position to offer them to our clients.

C-L.I.:  Aside from crucial issues linked to data sovereignty, the centralised model is also vulnerable to attacks and breakdowns. If the main server is affected, then all the data it stores is compromised. Remember the fire at the OVH data centre in Strasbourg in 2021 : 3.6 million web servers were impacted. This security concern is another reason to explore data decentralisation.

What will the DXP solution you are developing look like in the long run?

C-L.I.:  Individual entities will retain their data on their own information systems. But this platform will enable them to share and exchange this data with clearly-identified, trusted users, such as an airline company in dialog with a taxi service, for instance. Instead of having a central authority, you will have “peer-to-peer” collaboration; instead of having a giant data centre, data will be distributed and consumed directly at the source, with reduced deployment costs and a less vulnerable system overall.

E.C.:  Our aim is to streamline communication between transport and tourism operators. The DXP technology will allow link these operators together within distributed ecosystems, the goal being to standardise and develop new solutions that will improve the travel experience.

Finally, as is the case with our current platform, we will be securing all exchanges of data. Today, many companies refrain from sharing with others certain data that would deserve to be jointly leveraged. There are opportunities to seize and markets to open up.

What technical challenges will you need to overcome? 

C-L.I.:  The Inria project teams have identified three. The first is interoperability: how should the platform name and structure the data it manages using a shared vocabulary - known as an ontology - given that the thousands of stakeholders within the tourism sector who will use it each have their own terminology? For instance, what is the right shared strategy to adopt to describe the various taxes applicable to airline tickets?

The second challenge is security: how can information requests from these thousands of stakeholders be encrypted and authenticated without any centralised control? What public and private key systems are to be used to secure transactions? For example, if Mr Bernard Dupont books a flight and then a hotel room, how can you make sure that it is the same person?

Finally, we are also working on geodistributed optimisation and replication. For the platform’s applications to perform well, certain data needs to be replicated in cache memory, which is located physically close to the processors that will handle it. How can we optimize this distribution based on the available processing power, network capacity and client needs depending on the time of day and the region of the world?

This all seems rather complex compared to a centralised model...

E.C.:  Yes, particularly as we want satisfactory response times for operational systems, for all queries anywhere in the world. But all emerging technology faces unseen challenges at the start; it’s all about tackling them. Through this project with Inria we should be able to document, describe and simulate this decentralised management solution, before rolling out the first tools at Amadeus in the medium term. We don’t just want to dip our toes in the water; the aim is to further develop our services.

(*) The project team Loreley is a joint venture between the CNRS, Inria and Université de Lorraine based at the Inria Centre at Université de Lorraine and the Lorraine Laboratory for Research in Computer Science and its Applications (CNRS/University of Lorraine).