4F/ Moving Trusted Data across Untrusted Parties in Global Supply Chains

From IIW

Moving Trusted Data across Untrusted Parties in Global Supply Chains


Tuesday 4F

Convener: Margo Johnson (Transmute),Paul Dietrich (GS1 US)

Notes-taker(s): Guillaume Dardelet (Transmute)

Tags for the session - technology discussed/ideas considered:

Verifiable Credentials, Supply Chain


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


GS1 and Transmute are working together to combine GS1 standards with verifiable credentials for trusted product data and answer

How can GS1 help create trust that travels with the data?

How might Digital link, VC, DID standards be leveraged to created business value related to product claims


What is GS1:


110 member organizations

2 million companies in supply chain space

Governed by member companies

GS1’s goal is to develop the global language of business

Identity: GS1 standards for identification (GLN, GTIN, etc…)

Capture: GS1 standards for Barcodes & EPC/RFID

Share: GS1 standards for Data exchange (GDSN, EDI, EPCIS)


What is Transmute:


Involved in standards organizations (DIF, W3C)

Transmute secures critical trade data by digitizing key trade documents so that they are:

Traceable and verifiable

Instantaneous to access and share

Easily searchable and auditable

Impossible to forge

Product claims use case examples where VCs increase efficiency and reduce costs in supply chains


New product introduction:


Increasing pressure from online marketplace for retailers to bring new products faster, and in a more trusted way

Currently a costly process: building relationships, paperwork, ...


Product Traceability:


EPCIS events are emitted when a product moves along the supply chain

But parties in the chain don’t necessarily want to share the events with all parties involved

Leveraging VCs for anonymity

Many more, see slides

More details about the “New product introduction” use case

The process of getting quality products on the shelves for sale

Retailer needs to receive authoritative data about the product and business

Brand is often not trusted to provide data for its own goods

Today processes are duplicative, expensive, easy to forge


Planogram example:


Shelf space is a precious commodity

Product measurements coming from the manufacturer often cannot be trusted, and wrong measurements can be costly

Needing to hire an external third party to remeasure the products.


Product credentials work well together with brand credentials:


GTIN / GLN will be identifiers for products credentials

A brand can prove ownership of a GTIN / GLN with a brand credential (GS1 company prefix, GS1 GLN)

GS1 is the root of trust: issues brand credentials to company members

Trust flows from GS1, to Brands, to Retailers, to Customers that way


More details about the “Traceability” use case:

Pharma traceability:

Need to show unbroken chain of custody

How did this pharma product move ?

Each holder of the product can issue a credential stating that they had custody of the product at some point This credential can later be used as access to prove you are legitimate to see relevant EPCIS events


Verifiable Product Data considerations:


Shared vocabulary:


GS1 web vocabulary

Traceability Shared Vocabulary (Early Draft)


Identifiers for VCs:


Digilink URLs

DIDs: Decentralized Identifiers

Credentials as authorization capabilities:

Proving legitimacy to access data and system


Q&A -Technical discussion around VCs and identifiers.


GS1 has an existing standard: GS1 digital link that provides URLs to identify companies and products, down to the batch or lot number. These URLs can be leveraged as identifiers in VCs.

OBADA: https://www.obada.io/


Zoom Chat:


From Kaliya Identity Woman to Everyone: are you going to record the session if so claim the host

From Me to Everyone: think margo is planning to, providing no one objects

From Paul DIetrich to Everyone: Sounds great to me.

From Kaliya Identity Woman to Everyone: We have a note taker already - but if you want to join in you can :) ; Jonathan has his hand up

From drummondreed to Everyone: Drat. I only want to join silver bullet sessions ;-)

From Melanie Nuce to Everyone: +1 Drummond

From Tobias Looker to Everyone: Is the arrow the direction of the assertion? And does trust therefore flow in the other direction?

From Dave Crocker to Everyone: Chain of custody. No idea whether this relates adequately, but it might: The Authenticated Received Chain (ARC) Protocol https://tools.ietf.org/html/rfc8617

From Jim St.Clair to Everyone: We are building on use of VCs for authorization

From Tobias Looker to Everyone: This is awesome work! :)

From Orie Steele to Everyone: Thanks!

From Tyler @ Evernym to Everyone: Very focused application of VCs. I love it

From Bart Suichies to Everyone: where are the claims related to the products stored? And how are they linked to batch/unit?

From Dave_McKay to Everyone: https://medium.com/@rufftimo/verifiable-credentials-arent-credentials-they-re-containers-fab5b3ae5c0

From Jim St.Clair to Everyone: +1 Dave - semantic containers

From Orie Steele to Everyone: @Bart it depends, GS1 has a number of systems which can provide additional data, but obviously the claims can be embedded in the VC as well

From Tobias Looker to Everyone: The key with verifiable information is you don’t have to trust where you resolve it from

From Neil Thomson to Everyone: Is a Social Insurance Number a credential or an attribute?

From Bart Suichies to Everyone: @orie: if they're embedded, where do they go? do they travel with the batch? or are they stored elsewhere?

From Jim St.Clair to Everyone: @Neil, an attribute. It may be one of several items needed for the verification

From Bart Suichies to Everyone: ie - do products/batches have wallets? or is it more lookup systems?

From Neil Thomson to Everyone: @Jim - and possibly just an identifier (sub-class of attribute)

From Bart Suichies to Everyone: got it, thx paul

From Karen Hand to Everyone: Good use case - is there any thought on the access or use of the VC's for organizations or businesses working with manufacturers or processors to increase their market access?

From Tobias Looker to Everyone: Haha here we go this session is going to pivot into a DID WG meeting!

From drummondreed to Everyone: Well, it’s the perfect place to discuss ‘type’!

From Tobias Looker to Everyone: :)

From drummondreed to Everyone: “Hilarious” is not the word I’d use for it ;-)

From Bart Suichies to Everyone: products have privacy rights too you know ;)

From Orie Steele to Everyone: 37371372312 === person GDPR violation!

From drummondreed to Everyone: GTIN gets richer as a Digital Link gets richer as a verifiable credential

From Jim St.Clair to Everyone: Not much, but here you go https://www.obada.io/ A good example of conflict metals too

From Orie Steele to Everyone: Yes

From Paul DIetrich to Everyone: thanks. Who was speaking about PICO

From Jsearls to Everyone: Joyce Searls

Retrieved from "https://iiw.idcommons.net/index.php?title=4F/_Moving_Trusted_Data_across_Untrusted_Parties_in_Global_Supply_Chains&oldid=23266"