Knogin
[Developers]

Sharing Domain

A task force investigating organised crime includes officers from three different agencies. The lead analyst needs to share specific evidence items and an investigation summary with her counterparts, but cannot give them

Back to All Modules
Category: Api DomainsLast Updated: Feb 5, 2026
api-domainscomplianceblockchain

Overview#

A task force investigating organised crime includes officers from three different agencies. The lead analyst needs to share specific evidence items and an investigation summary with her counterparts, but cannot give them full platform accounts. She generates a secure sharing link with view-only access, scoped to the specific items, set to expire in 48 hours, and validated against 28 CFR Part 23 requirements. Each time a counterpart accesses the link, the session is logged with a timestamp and the actions taken. When the sharing window closes, access stops automatically. The Sharing domain manages the full lifecycle of controlled data sharing: link generation, permission scoping, cross-agency federation, and the audit trails that keep everything compliant.

Key Features#

  • Secure Sharing Links: Generate time-limited, permission-scoped sharing links that provide controlled access to specific data items without requiring the recipient to have a full platform account.

  • Cross-Agency Sharing: Share investigation data, intelligence, and evidence with partner organisations through secure channels with configurable access levels and automatic compliance validation.

  • 28 CFR Part 23 Compliance: Built-in compliance controls for criminal intelligence sharing that enforce retention limits, access restrictions, and documentation requirements mandated by federal regulations.

  • Federation Support: Enable single sign-on with partner agencies for seamless cross-organisational collaboration without requiring separate credential management.

  • Session Tracking: Monitor sharing sessions with detailed activity analytics including access times, actions taken, and data viewed to maintain a complete audit trail.

  • Permission Granularity: Control exactly what recipients can see and do with shared data, from view-only access to full collaboration capabilities, with field-level visibility controls.

  • Expiration Management: Set automatic expiration on all sharing links and sessions to ensure shared access does not persist beyond its intended duration.

Use Cases#

Controlled information sharing with audit trails is a requirement in any multi-agency or legally sensitive context. Primary industries include law enforcement, defence and intelligence, and financial crime investigation.

  • Multi-Agency Investigations: Share case data with partner law enforcement agencies while maintaining compliance with information sharing regulations and audit requirements.

  • Legal Discovery: Provide attorneys and courts with secure, time-limited access to specific evidence items through controlled sharing links.

  • Intelligence Sharing: Exchange threat intelligence and investigative leads with trusted partner organisations through compliant sharing channels.

  • Stakeholder Briefings: Share investigation summaries and reports with authorised stakeholders who do not have full platform accounts.

Integration#

The Sharing domain connects with other platform capabilities for secure collaboration:

  • Investigation Management: Share investigation data and findings across organisations
  • Evidence Management: Controlled sharing of evidence items with external parties
  • Security and Compliance: Sharing activity feeds into audit and compliance reporting
  • User Management: Federation SSO integrates with identity management

Open Standards#

  • 28 CFR Part 23: The compliance framework governing criminal intelligence sharing is directly enforced; source reliability codes, content validity codes, and mandatory review dates are modelled as first-class fields, and the platform requires documented reasonable-suspicion justification before any CRIMINAL_INTELLIGENCE share is created.
  • Traffic Light Protocol (TLP) v2.0: FIRST's TLP classification labels (TLP_GREEN, TLP_AMBER, TLP_RED) are used as classification-ceiling values within sharing policies, ensuring shared data is never distributed beyond the sensitivity level its originator permits.
  • Security Assertion Markup Language (SAML) 2.0: Cross-agency federation supports SAML as an identity-provider type, enabling partner-agency users to authenticate via their own institutional identity infrastructure without a separate platform credential.
  • OpenID Connect (OIDC) / OAuth 2.0: OIDC is the second supported federation identity-provider type, allowing agencies that issue OIDC tokens to obtain single-sign-on access to shared content under the same permission-scoping controls as SAML.
  • JSON Web Token (JWT) / RFC 7519: All sharing-portal access tokens are RS256-signed JWTs with enforced audience, issuer, and expiry claims; a dedicated asymmetric key pair is required so sharing tokens are cryptographically isolated from internal session tokens.
  • SHA-256 (FIPS 180-4): The immutable sharing ledger uses a SHA-256 hash chain, where each audit entry includes the hash of the previous entry, providing tamper-evident integrity for compliance auditing.
  • GraphQL: The sovereign sharing-policy and ledger API is exposed via a Strawberry GraphQL schema, with organisation-scoped resolvers for policy queries, mutations, and ledger retrieval.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.