Inrupt
Vendor Brief — Solid Protocol & Personal Data Pods Platform
Vendor Brief — Solid Protocol & Personal Data Pods Platform
Inrupt Inc is the enterprise software company behind the Solid protocol, an open standard for user controlled data co-created by John Bruce and Sir Tim Berners-Lee. Its Enterprise Solid Server (ESS) provides secure, interoperable personal data stores that enable individuals to control access, consent, and use of their information. Inrupt's privacy-by-design infrastructure supports dynamic, auditable, and revocable permissions, creating a trusted foundation for government and enterprise digital services built around citizen-controlled data. See | https://www.inrupt.com
Sir Tim Berners-Lee invented the World Wide Web in 1989 at CERN, fundamentally transforming how humanity communicates, works, and accesses information. He is a recipient of the Turing Award — computing's highest honour — and holds a knighthood for services to the global development of the internet.
Concerned by the centralisation of personal data in the hands of large technology corporations, Sir Tim created the Solid Protocol as a technical framework to return data ownership to individuals. Inrupt was co-founded to commercialise and scale this vision — bringing enterprise-grade implementation to governments, health systems, and financial institutions globally.
John Bruce is an experienced enterprise software CEO with a background in cybersecurity and data management. As Co-Founder and CEO of Inrupt, John leads commercial strategy, enterprise partnerships, and government deployments — translating Sir Tim's technical vision into scalable enterprise solutions.
Prior to Inrupt, John held CEO and senior executive roles at enterprise security and data companies, giving him deep understanding of the regulatory, commercial, and technical requirements of large-scale data infrastructure deployments.
Solid (Social Linked Data) is a W3C-aligned open specification that decouples data from applications — giving users a Personal Online Datastore (Pod) they fully control.
Each user has a Pod — a personal data store hosted on infrastructure of their choice (their own server, a trusted provider, or a government-run service). All personal data lives in the Pod, not in application databases.
Applications request access to specific data in your Pod. You grant or deny access at the field level — and can revoke access at any time. No data is copied or retained by the application without explicit permission.
Solid uses open standards (Linked Data, WebID, OAuth 2.0) ensuring data is interoperable across applications and platforms — preventing vendor lock-in at the data layer.
Every access event is logged in the Pod — creating an immutable, user-accessible audit trail of who accessed what data, when, and under which consent grant.
Inrupt's enterprise product suite is built on the Solid Protocol, with tooling designed for government and financial institution scale.
Inrupt's enterprise-grade Solid Pod server — deployable on-premises or in sovereign cloud environments. Built for government and financial institution compliance requirements.
Scalable Pod infrastructure enabling millions of users to store and control their personal data — with enterprise SLA and support agreements.
Granular access control and consent management — enabling organisations to request, record, and honour data access permissions at the field level.
JavaScript, Java, and .NET SDKs enabling enterprise development teams to build Solid-compatible applications with minimal learning curve.
Linked Data and semantic web standards ensure data in Pods can be read and used across applications — enabling true data portability for end users.
Proven deployments with the Flemish Government (Belgium) and NHS (UK) — demonstrating capacity for sovereign, large-scale public sector data infrastructure.
Inrupt has delivered real-world government deployments at scale — providing strong reference points for an Australian context.
Inrupt partnered with the Flemish Government to deliver citizen data Pods — enabling Belgian residents to control their government-held data and share it selectively with approved services. This is one of the world's largest government Solid deployments.
Inrupt worked with the UK National Health Service to explore Solid-based personal health records — enabling patients to control access to their medical data across NHS providers and third-party health applications.
Inrupt's Solid Protocol approach maps to the PoC requirements with a distinct architectural philosophy — data stays with the user, not the platform.
Solid Pods give users genuine data sovereignty — data never leaves the user's Pod without explicit consent, aligning with Australia's Privacy Act and CDR principles.
Field-level access control means consent can be granted for specific data attributes — not just broad data categories — supporting minimum necessary disclosure.
Every Pod access event is logged — providing the immutable audit trail required for regulatory compliance and dispute resolution.
The Flemish Government deployment provides a direct reference point for Australian government agencies considering sovereign identity infrastructure.
ESS can be deployed on-premises or in sovereign cloud — addressing Australian data residency requirements for sensitive financial and identity data.
Solid Pods and W3C Verifiable Credentials are complementary but separate standards. Integration of both paradigms in a single PoC will require additional architectural design work.
Collaboration is key
See how ID Exchange has assembled world leading technology stacks to
present an advanced and seamless PoC approach for the Department of
Finance HR Onboarding solution.