Back

Digital Identity

Endnotes

    Digital Identity

    Overview

    With the growing complexity of supply chains, trusted identities of peers in the supply network are critical to efficient operations. A trusted identity can span across different contexts, including both physical and digital. This module focuses on the latter form of identity – an online presence that represents and acts on behalf of an external actor.

    This module covers considerations and questions to guide the design of a responsible digital identity system as it relates to blockchain for supply chain. The information in this module assumes that blockchain is the key capability enabling transformation in a supply-chain use case.

    This module should be leveraged by the blockchain network’s designers, owners, and operators to focus digital identity as one of the key components of the blockchain capability. It contains general considerations around the design of a digital identity system, including who the actors are, technology decisions, business models, securing identity data, process and governance. It also includes a specific focus area intended to inform the design of a decentralised identity system.

    Recommended reading – Inclusive Deployment of Blockchain for Supply Chains Part 2 – Trustworthy verification of digital identities[59]

    Building trusted digital identities

    What is digital identity, and why is digital identity important?

    Online interactions in supply-chain use cases are growing in volume and complexity. Such growth introduces more potential for value creation, and contrarily, more potential for inefficiencies and risk. When blockchain technology is leveraged for a supply-chain use case, a trusted digital identity can facilitate complex online interactions, mitigate risk, and enable the full potential of the system.

    As a foundation to every transaction, a trusted digital identity unlocks the potential business value of distributed ledger technologies, allowing for greater confidence in the growing digital world, and ultimately making best use of blockchain to streamline, simplify, and reduce cost in supply-chain applications.

    In developing and deploying blockchain for a supply chain, digital identity must be embedded into the design, to facilitate and maintain trust. With increasingly complex supply chains, it is critical to ensure each contributing delegate is really “who” they claimed to be. Consider who should control digital identity verification in global supply chains – for example, a federated national stakeholder versus a private company versus individual stakeholders. How will this selection impact the ability of the blockchain to scale and maintain trust? Digital identity, when done correctly, will enable trust for every participant in the supply chain.

    In developing and deploying blockchain for a supply chain, digital identity must be embedded into the design, to facilitate and maintain trust.

    What is a digital identity?
    A digital identity is an online presence that represents and acts on behalf of an external actor in an ecosystem. An identity could belong to a legal entity, a financial intermediary, or a physical object, for example. Ideally, a digital identity is verified by a trust anchor, or something confirming the legitimacy of an actor, so that those interacting with that actor’s digital identity have confidence the actor is who and what it claims to be.

    Why is a digital identity important? When is it necessary?
    A digital identity is important to establish trust and understanding among stakeholders in an ecosystem. If stakeholders do not trust the identity of their peers, the data held in the blockchain solution will be deemed unreliable, and the overall ecosystem will lose its effectiveness.

    A supply-chain solution needs strong digital identities for all stakeholders involved because it brings together partners that may not have strong existing working relationships. For example, consider a global supply chain for luxury designer leather bags. Each stakeholder must work directly with those who represent the “links” in the supply chain immediately before and after, but not necessarily others throughout the chain. The raw material provider (first link) works directly with the leather treatment facilities (second link). Following the treatment, the leather is shipped to the manufacturing facility where it is sewn into handbags. Lastly, bags are sent to the final retailer (last link), who checks for authenticity of the bags with the manufacturer.

    Now, imagine an “Internet of things” (IoT) tracking device is attached to the bags during production. The blockchain and IoT tracking device unites and informs all supply-chain participants, giving each visibility into a larger portion of the supply chain. The supply chain becomes a web of interconnected businesses, rather than a linked chain. Identity is crucial to this example, as trust in each of the actors will affect the trust in the handbag and its authenticity. One needs to know that each actor, from devices, to legal entities, to employees and things, is trustworthy and really who they claim to be.

    This is especially important and complex in the digital world, where physical interaction with people and things, like the handbags, is replaced with digital transactions and data about goods, products, and entities.

    Implementing blockchain technology in supply chains should not just be focussed on increasing efficiency, but merely on redesigning trust for all its stakeholders, including consumers.

    Jan Scheele, Chief Executive Officer, Bitcanna

    Digital twins, or replicas in the digital world of actual assets or objects, can only be leveraged and trusted if certainty of identity can be established. For coffee to make its way from farmer to exporter, roaster, retailer, consumer, and everything in between, there is an interconnected web of organisations that rely on data to be shared and trusted to facilitate a multitude of interactions – such as certifications, payments, and proper movement of goods. Thus, the importance of trust and trust in data underpins companies’ ability to conduct trade, from authenticity of products to financing letters of credit to facilitating exports.

    Digital twins, or replicas in the digital world of actual assets or objects, can only be leveraged and trusted if certainty of identity can be established.

    Today, systems across the supply chain are built and operated in a siloed manner. To bring these together and to benefit from the transformation that blockchain can bring, a digital identity system for supply chain and trade needs to be thoughtfully designed to bring together these silos, enabling more efficient, accurate, and trustworthy digital interactions.

    This module can be used as a standalone resource, but is a complement to the prior publication, Inclusive Deployment of Blockchain for Supply Chains, Part 2: Trustworthy Verification of Digital Identities.[60]

    Identifying actors and defining roles

    What actors are involved in the blockchain use case, and how does identity affect them?

    Actors

    A digital identity system should be able to support digital identities for the various actors involved in a blockchain ecosystem, directly or indirectly through other mechanisms such as legacy or third-party systems the blockchain solution is integrated with. The word “actor” refers to any of the entities listed in the following illustration, which defines a broader view of supply-chain interactions using blockchain:

    Potential acting entities in supply-chain interactions
    Figure 5.1 – Potential acting entities in supply-chain interactions

    Why are actors important?
    Defining actors is a critical first step to take; who is involved will ultimately determine what the digital identity system looks like: how it functions, what technology is used, how data is handled, and so on. Digital identity determines the trustworthiness of an actor in the digital world, and digital identity must be thoughtfully designed to work effectively for, and with, each actor.

    Why look at each of these types of actors?
    Each of these types of actors is important to consider in designing a digital identity system for a blockchain solution in supply chain. While legal entities and public authorities may be the central actors involved, people and objects are acting on behalf of those entities in many transactions. Therefore, looking at the actors holistically is critical for getting the design of a digital identity system right.

    To hold each party accountable in a transaction, there needs to be a method to identify who/what was responsible for any specific part of the transaction. A trusted identity enables these transactions in the digital world and can even facilitate binding legal agreements digitally (through digital signatures) – a piece of enabling supply chains’ entrance into the digital world. Further, this trusted identity becomes more critical in a digital environment with no face-to-face interaction. (It should also be noted that many transactions happen directly between systems talking to other systems, without human involvement).

    A buyer might never meet a seller in person; instead the buyer must trust that the seller is real, and the goods are authentic. The value of blockchain is to enable trust in data such that parties who do not necessarily trust one another can more efficiently conduct business. Building mechanisms to support trusted digital identities for actors in a supply chain is foundational to a successful supply-chain solution.

    It is imperative to first consider the universe of potential actors in the ecosystem or use case. Each participating actor will need a trustworthy digital identity (of themselves) in order to interact in the digital world and need to trust the digital identity of others with whom they interact. Each actor may have different needs. Once the potential actors have been identified, consider some of the following questions:

    • Who (or what) is this actor in the use case and ecosystem?
      Starting with the “who” and illustrating it with examples will help to concretely define the types of actors and the digital identity needs for each. Remember to also include things, software agents that act on behalf of legal entities, and other roles in the ecosystem. Some of these actors may not even be present in the early days of the project, but the design must prepare for their addition later.

    • With what or whom does the actor need to interact?
      Determining the scope of transactions that each actor in a supply chain is involved in will help to define who should be part of the ecosystem. It is important to consider the lifecycle of each entity in the supply-chain transaction and how each component is created. This will inform how the identity of the component should be created, issued, and changed throughout the supply chain. Considering the lifecycle from creation of an entity will help to identify actors that might not have been previously considered. Understanding the lifecycle of these entities on the supply chain will help identify requirements for how its digital identity will be confirmed. For instance, what information is required for the identity to be trusted across the entire supply chain? Who needs what data for authenticating the entity? What other systems is the identity used for? What does it need to interact with? What technical and legal requirements, as well as critical processes, need to be fulfilled to support each of the interactions in which the actor is involved? Addressing these considerations in advance of building an ecosystem will provide a “big picture” understanding of the operations to come, allowing the team to build and proactively address considerations that could otherwise be overlooked.

    • What identity information and methods for identification and authentication are accepted, where, and in what contexts?
      Is the digital identity verifiable and auditable? Who owns the liability for identity proofing? Who are the trust anchors (authoritative sources for identity proofing)[61] for each actor?

      Trust anchors are authoritative entities that are accountable for maintaining the integrity of identity information, can attest to its accuracy, and can provide trust in the digital identity. Within their span of responsibilities, is the requirement to identity proof each actor under its jurisdiction. In many cases, a government agency or financial institution grants an actor – for instance, a legal entity – its proof of existence (PoE).[62] The trustworthiness of the institution granting the PoE impacts how trustworthy the digital identity of the actor is perceived to be; how strong and reliable is the vetting of the digital identity? Trust anchors are thus nominated because of how they are perceived by other actors in the ecosystem. Consider why and on what qualifications these trust anchors have been given these roles and the strength of the blockchain network’s governance and rules

    Trust anchors are authoritative entities that are accountable for maintaining the integrity of identity information, can attest to its accuracy, and can provide trust in the digital identity. Within their span of responsibilities, is the requirement to identity proof each actor under its jurisdiction.

    • How do elements of proof differ across an ecosystem based on levels of risk, business-specific considerations, and external factors?
      When a private-sector actor requests identity documents to validate an identity claim – for example, to prove legitimacy before opening a company bank account – the bank typically leverages a government- issued identity document. Hence, the government plays an important role in enabling initial trust for future transactions. While in most cases relating to human identities, trust anchors are typically regulated industries like banks, governments, or utilities, in a supply-chain use case, these trust anchors could include device manufacturers, freighters, custom forwarders, and cargo carriers.

      Different levels of assurance in the identity may be required depending on the level of risks associated with the transaction. Further, consider how these credentials are maintained on an ongoing basis. Should credentials need to be revoked, how can the ecosystem address this before a critical issue arises? The ecosystem should agree on a digital identity maintenance plan and a critical course of action in the event of corruption before operating. Ultimately, whether digital identities are trusted is at the discretion of each member in the ecosystem, and a decision that considers many different business-specific and external factors. For this reason, confidence in trust anchors is critical to the successful supply chain blockchain solution.

    • Who is responsible for the final interpretation of trust?
      In global supply chains, the level of trust will vary based on the governance of the digital identity and the standards to which it is held – and ultimately, individual entities will interpret how much to trust an identity based on a number of factors. An entity will adjust trust levels for each PoE based on previous business transactions, industry expertise, geography, political climate, and other factors. For example, one may attribute high trust in identities with a PoE issued by a neighbouring country because of the similar political and economic environments, yet it may reduce how much it trusts identities from another country that has different business norms or increased instability.

    • What identity information of the actor is considered private or should not be shared? How are privacy and control maintained? What identity and related data are required for audit and compliance, security policies, and what data can be shared? What are the unintended consequences given the permanence of blockchain and changing data protection regulatory environment?
      What is considered private and confidential to one actor is not always for another. What is considered confidential data today might not be tomorrow. Conversely, what is not considered confidential data today, might be confidential and private tomorrow. It is critical to consider what data should be shared on-chain and what shouldn’t be shared, because once the data is on-chain, it is there permanently. Moreover, with better computing capability, any encryption capabilities have a lifespan. What is considered “unhackable” today, might not be true in a few years to come. All organisations considering blockchain in their supply-chain environment must consider the unintended consequences of sharing data. For example, business intelligence can derive meaning from patterns in available data and use analytics to advance their future transactions. Most organisations today do not have information security policies that define what data should be shared and how to share these in a blockchain environment. In most cases, organisations’ policies are unlikely to allow for data to be shared with parties that are not “trusted” or have no established relationships with. As legal systems shift, organisations can leverage evolving technologies to provide options in addressing these legal barriers. Consider how to manage different levels of privacy and transparency, especially in the context of establishing a blockchain system, where information is stored in a non-traditional, shared data construct. For efficiency, privacy, and performance reasons, consider how to put as little data as possible on chain.

    For more information on personal data protection and the EU’s General Data Protection Regulation (GDPR), see the module Personal Data Handling.

    Roles and lifecycle

    When is an actor “created”? What are the different stages an actor can have? Understanding this aspect of the actors can help define what digital identity means for each, and the nuances that exist even within a category. For instance, how does an entity define the “birth” of an IoT device or a physical object? What can be used to reliably identify that object throughout its lifecycle as it gets software updates and patches, as it transforms, or as it changes custody? How do the trust anchors and their roles change as that object transforms? How does a change to its status affect any data about it or collected from it – and how can an entity define the “end of life” for an object? Or, how is the consensual exit of any actor from the network handled? Finally, how does one build a foundational process that empowers an entity to address these identity decisions, understanding that the traditional view of government-issued identity isn’t transferable in global trade networks?

    Legal entities are always a primary party involved in a transaction. Therefore, it is key that they have reliable, trustworthy digital identities. They may also be a source of trust for other actors – such as those actors’ employees or autonomous software agents (ASAs) they run. Ultimately, the legal entity will decide what trust to place on a digital identity – legitimising other actors in the ecosystem.

    Public authorities

    Public authorities often provide PoE for legal entities. In addition, they are heavily involved in ensuring compliance with certifications, licenses, tax collection, laws, and other regulations – such as in the import and export of goods and services. Therefore, public authorities may play the role of, both an identity provider and a consumer. They will need a trustworthy digital identity to participate in digital transactions.

    Autonomous software agents

    Software will increasingly be used to make decisions or take actions autonomously on behalf of an actor. An ASA will need the appropriate proof to show its association with that actor, and the authority under which it can transact. Especially as an ASA may make decisions, it is important to clearly outline accountability of a given transaction and ensure the ASA itself remains secure.

    Physical objects

    The link between the physical and digital world is highlighted when defining digital identity for physical objects. Identification and authentication methods must be flexible to implement and continue to be effective even when characteristics of those objects change – especially when considering the use of digital twins that heavily rely on adaptable and accurate methods of identifying and maintaining the state of real assets. For instance, as an object or its use transforms through the supply chain, the method must adapt to the change without compromising integrity. Identities for these objects can range from simple to very complex due to how often those characteristics change and how often that object changes custody/ownership. Industry standards will be important so that different parties may effectively communicate about complex physical objects and their digital twins.

    People

    Employees and contractors that act on behalf of another actor – such as a legal entity or public authority – need to be able to prove their authority to transact on behalf of that actor in a reliable and trustworthy manner. For instance, how can an entity prove the individual who digitally signed a document is who they say they are, and is authorised to act on behalf of their employer in that context?

    Custodianship is an official role whereby an individual may be granted specific rights over a digital identity. For instance, a person may have custody of a car’s digital twin once they have bought, and own, the physical car. This topic can be complex in and of itself, but it is important to consider how people may be custodians of identity information on behalf of legal entities, things, or even other people.

    People have many different personas, an “employee” or “contractor” being just a couple of examples. People may be delegated specific access or control of a digital identity based on their different personas or the different roles they play in an ecosystem; it is therefore critical to consider how to build a good digital identity that real humans can establish, use, and maintain in a way that works for them. There are many additional considerations when building good digital identity for people, such as ease of use and inclusivity.[63]

    Connecting the dots

    The actors, their associated lifecycles, and roles defined in the ecosystem are highly interconnected and interdependent on one another. For instance, a person’s authority to transact on behalf of a legal entity is conferred on them by that legal entity; the legal entity’s legal status and PoE is often given by another legal entity (such as a financial institution or a public authority). This interconnectedness means that digital identity needs to be carefully considered for each actor. If digital identities of just one type are not trusted, then that distrust can propagate and undermine the trust that is foundational to online transactions, including in a supply chain blockchain solution.

    Propagation of distrust in an interconnected world
    Figure 5.2 – Propagation of distrust in an interconnected world

    A supply chain blockchain solution is often the work of multiple contributing groups, so digital identity will need to be designed collaboratively. Trusted digital identities are therefore a collective effort by many parties, and require collaboration across industries, sectors, and borders to be effectively maintained and managed.

    Making technology decisions

    What models for digital identity should be considered? How can one ensure digital identities are secure and interoperable?

    The distributed and shared nature of blockchain means there are several different technical considerations for digital identity in supply chain. In setting technical requirements, it is also crucial to take into account the great variety of actors, needs, and use cases that may be covered in a blockchain solution. With that in mind, digital identity and access control must be scalable to support a growing and varied ecosystem.

    Supply-chain implementations of blockchain mean there is a breadth of different actors, from legal entities to connected devices. The decentralised nature of the blockchain shifts the responsibility of ecosystem building, which has traditionally been placed on a centralised point of control, to many stakeholders in the ecosystem.

    Overall, blockchain enables real-time data sharing among parties that may not have traditionally worked together, essentially removing the middleman from these connections. Additionally, the transparency that blockchain can provide introduces new considerations around privacy and auditability. How can this breadth of technical requirements and limitations be properly dealt with to ensure a successful blockchain deployment?

    Archetypes for digital identities

    For detailed information on each archetype and comparisons among them, refer to a previous publication on digital identity. Included in that publication[64] are several considerations when choosing amongst different identity archetypes. Keep in mind, however, that most identity systems today are built for people and not the scale of, for instance, millions of connected devices or complex legal entities. In a more complex world where people, things, legal entities, and processes all interact, moving from the current centralised, siloed systems (some still paper-based) to even a federated model will require strong collaboration and may be a large lift.

    Centralised digital identity system

    Overview:

    • Traditional model for most identity systems.
    • Usually owned and managed by a single organisation for users to access services provided by that organisation.

    In practice:

    • In the supply chains space, this shows up with an employee in a procurement department having a set of credentials to authenticate with an online supplier’s ordering system.

    Key considerations:

    • Centralised identity systems are, by nature, siloed. Amid a growing crisis of identity fragmentation, organisations are moving toward including federated identity models in their identity systems and exploring decentralised identities.
    • If working from a centralised identity system and looking to incorporate that into a blockchain solution for supply chain as the primary form of digital identity, scalability and extensibility may be a concern if neither federation nor decentralisation for identity is available.
    A centralised identity system
    Figure 5.3 – A centralised identity system

    Federated digital identity system

    Overview:

    • Enable a one-to-one trust relationship between entities.
    • An Identity Provider (IdP) and the Service Provider (SP) establish a relationship and the SP decides to trust and accept digital identities from an IdP. The SP accepts a standardised and agreed-upon set of identity information from the IdP, and trusts that the IdP has done the necessary identity validation and sufficient authentication to prove that the entity really is who they say they are.

    In practice:

    • In the consumer space, this often shows up as the ability to log into, say, a retailer’s website using social media credentials.

    Key considerations:

    • While some standards, such as the federation standards SAML2.0 and OIDC/ OAuth2.0, provide a means for a basic level of interoperability, each organisation must still establish relationships with each other organisation (in a one-to-one model).
    • When considering using a federated model for the identity system, ensure it is standards-based and scalable for the purposes – especially in a large blockchain solution where establishing trust in each individual entity involved may be a challenge. Given that federated models are mostly built around use cases for people (and sometimes legal entities), identity of devices needs to be investigated further in federated models for support and scalability.
    A federated identity system
    Figure 5.4 – A federated identity system

    Decentralised digital identity system

    Overview:

    • Decentralised identity models are emerging and starting to gain traction.
    • An identity holder, verifier, and issuer all work to establish verifiable and authentic digital identity for entities involved.
      • The holder (in the cases of consumers, an end-user, or a delegate of a company responsible for maintenance of the company’s digital identity) receives verifiable pieces of identity information from an issuer.
      • A verifier receives pieces of the entity’s digital identity by that entity sharing it with them, where the verifier can check that the information is correct and authentic with the ledger.

    Example
    British Colombia and Ontario’s Verifiable Organizations Network. The Canadian provinces of British Colombia and Ontario designed the Verifiable Organizations Network (VON) to enable a trusted digital environment for their businesses. Using the decentralised identity system Sovrin Network, where they have placed their credential definitions and verification keys, it aims to furnish businesses with a trusted digital identity issued by their local government with which they can conduct their affairs globally. Shortly after their launch in early 2019, VON had already more than 7 million verifiable credentials for Canadian companies issued.[65]

    Key considerations:

    • While this model has enormous potential, it is still in an emerging state. Many organisations are not yet poised to accept a decentralised identity model for production use cases, though that is changing.
    • When considering this model, ensure that organisations are well-prepared for the changes that this new model for identity will necessitate – such as the changes to governance models for digital identity requiring cross- organisation support and the associated technology changes.
    • To future-proof a decentralised identity model, ensure it follows the emerging standards, such as those by the World Wide Web Consortium. However, because of the potential of a decentralised identity model and several important differences in how digital identity is managed and constructed in this model, an additional focus area with specific considerations for decentralised identity is invited.
    A decentralised identity system
    Figure 5.5 – A decentralised identity system

    Blockchain has allowed us to take a completely different approach to digital identities that ranges from better protecting private information and giving users higher control over their data to the consideration of very interesting ideas about user authentication and peer-to-peer validation.

    Hanns-Christian Hanebeck, Founder and Chief Executive Officer, Truckl.io

    A hybrid model for digital identity

    These three different archetypes each have their benefits and challenges and provide unique solutions to the digital identity space. Consider the possibility that an identity system is unlikely to maintain just one, or even only two, of these models; all three may coexist and therefore interoperate.

    For instance, one such model could be a centralised-decentralised hybrid model, whereby proofing and de-duplication (ensuring uniqueness and singularity of a digital identity) is done centrally, and authentication occurs in a decentralised model.

    A hybrid model supports the role of critically important centralised systems and enables the trusted sharing of data across systems and entities – building capabilities on top of what exists and bringing a wider ecosystem of actors together. This takes the collaborative effort and work of parties across an ecosystem, from building governance models to collaborating on standards and working with new technology to enable transformation in trade and supply chains.

    Standards, integration and interoperability

    The pace and ease at which an organisation’s digital identity system can be adopted depends on the ease of integration and its wide acceptance. Greater acceptance and interoperability of digital identity can support the wider adoption of cross-enterprise and cross-sector blockchains, since digital identity is foundational for every transaction – including those that are supported by blockchain. Also, identity systems and their interoperability are a vital part of overall system’s interoperability.

    Like barcodes, the digital identity of any entity on the supply chain must be widely accepted and recognised for it to be adopted.

    General interoperability techniques and approaches are also valid when it comes to the integration and interoperability of identity management systems. For a broader look at the topic of interoperability and how different systems talk to each other, refer to the module Interoperability.

    When an organisation tries to design a digital identity system for a blockchain solution, it is important to be able to support existing and common methods and technical requirements for digital identity. Any standards that are used or supported should also be considered especially for the interest of inclusivity. Such care for actors with limited access to technology will enable them to have a digital identity or otherwise use them.

    As the blockchain deployment scales and the number and types of actors expand, interoperability of a digital identity system will play a crucial role.

    When considering what technology standards to support in a digital identity system, understand what most of the actors in an ecosystem currently support or use. If a digital identity system for the supply-chain blockchain solution will support up-and-coming archetypes (e.g. decentralised identity) or technologies, one must consider how to bridge the gap that many of the actors in the ecosystem will inevitably face: how to interact with the blockchain solution based on different technologies than the deployment currently uses. Most identity systems in the real world operate based on centralised archetypes and support some federation protocols like SAML or OIDC/OAuth. In the meantime, some blockchain solutions want to move to a decentralised identity management model. Therefore, there must be a way to support interoperability between the two while actors are being onboarded to the new technology.

    Critically, consider how to make the most of the transformation that comes with using a blockchain; while in the short term existing systems may need to be compatible with blockchain, a long-term strategy should more deeply consider the design of future systems and how to handle changes to technologies, standards, scale, and ways of doing business.

    However, having standards does not guarantee acceptance. On an organisational level, it is critical that acceptance of the digital identity is established across the ecosystem well before any standards discussions take place. Acceptance of a digital identity is a matter of governance before it is a technical discussion.

    Standards for identity management systems

    Interoperability is what will enable scale for a digital identity system. Therefore, it is recommended that the supporting ‘standards’ that actors in an ecosystem already support, or that the market is moving towards, be a critical piece of the design of a digital identity system. If it is not standards-based, it will not be viable in the long-term.

    For instance, National Institute of Standards and Technology (NIST) in the United States has defined Identity Assurance Levels (IALs) to define assurance levels for identity proofing, Authentication Assurance Levels (AALs) for authentication, and Federation Assurance Levels (FALs) for federation cases, in the context of identity for humans.[66] These governance rules help to unify the assurance in a digital identity – how stringent the procedures were for each identity proofing, authentication, and federation – across entities such that they can interpret and understand these aspects of a digital identity from other systems. And while often referenced with respect to human and consumer digital identities, these standards on governance are defined such that they can be applied to any of the actors defined in this document.

    Cybersecurity and digital identity

    Integrity in a digital identity depends on the security of the technology that supports it. If the digital identity system is not secure, there is less assurance that the actors are really who they claim to be.

    As digital identity is foundational to every transaction, it is critical that digital identities are managed by secure process and system.[67] This will not be a new effort but yet require endless efforts to manage systems security. This will not be a new effort but yet require endless efforts to manage systems security. See the module Cybersecurity, and more specifically for key considerations refer to focus areas Blockchain cybersecurity risk management and Blockchain secure deployment.

    On the other hand, data protection in the sense such as data confidentiality and data integrity sometimes utilises digital identity system, such as role- based access controls or even private blockchains. These requirements, such as the security level, will influence to the design of a digital identity system. Requirements from the data-protection perspective are discussed in the modules such as Data Protection, Data Integrity, and Personal Data Handling. Also, the module Legal and Regulatory Compliance explains how laws and regulations may affect decisions – for instance, how personally identifiable information (PII) is regulated. The module Financial Reporting and Controls considers the auditing process of legal entity-related identity date and its use.

    Future-proof your digital identity system

    How can one ensure digital identities are sustainable and scalable to support ever-changing technology landscapes?

    The initial building and implementation of a blockchain solution should be done with the future state in mind. While a digital identity system is enabled to support the blockchain solution, it must be sustainable in and of itself.

    If the digital identity system cannot scale, or cannot be maintained long-term, then the blockchain solution is at risk of scaling to new use cases, products, industries, and jurisdictions. It is also important to consider how the blockchain solution can leverage existing tools and infrastructure to ease the burdens that come with the massive changes enabled by the blockchain solution and use case – and how any new models and identity systems interoperate with those existing systems. For members of the ecosystem, knowing the solution can grow with the ecosystem provides comfort that the technology will not be a limiting factor as they shift their business processes to accommodate it.

    Scalability

    Blockchain for supply chain will inherently involve numerous organisations and governments across sectors and borders. The number of people and devices involved will also grow. It’s important to consider not just what will work now, or for the next 5 years, but what can be supported as the number and types of entities involved changes.

    • Cost and maintenance: Looking at each type of actor and use case supported, understand how the digital identity system scales in terms of cost or complexity of maintenance. Analyse, also, how the technology that underlies the digital identity system scales, as well as any costs associated with scaling. For instance:
      • How much does the infrastructure cost to maintain, including both any existing identity systems being integrated with the blockchain solution and new pieces added to support digital identity?
      • How are upgrades to any digital identity components handled across the entire solution? Does each member of the network need to shut down all at once, for instance, or can upgrades be rolled incrementally? How are these upgrades tested?
    • Cross-sector interoperability: Today, numerous sectors are conducting blockchain pilots using different platforms and different ways of managing identities. Some do not consider digital identities at all. As any supply chain crosses sectors, it is critical to consider how the data across blockchain platforms could be consumed and trusted, how blockchain platforms will need to interoperate across sectors, how blockchain platforms will adapt to innovative and scale for growth, and how identities will need to be verifiable and trusted across platforms and sectors.
    • Change management: Consider if changes to a digital identity system would be prohibitive if the blockchain solution is scaled up. Understand how changes to requirements are evaluated, approved, and implemented, and if there is a governing body that plays a role in that process.
      • How is training of employees handled when a new digital identity system or processes are in place? How are legal entities informed of changes and enabled to make any corresponding changes in their processes? How are devices updated with any new identity requirements, software, etc.?
      • How are new features added? Who gets to decide what, if any, new capabilities are enabled? What is standardised across the ecosystem, and how does any governing body of the blockchain solution handle these decisions?
      • What happens if laws and regulations change, or if an authority changes identity issuance processes (for instance)? Who needs to be involved in understanding and implementing any corresponding changes to existing or new identities, and changes to processes in the identity system itself?
    Figure 5.6 – A future-proven digital identity system must be scalable and sustainable

    Sustainability

    A digital identity system in any supply chain should have sustainable, long-term financial and maintenance plans to ensure its use and survival. Blockchain introduces new ways of working, which requires new cost models. To make a blockchain solution sustainable, it must provide a positive return on investment (ROI) for the organisations involved. This return may be achieved through lower costs or improved business efficiency, for example. Cost models must be shifted accordingly, to offer ways of sharing the burden of supporting and enhancing the systems that make it work – such as digital identity systems.

    • Financial model: A digital identity system should have clear financial support, whether brand new or integrating existing digital identity systems. As blockchain solutions are inherently shared among different legal entities (and even different departments within those), it is important to understand how digital identity will be supported financially in this new way of working
    • Maintenance & ongoing support: Consider also how the technology that supports the digital identity system will be supported, maintained, operated and how changes can be implemented. To avoid a backlog of upgrades and maintenance that differ across actors, it is important to determine operating model and effective operations of the blockchain network in order to keep all relevant parties synchronised and secured. The digital identity parts require operations and support with the right skills and expertise, just like any other system.

    Example
    The Bitcoin blockchain compensates its miners for verifying transactions on the chain by rewarding them with bitcoins, thus providing a financial incentive to encourage its upkeep.

    Example
    The host of a blockchain will charge a fee for external stakeholders to cover cost of maintenance and provide the business a return on investment. The value the ecosystem adds to the stakeholders, through greater transparency and data availability, must justify the fee. If this is the case, a cyclical value chain makes the solution sustainable.

    Defining and securing identity data

    What data will be created and associated with particular people or entities in a blockchain solution, and what specific steps should be taken to ensure adequate protection of that information?

    Data associated with a digital identity, commonly referred to as “identity data”, is a vital component in establishing trust among different stakeholders in a supply-chain ecosystem.

    You are what your attributes (or in other words your identity data) say you are.[68]

    You are what your attributes (or in other words your identity data) say you are. For instance, a logistics provider may ask a factory to provide it with identity data – like the entity’s legal incorporated name or a legal address – before doing any business with that factory.

    Digital identities are useful insofar as the identity data are accurate, up-to-date, verifiable, and securely managed.

    This benefit also plays a critical role in linking the physical and digital worlds. This is accomplished by creating a digital twin, or virtual representation that clones a physical object. For example, a physical handbag moving through the supply chain has a digital record of movement assigned to its digital replica. In such use cases, what information is used for identity data, and how to create these links is an important component of a good digital identity for supply chain. (See the module Data Integrity for more information on digital twin integrity).

    Key topics for consideration as part of a well-managed identity data process include:

    Accuracy and verifiability

    A trusted digital identity requires that critical pieces of identity data – for instance, the tax identification code of a legal entity – remain accurate, up-to- date, and verifiable. Consider how often that data changes and how a digital identity can remain fresh, and therefore trusted and relevant.

    Feasibility and maintenance

    For a digital identity to be sustainable, the data associated with it needs to be feasible to collect, to verify and maintain, or to otherwise reconcile. There are several factors to balance when deciding what information to include in a digital identity and how, including costs, time, accuracy, and liability. For instance, consider the following questions:

    • How often should identity data be verified for accuracy and updated? What happens to a digital identity after an actor has been successfully onboarded? If, for instance, an ASA’s software package has been updated, should that be recorded? Who is responsible for updating the digital identities of devices, and how? How much will it cost – versus the benefit received – to update and verify identity data? Is it sufficient to rely on annual audits, or should more regular verifications take place? It can be time and resource intensive to conduct deep assessments of the accuracy of identity data, but inaccurate data can render the digital identity less credible, if not useless.
    • What is the minimum amount of data necessary? In this age of Big Data, it may be difficult to imagine not collecting every piece of identity- related data available – not just for people, but also for legal entities and things. Data minimalism,[69] in fact, is a rising trend due to the complexity and liability associated with holding identity records of many actors – where the data stores then become a huge risk for attacks and breaches. Consider collecting only the minimum amount of data necessary, to reduce complexity and liability.
    • Where possible, implement standards-based identity data and identifiers. For instance, the Legal Entity Identifier (LEI) has enabled and standardised this identification process for financial transactions by providing each legal entity a unique identifier code based on a defined standard (ISO 17442). This will enable participants across the ecosystem able to render and understand critical pieces of identity data that enable digital interactions.

    Confidentiality and privacy

    A blockchain solution is only as valuable as the data the stakeholders choose to share on it – and how much other stakeholders can be trusted. To reach its fullest potential, a blockchain’s architecture should ensure confidentiality and privacy protection of identity data – or risk losing trust in the other actors in the digital world and, therefore, any information they provide or transactions they perform.

    Digital identities are composed of different data points that help to identify and authenticate an entity in different contexts. It’s critical that the data – especially that which is private or a trade secret – remain confidential. Such data should only be accessed, modified, and controlled by authorised parties.[70]

    More details on protecting commercially sensitive data and privacy data are found in the modules Data Protection and Personal Data Handling.

    Data exchange in a blockchain world: on-chain or off-chain

    While there are identity-specific blockchain platforms that have emerged, other types of identity data or sensitive data are not always considered with the same scrutiny. With proliferation of blockchain solutions and the permanent nature of blockchain, it is critical that any sensitive data and different types of identity data are considered in their treatment – including what types of identity data may need to be off-chain – as part of the blockchain solution. It is recommended that if there is data that is considered private or sensitive – for instance PII of an employee or sensitive trade information – that data should not be stored on the blockchain. For more information on protecting personal data, see the module Personal Data Handling.

    Process and governance

    What are the important non-technical processes and governance points to consider when designing and building the digital identity system?

    In a supply chain blockchain ecosystem where actors have different goals and incentives, and where laws and regulations lag technology, below is a list of important non-technical processes and governance points to consider when designing and building the digital identity system.

    • Identity and identity data ownership and stewardship: It’s important to establish who or what party is responsible for (and has the rights to establish, read, use, or update) an identity and related data. Consider the different roles, rights, and responsibilities that data owners, custodians, maintainers, etc. might have, and how they differ. It may not be entirely clear in some cases, and therefore it is important to establish upfront what these roles might look like. For instance, if a physical object is transferred from one party to another, or if custody changes, what responsibilities do each of the parties involved have? Federated Identity Management (FIM) has begun to explore this ambiguity. To address differences in security requirements among involved parties, participating members are required to implement policies that address the security requirements of all the members.
    • Liability, risk management and role of insurance: If identity data turns out to be fake or wrong, who is liable? Is there a role for insurers to be part of the ecosystem to underwrite the risks? Standards and procedures should be defined and enforced in order to achieve a common baseline to reduce risks in the network e.g. level of due diligence required for identity proofing and for validating and accepting an identity. Define procedures and liability terms with levels of assurance that are universally understood and accepted for when something goes wrong. E.g. if one entity has a breach, how are identities revoked? How do other parties reduce risks and exposure? Understand who is liable and responsible for what and outline a plan for remediating any costs and disputes. Plan for these situations so it’s clear who is responsible in the aftermath and beyond to create a resilient system.
    • Digital identity system governance & maintenance: Maintaining an identity system is more than ensuring the technology is functioning correctly. As ecosystems and use cases change, the processes that support and structure a digital identity system may also need to change. Consider how to evaluate the overall health and functionality of the system.
      • Starting out: Building a digital identity system for an ecosystem effort in blockchain will require collaboration and agreement in the very beginning. For instance, digital identities and identifiers will need to be established from the very beginning of the supply-chain use case – how can this be efficiently and effectively done, especially where not all the actors in supply chain are known? Or how is proper “use” of identity defined? Understand what problems need to be solved from the beginning and work out where collaboration is required.
      • Maintenance: An actor may participate in many different supply chains or ecosystems; look for opportunities to collaborate or establish interoperability. Especially in the case of omnipresent organisations, for example, large scale shipping companies, a verified digital identity can be leveraged across multiple supply chains. Additionally, map out theresponsibilities in terms of cost and maintenance.
      • Monitoring and oversight: Establish metrics that could be used to view and understand the overall health and success of the digital identity system and how it could be improved to better support the blockchain solution for supply chain. Additionally, consider establishing independent oversight of the digital identity system; especially in an ecosystem where many different entities are involved, it is important to have a neutral body, entity or procedure that can help ensure the trustworthiness and integrity of digital identity.
    • Regulatory considerations: Identity often is regulated and can involve highly sensitive information. Given that many supply chains span multiple countries or jurisdictions, complying with these regulations or ensuring privacy can get complex. The International Traffic in Arms Regulation (ITAR), for example, controls the movement of defence-related materials. A blockchain operating in this environment would be limited to publishing only ITAR-compliant data on the chain – and therefore any identity-related data must ensure compliance with that regulation. It is important to design a new blockchain for supply chain use case with these considerations in mind.

    Decentralised identity considerations

    How is decentralised identity a different model, and what additional governance and technology decisions need to be made?

    As adoption of a decentralised model for identity is emerging, technology and standards are evolving. While ideal case is a single solution to work for all global supply chains, the reality is that most supply chains are incredibly different from one another, so different solutions may emerge on a case by case basis. For example, consider how a milk supply chain differs from a coffee supply chain. A milk supply chain may operate entirely within one country versus a standard coffee supply chain will operate in a few – so the regulations that each may adhere to with regards to identity information will be different. The actors in these environments may be entirely different – where milk, for instance, may involve strict refrigeration requirements and therefore requires monitoring at every step, whereas coffee may be a more robust product and involve very different transportation methods, companies, etc. And, of course, the types of data and information that both may need to handle will be extremely different. Where a single solution could add value is within a narrow and very homogenous industry, for example, the airline industry. Across the industry, companies face similar issues, supply chains include similar (if not the same) stakeholders, etc. This similarity across the industry invites the potential for a more universal solution across the industry.

    It is critical to understand what recurring considerations need to be addressed when creating a decentralised identity ecosystem – including operational considerations (e.g. who operates nodes, and the responsibilities of each node or actor involved), technological considerations (e.g. technology design and support), and governance of the decentralised identity system. Decentralised identity is still very much an evolving space and will require ongoing evaluation.

    Decentralised identity may be a great archetype to use to help preserve the benefits of decentralisation in a blockchain solution for supply chain. However, it is again important to consider interoperability and even a hybrid model for identity; organisations, especially in a supply chain world where changing the procedures of many organisations, people, and thing is necessary for moving to a new technology, may not be able to move to a fully decentralised model for identity for reasons such as cost, time, change management complexities, and others.

    Decentralised identity standards

    As identity is often considered more sensitive and requires different security architecture and privacy considerations, specific models and platforms have emerged in blockchain for identity e.g. Hyperledger Indy, DIF. Standards that are specific to decentralised identity are also emerging, such as ISO TC307 (Working Group 2). Additionally, a working group under the W3C began to define a standard on Decentralised Digital Identities in September of 2019.

    Common data standards and technical standards are critically important for decentralised identity to be adopted in supply chain. Emerging standards exist today for decentralised identity but most of these relate to people (e.g. ERC 725, DIDs). These will need to be adapted and considered specifically for legal entities, connected devices, things, and ASAs. For organisations adopting decentralised identity for blockchain in supply chain, it is essential to keep abreast of these changing standards, as this will greatly influence future success of the solution and its adoption. Standards will help to drive interoperability across industries and supply chains for blockchain to deliver business value.

    Example
    ERC 725 is one example of a proposed industry standard. This standard allows users to manage their identity across all platforms that support it, instead of forcing the user to forego ownership of their identity to a centralised organisation.

    Organisations need to consider these as some blockchain platforms are not well suited for the identity use cases. It is recommended to use built-for- purpose blockchain platforms: those that have been designed with identity as the central use case, though the platform should be evaluated on a case-by-case basis.

    Technical design

    Consider up front which blockchain should be used, and what model will be supported (e.g. public or private, permissioned, etc.), and how identity data should be stored – for instance, if sidechains or other archetypes are necessary to support privacy considerations. Given the evolving nature of blockchain as a relatively new archetype, consider if or how a hybrid model could be supported and how current architectures and technologies used for digital identity might be integrated to support a smoother and quicker transition.

    Ecosystem technology support

    Understand who will support the technology in the ecosystem – for instance, who will run nodes, and what changes in technology or policies will be required throughout the ecosystem to support the new model. It is important to note that blockchains with fewer nodes (such as new platforms or those that have been abandoned by most of their nodes) are more susceptible to being compromised by malicious actors, because it is easier to achieve a majority.[71] For this reason, a well-defined ecosystem of technology support will make a blockchain more secure.

    Example
    Digital Bazaar and GS1 Proof of Concept (PoC) to build verifiable identities for stakeholders, with an emphasis on supply chain and shipping.
    IBM Trust Your Supplier: The blockchain addresses issues in supplier management, including validating supplier credentials, supplier onboarding, and lifecycle management.

    Businesses and international standards organisations such as Digital Bazaar and GS1[72] and IBM[73] are building decentralised identity systems that will verify identity of stakeholder in a global supply chain, enabling a global interoperable system of identity management. These systems, in the future, can be used by a newly established ecosystem to verify legitimacy of each stakeholder. While these types of identity systems are still emerging, it is important to keep close watch on how they evolve.

    Data storage and validation

    The way identity data has been traditionally stored, maintained, and used changes in a decentralised model.

    • Data storage: What identity data is considered private? This data should not go on chain, rather, it should be stored and accessed by a different model that ensures the privacy of data in the long term. Consider a model like Decentralised identifier (DID) [5] - identity data that is deemed private is stored off the blockchain; and in its place on chain, is reference information that indicates where that data exists. Conversely, data that is not considered private can be stored on chain. Creating environments with specific entitlement requirements based on privacy, reinforces the access security across users and ensures the security of data that is considered private is not compromised.
    • Validation: While in the long term, a centralised PoE issuing authority may develop, in the short term there is no universal centralised solution. Thus, a decentralised identity model introduces a new way of working, which is characterised by a non-centralised responsibility for identity data validation, to ensure actors involved are legitimate. How is identity data validated in this new decentralised model? Understand any additional actors or processes that need to be included, or what changes are necessary, to support this new way of working and maintain an acceptable level of accuracy and authenticity of identity data in the ecosystem.

    Governance

    Adopting a decentralised archetype for digital identity introduces new ways of working and thinking about digital identity – where regulations may lag and traditional polices on identity are not effective means of governing and securing decentralised digital identities. Decentralised identity, operated by a consortium model typically built on top of distributed ledger, has specific considerations to tease out.

    While enabled by technology, successful implementation requires thorough governance considerations including:

    • Operating models: How are decisions made when there is no central authority governing the digital identity system, and what roles do ecosystem participants play? The concept of digital identity ownership changes from a traditional model when moving to a decentralised model. For instance, in a centralised identity model, the system owner owns, and is responsible and liable for, all the identities it contains. What policies and operating models need to change?
      The Depository Trust & Clearing Corporation (DTCC) is building a blockchain-based solution for reporting of credit default swaps (CDS). This solution unites many different stakeholders within the ecosystem, so DTCC and Accenture teamed up to define governance and the operating model for the solution. In defining these terms, DTCC hopes to instil confidence in the safety of information in the network, so stakeholders engage fully.
      The DTCC,[74] for instance, has defined a governance and operating model for a blockchain platform.

    • Policies and regulations: How are policies enforced across a decentralised identity ecosystem – especially where laws and regulations have not yet caught up to a decentralised identity model? Having independent oversight and collaborating with public authorities on developing regulations can ensure development of policies that positively affect a decentralised model – such as ensuring its longevity or promoting collaboration between parties. Consider also how auditing and reporting requirements can be met, and how a regulator or auditing role and a corresponding audit node can be supported. Refer to module Legal and Regulatory Compliance, for several legal issues that arise when making use of decentralised digital identity systems.

    • Wide, cross-cutting impacts: Look beyond the walls of a single use case and single network – what roles to other ecosystems or networks play, and how can digital identity enable new or different operating models across different use cases, ecosystems, and networks? For instance, how does the digital identity of a legal entity in the context of a single handbag supply chain interact with a digital identity system built for consumers of those handbags? Digital identity is most useful when it operates beyond silos, but given the complexity, significant work is needed to establish a cross-cutting governance model and understand the impact beyond the interactions of a single network or single type of actor or entity.

    And you might ask, what's the benefit of digitalising the supply chain. Simple. A country that can't have or lacks seamless e-trade capabilities - can't have strong economic ties, because having an economic relationship is a form of trading itself. This toolkit will help everyone to understand more about digital identity and to make it accessible as possible.

    Jana Krimpe, Co-Chair, Global Alliance for National Mobile Identities

    Mapping out actors and interactions

    The below table may be useful in starting to define the actors involved in an ecosystem. The rows include potential actors contributing in an ecosystem. The columns depict different considerations and interactions within the ecosystem.

    For example, different actors will have different privacy and compliance considerations. Fill in the table to help outline those actors and define how their considerations and interactions differ from one another.

    A description of each column and its meaning follows:

    • Examples: It may be daunting to list all the actors involved, but listing out a few examples of, say, the important legal entities a blockchain use case deals with can help to understand the scope and nuances of actors.
    • Trust Anchors: Who are the primary trust anchors involved in providing the underlying trust in who an actor says they are? For instance, legal entities and public authorities are generally the trust anchors for people.
    • Interactions: With whom or what does an entity directly interact with for a given scope of transactions for a blockchain? For instance, a person may interact with passive physical objects to scan a barcode and may interact with a public authority to submit compliance reports.
    • Privacy and Compliance: What major rules dictate any privacy considerations for this actor? Legal entities won’t want to reveal trade secrets, for instance, but how does that affect, say, ASAs acting on behalf of that legal entity? And what information is required to be reported that may be related to an actor’s digital identity?
    • Lifecycle: Give a brief description of what a lifecycle for this actor looks like for a use case. How are ASAs updated, for example? Or how are new physical objects (active ID) commissioned or de-commissioned? This will help understand the lifecycle of the digital identity of the actor.
    • Geography considerations: For this particular actor and a use case, what additional rules or regulations apply for any specific geography? This will mainly affect privacy and compliance, but may also dictate, for instance, which trust anchors apply to an actor or a specific way lifecycles must be managed.
    Mapping table to organise digital identities and related considerations
    Table 5.1 – Mapping table to organise digital identities and related considerations

    Processes and governance questions to resolve

    This tool is not intended to be fully comprehensive but rather to provide a starting point for the types of processes and governance questions to understand and solve. Working through this checklist will provide a strong foundation for such considerations in developing a digital identity system. Users are encouraged to think beyond this list and understand what unique considerations need to be included in a particular project.

    Identity data ownership and stewardship:

    checkboxes

    • Define clearly what roles exist for identity data ownership and stewardship, for instance:
      • Data owners
      • Custodians
      • Maintainers
      • Auditors
    • Establish clear policies and procedures on:
      • Assignment and transfer of roles
      • Education on rights and responsibilities to role holders
      • Security policies and access rights for each role
      • Mediating ambiguity in role definitions

    Liability, risk management, and insurance:

    checkboxes

    • Understand threat models and what risks there are regarding digital identities and identity data. For instance:
      • Data inaccuracy
      • Identity proofing or authentication errors, or other procedural errors
      • System breaches
    • Define procedures and liability terms with levels of assurance that are universally accepted.
    • Outline a plan for remediating costs and disputes.
    • Explore and understand where cyber insurance may be applicable.

    Digital identity system governance and maintenance:

    checkboxes

    • Establish a clear group responsible for the governance, maintenance, and design of digital identity for a blockchain solution.
    • Establish a way to collaborate across the ecosystem and within the governance group to define policies, roles, procedures, etc.
    • Define standards on digital identity data and processes across the ecosystem from the very beginning.
    • Understand maintenance activities and costs, and assign them to specific owners.
    • Define and continuously evaluate metrics that could be used to view and understand the overall health and success of the digital identity system.

    Regulatory compliance and oversight:

    checkboxes

    • Work with legal and compliance teams to map out any regulations that an identity system must comply with across jurisdictions – including privacy regulations.
    • Consider and implement independent oversight of the digital identity system.
    • If not already required, establish procedures for regular audits and compliance checks.