Verifiable Credentials for Global Supply Chains

From IIW

Verifiable Credentials For Global Supply Chains

Thursday 18B

Convener: Margo Johnson & Karyl Fowler

Notes-taker(s): Karyl Fowler & Margo Johnson

Tags for the session - technology discussed/ideas considered:

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Zoom Session Video Link (Provided by Karyl Fowler):

http://www.youtube.com/watch?v=FoIS_sWxeho&feature=youtu.be


Agenda:

-Global Supply Chain challenges and opportunities

-Transmute’s approach

-Group discussion


Blockchain

Paper credential into digital credential evolution

Only talk about blockchain where we think it is helpful

Verifiable credentials is all that really matters

Everything else is just how it works

Why blockchain? Instead of more traditional database with cryptographic signatures

You don’t have to use a blockchain.

In some cases it can be useful as shared source of trust with time stamp, not governed by a single actor

Decentralized Identifier

CU Ledger example: Domain name

Depends on the industry

Human terms - the way you have been given your name is decentralized

An identifier is just a name

No one cares if using an emerging technology

Just an identifier is helpful


Marketing order of operations

Trying not to lead with blockchain when possible

Overcoming existing market ideas


Opening pitch between chain of custody and e-signature solution

Verifiable credential - Trusted certificate or data

Digital version of a known asset


When does the lightbulb go off?

Reducing inefficiencies and liability

Competitive edge

Vendor reputation

Customer assurance


What’s the “lightbulb” moment?

  • When a customer realizes that this tech can provably connect the product (and assc. metadata/reputation info) to the vendor - which currently live in silo’d systems.

Different supply chains are at different levels of maturity

Sharing data - moving away from physical paper

Transmute: “Trusted trade documents for the future of global trade”


Business Value - emphasize w/ customers:

  • Data Integrity
  • Data Access Confidence
  • Data Insights & Analytics

Reviewed Customer Case Study: Steel Import Chain-of-Custody

Who would be the issuer of a document like the Steel Mill Certificate?

  • While we like the idea of a 3rd party issuer, it is not always possible for some use cases. Specifically for the steel mill certificate, the manufacturer themselves is the issuer of the credential often with customs brokers as the ones presenting the VC to the regulatory authorities [acting as the verifier].
  • Primary customer today is the verifier or the regulatory authority.

What is public and not public about the transactions?

  • The second value prop of “data access confidence” is a big selling point. Customers want to selectively disclose data to a variety of ecosystem parties without compromising their IP. Encrypted data storage integrated w/ existing storage solutions is how we enable the ability to securely share data.

If the information is encrypted, who can see the blob of encrypted data?

  • Since Transmute uses encrypted data vaults and integrates w/ customers existing storage provider, the data remains where it was already stored - behind the firewall of the customer. The DID is the only thing publically available to view, and what a party can see when they try to resolve the DID depends on their role and access permissions.

Interest in the digital twin; is there particular technology that we are applying there?

Also reference: http://www.gleif.org/en

  • The LEI identifies them as a legal entity, and there are other identifiers that can then be issued and associated with the entities that can facilitate easier trade/add value to their supply chains.
  • GLIVE could also be used as a registry for public DIDs that represent legal entities.

It seems like we need a standard for ensuring that a DID from a different system can be known/resolved/understood in this one. It seems like associating with a unique url as an ID might be more useful; but then how do you sign things? You need a public key. There are different privacy concerns for DIDs for individual persons vs. entities.

How do we solve for the human problems? Humans are not predictable and often fraud in an organization goes all the way to the top.


Zoom Chat Notes:


From Cam Geer to Everyone: (11:56 AM) 
product marketing 101!


From Stephen Curran to Everyone: (11:57 AM) 
Agree with never talking about it except when it adds to the education.


From Darrell to Everyone: (12:10 PM) 
I think we’re seeing the wrong monitor (seeing notes not slides)


From Nicky Hickman to Everyone: (12:12 PM) 
Have you tried to address specific use cases where decentralization is essential in order to trade. In UK we have the challenge of Brexit and the hot red land border in Ireland. Another example where decentralization is essential is where there are oligopolies, Tony Rose from knowyourcow.com explained that in the cattle markets there are basically 3 big players that dominate the market. With a decentralized model you can promote competition and fairness for smaller farmers and more niche markets e.g. halal or kosher

From Catherine-Finema to Everyone: (12:28 PM) 
Hi, is this presentation available for download? Very Interesting.


From Arjun Govind to Everyone: (12:28 PM) 
+1


From Me to Everyone: (12:30 PM) 
We can make it available as a google doc and include it in the session notes later today!


From Arjun Govind to Everyone: (12:31 PM) 
Thanks Karyl!


From Me to Everyone: (12:32 PM) 
Great notes/inputs Nicky! The fact that supply chains are inherently distributed across a variety of players and systems is part of why we believe it’s a space ripe for adoption. However, we as a company haven’t yet focused on targeting areas who would use the tech to drive more competition - rather we haven’t found that to be a selling point…yet.

From Nicky Hickman to Everyone: (12:33 PM) 
I understand. Ref what Margo is saying now, at least partially I think that the permissions are very clearly laid out in the relevant INCOTERM.