June 2019 | Chainyard

This article originally published in Industrial Distribution here.

A growing demand for high-quality product data—to support service, recalls, and corporate social responsibility efforts—is just one of many concerns for modern retail supply chain managers. Expectations are also heightened for supply chain information accuracy. For example, what type of computer or router is being shipped? How many are in a particular shipment? What temperatures or humidity levels are they being exposed to? Are they being handled correctly?

Multiple parties need this information, because they need answers. In an E. coli outbreak, Walmart needs to know which lettuce is bad so that it discards only the produce from that farm. It’s similar with computers: If a quality issue is identified in a component or batch, only the machines with those bad parts need to be serviced. Parties up and down the supply chain need the right information in order to quickly identify and respond to events that may spoil or damage products, resulting in preventable losses.

At other points on the supply chain, value-added distributors and resellers need insights into previous quality checks performed on certain components and products so they can reduce redundant testing and improve their abilities to predict and respond to failures. Likewise, manufacturers need information about the configuration of individual items and any changes that occur as parties like distributors and resellers build on base units to create more tailored solutions.

Transparency throughout the supply chain is critical to boosting operating efficiency, building trust with customers, ensuring brand reputation, and improving agility and reaction speed. In some cases, it’s also mandatory. Regulations like California’s Transparency in Supply Chains Act, aimed at curbing human trafficking, and the federal Drug Quality and Security Act, enacted to stop illegal drug distribution, are increasingly adding to the demand for thorough, accurate supply chain data.

Seeking Solutions

Existing systems and traditional electronic data interchange messages weren’t designed to support these data requirements. This leads to inefficient workarounds such as using email and Excel spreadsheets to share vital information—dangerously insecure formats. It also leads to a proliferation of bespoke solutions that support only narrow requirements. Furthermore, those who try to integrate their systems to capture data from upstream and pass it downstream may find themselves stuck with an ever-growing list of one-off integration projects.

The struggle to maintain information continuity isn’t new. Unfortunately, neither are the solutions most companies rely on. They are typically systems designed decades ago to support vertically integrated companies with mostly static supply chains.

In response, blockchain is increasingly recognized as a technology that enables solutions that simplify data sharing from end to end in even the most complex supply chains. Unlike electronic data interchange-based messaging, blockchain systems provide a single data set that all parties involved in a supply chain collaboratively maintain. Blockchain technologies offer the security, privacy, and trust needed for trading partners to share data and business logic. This is a huge improvement that eliminates the problems of constantly trying to keep different systems in sync.

Enterprise blockchain has come a long way in the past several years, proving its utility and versatility. Many of the risks and challenges associated with implementing blockchain networks have been eliminated, allowing this technology to be used to solve a wide range of business problems. Future blockchain applications promise to be even more sophisticated and economical.

Looking Ahead

Distributors are in a great position to drive the implementation of blockchain in solving the need for more and higher-quality data about supply chain components. Though it’s possible to wait for a technology provider, competitor, or customer to define and build a blockchain system, distributors that get ahead of this new approach will benefit from early adoption, likely gaining significant competitive advantages.

Start by identifying gaps in the systems and standards currently used to share information and transact with trading partners. Golden State Foods, for example, partnered with IBM to use blockchain to coordinate among parties on the supply chain, allowing the food service supplier to track the movement of beef at every stop and monitor its temperature along the way. The data that became visible via blockchain gave Golden State Foods unprecedented insight into every aspect of the distribution and manufacturing process, and it ultimately led to strategic optimizations—and better beef.

In every case, implementing the technology now will allow businesses to influence industry standards in favorable ways and to establish new revenue streams based on providing access to blockchain-based systems.

Blockchain isn’t the right answer for every challenge in integrating with partners, but it’s a valuable tool in your kit. Working with a partner who has both blockchain and supply chain experience will illuminate which questions to ask in order to determine whether a blockchain approach is worth implementing. That said, there’s no better way to get answers than to find a problem that looks like a fit and to start prototyping solutions to test the benefits of the approach. Blockchain may not change everything, but in an era when supply chains management must change, it will inevitably drive that transformation.

To learn more about how blockchain can improve your supply chain, download our whitepaper.

This article was originally published on Linkedin

We are all familiar with Identity and Access Management. IAM has been very early on identified as a candidate blockchain use case. A well known example is “Know Your Customer” more commonly known as KYC. The Hyperledger Fabric provides the Fabric-CA to issue credentials to participating agents and users in a permission-ed blockchain. In 2016, I had worked on a blockchain project around private-equity, where all identities and permissions to access the “equity contract” were driven by the blockchain smart contracts.

Before we proceed further, we have to understand a few terms like claim and credential.

Claims and Credentials

A claim is an assertion about a thing or statement without necessarily providing proof or evidence. For example a potential employee could claim to be an electrical engineer.

A claim cannot be verified if it is not supported by evidence. The supporting evidence is usually in the form of one or more credentials such as a University degree, on-the-job training certificate from a company, letters of reference etc. A credential is a qualification or testimonial that is issued by an entity to a business, thing or individual. For example, a quality certificate issued by a manufacturer for an IoT device, an insurance certificate issued to a business by an insurer are all examples of credentials. A claim may be supported by one or more credentials.

Identity

Identity is often associated with some credentials issued by an organization, agency or computer application. For example, a person may have a login/password for accessing their Facebook account, credentials provided by their employer for accessing enterprise applications, a government agency issued identity such as a driver’s license or password for accessing public services etc.

A person’s identity is usually a set of claims made by the person, and usually backed by a set of credentials in support of those claims. A set of claims/credentials can be presented to an entity to issue new credentials that can be used as proof of identity and/or perform certain actions based on privileges granted by the issuing entity. For example, an individual could present his/her birth certificate and proof of residency to the DMV to obtain a driver’s licence which doubles as proof of identity and license to operate a vehicle.

Traditionally, people carry physical identities such as the passport book, driver’s license card, diplomas and degree certificates, birth certificates and the like to submit as proofs of identity to interested parties. With the digital age, new forms of digital identity such as fingerprints, retina scans, user-id/passwords, digital certificates, digital passports have evolved.

What is self-sovereign Identity

There are various models for managing identity and access, and fall into centralized, federated and self-sovereign (self managed).

In the centralized model, the credentials are issued by a central entity or authority. Corporations provide and maintain identity credentials for enterprise access, Government agencies issue identity credentials to access public services, and in both the above cases, a user’s identity is under the control of the issuing entity.

However, as individuals require access to multiple services and applications, managing credentials issued by multiple entities could get complex. In a federated model, multiple entities can subscribe to the same (unique) set of credentials that an individual owns, or multiple credentials issued by various entities can be mapped to one set of credentials. Usually a broker provides such a service. Examples include a “single sign-on” service or a “Facebook account” that many entities trust.

In traditional identity management systems, an individual’s, entity’s or thing’s identity is centrally managed by the issuing agent. Now, for instance, if the DMV decides to revoke an individual’s driver’s license, that individual has lost his/her identity which is typically used to check-in at the airport or present to a front desk in a hotel. If a person visit’s a bar where an ID check is required to serve a drink, usually, folks present their driver’s license. Even if the license carries information about the date-of-birth, if the license has expired, most often, the bar will refuse to honor the card.

Distributed Self Sovereign

If an individual, organization or thing can manage its identity (claims and credentials) along with the rights to present such information fully or partially to any other party, it can be considered as self-sovereign identity management. Such an identity management approach can enable the identity holder to have a uniform approach to share credentials universally with any local or foreign entity.

DIDs and Verifiable Claims

Decentralized Identifiers are a new type of identifier for verifiable, “self-sovereign” digital identity. DIDs are fully under the control of the DID subject, independent from any centralized registry, identity provider, or certificate authority. This is an example of a DID that has been proposed to establish the identity of a supplier in the “Trust Your Supplier” solution built by Chainyard.

did:tys:2XhdfxCGMpz7MHEKBwbadCZd6aBd

DIDs follow the URN (uniform resource name) notation i.e. scheme:namespace:value. The scheme is did. In the above example, the namesspace is “tys”. DIDs resolve to DID Documents which specify the details and usage of that specific DID. For more information check the DID specification by clicking here.

The value associated with the DID can be any value such as a uuid, random number, base64, public key or base 58 encoded hexa or decimal string. The TYS DID is a base58 string of a public key hash. The following sample code generates a TYS base58 encoded did.

Along with DID, came the “Verifiable Claims” specification. As per the verifiable claim spec, a verifiable credential can represent all of the same information that a physical credential represents. The verifiable claim has to to adhere to a minimum required format that must include among others, public keys, digital signatures, key generation method, authentication schemes, authorization schemes, DIDs and their type etc.

A verifiable credentials can be used to generate presentations that make it easy to present credentials to stakeholders. The specification is a candidate submission with the W3C. For more information about claims and verifiable claims,click here.

The DID Method Registry

The DID Method Registry maintains a list of companies that have published their DID specification. Enterprises and entities can choose to adopt one of the published specs or define their own version. The document provides a method for registering a new spec. For example, the TYS specification is available at this link and has provisional approval. We still have to complete the implementation and ensure that any changes to the DID Method Document specification is addressed and the methods defined are implemented.

Once a DID Method Specification has been published, the method end-points have to be resolvable through a DID Resolver (driver). DID API calls use the REST specification. A DID Resolver will help resolve a DID as shown in this example code.

tysDID.resolve(did:tys:2XhdfxCGMpz7MHEKBwbadCZd6aBd)

will resolve to a TYS Supplier DID/DID Document. The resolver has to provide the following REST operations:

Create or Resolve
Update
Query or Read
Revoke
Delete
Additional operations included in TYS are getList, getDocument etc.

The following shows a sample representative query result:

The TYS Specific driver will be wrapped into “Universal Resolver” that can resolve a DID issued by any conforming organization. DID resolver can be written any language that can be wrapped into the Universal Resolver.A very nice article by Markus Sabadello on the universal resolver can be found here. The Decentralized Identity Foundation aka DIF is driving the initiative.

Key Personas

Before we proceed further, some concepts and roles need to be ironed out. The following personas are usually involved in an identity management scheme.

The Credential holder, the Relying Party, The Credential Issuer, The Credential Verifier or one that can attest to it.

The Credential holder is an individual, agency, business or thing that holds a credential. Examples include an individual holding a university degree, a business entity carrying business insurance, an IoT device that holds a manufacturer issued proof-of-existence.

Credentials are issued by some individual or entity and are also known as the Issuing Agent or Issuer. The university that issues the degree, the DMV that issues the driver’s license or the manufacturer that signs the IoT certificates are all issuers.

Verifiers are entities and agents who can attest the credential. Sometimes the verifier and issuer are one and the same. However, when I graduated back in the 80’s, my degree was a paper diploma issued by my alma mater BITS Pilani. I had copies of my degree attested by a lawyer or a gazetted officer. In the US, third party agencies are used to verify information submitted.

Finally, the entity, be it a loan officer, an employer or the TSA, all trust the credentials that the identity holder submits. They are the Relying Party and trust the information submitted.

There may be additional personas depending on the application and the implementation of the platform. For example, in Hyperledger Indy, there are stewards or trust anchors and agents.

Credential Ownership and Sharing

In self-sovereign identity, the Identity Holder holds the rights to completely, partially or not share their identity(s) with a relying party. Issuers hold the rights to revoke an issued credential.

Let us take the case of the bar. Instead of sharing the whole driver’s license to prove age, the identity holder can turn on just the verified credential supporting his/her age to the hostess. The credential issuer has authority to revoke a credential if necessary. For example, the DMV can revoke the driver’s license if there was a DUI conviction.

Applications and Use Cases to Supply Chain Problems

The concept of DIDs and verifiable credentials have many applications. The most common one is KYC or Know Your Customer are there are initiatives such as Hyperledger Indy yo make that happen.

There are several fit for purpose implementations focused on identity management such as Sovrin, Digital Bazaar, Veres One, TYS and uPort and one can go to their websites to understand more.

Sovrin is a public implementation of the Hyperledger Indy open source project, an open source project for decentralized self sovereign identity management. Sovrin is managed by the Sovrin Foundation. The original code for Hyperledger Indy was contributed by Evernym.

Veres One is a fit-for-purpose special purpose blockchain that has been optimized for managing identities on the internet.

Digital Bazaar is focused on providing a public blockchain called Bedrock is an application platform that helps you get your ideas to market quickly by reducing the engineering effort of launching a new product. The company also provides solutions for verifiable credentials management. Manu Sporny, its founder has been a key figure in the evolving digital identity and verifiable credentials initiatives.

uPort is a blockchain platform built on Ethereum. uPort’s open identity system allows users to register their own identity on Ethereum, send and request credentials, sign transactions, and securely manage keys & data.

At Chainyard, we are working on a Supplier Identity Platform known as “TYS” or Trust Your Supplier. TYS provides DIDs for supplier identities and verifiable credentials that the supplier holds. TYS is pre-production state and will be going live in a few weeks.

DID Use Cases

There are many other applications for DID and verifiable credentials. Imagine high value items and luxury goods. If each of the Luxury items had a DID issued by its manufacturer along with verifiable credentials, the blockchain along with supporting technologies (BIVA) can be deterrent against fraud and counterfeiting.

In the US, a person can buy used vehicles. The identity of a car is the VIN number. What if the car was issued verifiable credentials associated with DIDs around service records, inspections, factory authorized replacements and manufacturer certification?

DIDs can be expanded to be applied to vintage cars, high value art — many of these exist for a long long time, long after their original and subsequent owners lifetimes.

The United Nations deals with several problems from tracking and issuing credentials to displaced people, tracking endangered species to name a few.

Horse owners involved in the owning, training and racing of highly valuable horses could provide digital identities to their animals or even closer — every pet has a digital identity.

The Blockchain and SSI

The following diagram shows how the SSI and Blockchain are conceptually implemented.

Depending on the blockchain technology used, the physical documents that the did document refers to may be stored on-chain or an off-chain database. For example, TYS is implemented on the IBM Blockchain Platform based on Hyperledger Fabric. It has capability to not only issue DIDs and DID Documents, but also store the physical documents that the DID Document refers to. The Physical Documents and PII (personally identifiable information) data are stored off-chain due to regulatory compliance requirements.

This article was originally published on LinkedIn

By now, if not all, most folks in the technology industry are aware of blockchain and its immense potential to transform the current way of doing business. Trust, transparency, agreed business logic between parties (smart contracts) and the inability to tamper recorded transactions are the key aspects for describing it. Some have referred to blockchain as the “Internet for trusted Transactions”.

In my four years as a senior leader at Chainyard (a blockchain services and solutions company based in Morrisville, NC) I have been responsible for building our expertise on blockchain technology and creating capabilities for enterprise adoption especially around supply chain use cases. During this period, I have been involved with over twenty plus projects, some of which are in pre- or post- production stages on both Hyperledger Fabric and Ethereum. Some noteworthy ones include enterprise asset management, procurement of contingent labor, trade finance, retail inventory data visibility, supplier on-boarding to name a few. There are many writings on this topic, but most of them touch very lightly on this subject, just highlighting the potential use case and dwelling on what is blockchain. In this multi-part series, I want to share some experiences and thoughts and welcome audience feedback.

Supply Chain is a broad subject but simply defined, it’s the movement of goods and services from a seller or supplier to a customer or buyer. The whole process that makes this happen includes quotation, order management, customer, vendor and product management, sourcing and procurement, manufacturing, logistics, warehouse management, distribution, delivery and finance to name a few. There are several sub-processes in this chain such as order engineering, forecasting, demand planning, factory planning and reverse logistics. The SCOR (Supply Chain Operations Reference) identifies the following core processes:

Traditional Supply Chain Collaboration Issues

Traditionally, supply chain collaboration involving multiple partners has been achieved using integration technologies. In the early 2000, EAI tools like Neon, Vitrea or Crossworlds were used to integrate enterprise applications. Subsequently, with the advent of SOA, business processes were exposed as services using ESBs such as TIBCO or IBM WebSphere and were orchestrated to execute business workflows. Some legacy technologies such as FTP and MQ are still in use today. The main purpose of the B2B technologies was to send business transaction data from one party to one or more receiving party’s as EDI or XML/JSON messages. These approaches may have helped in standardizing the implementation of the business processes by consolidation multiple applications into single ERP systems within enterprises, but the silos between the partners still existed. The view of the data was not consistent within the various partner applications, often leading to disputes, data quality and reconciliation issues.

While working for a major telecom company that no longer exists, I was leading the end-to-end systems integration architecture. Our team categorized the various processes to better understand the over 8000 applications supporting them and their interactions with partner processes with the goal of consolidating like applications and processes, and having better collaboration with customers, suppliers, contract manufacturers, systems integration houses, 3PL/4PL, warehouses and other 3rd party service providers.

Blockchain has significant impact when multiple parties have stake in the business transaction(s) and data, and there is potential for friction or inefficiencies to creep in. Friction between functions internal to the enterprise are usually out of the scope. Typical supply chain frictions in traditional approaches that can have a positive impact using a combination of blockchain and other technologies such as AI/ML, VR/AR and IoT (BAVI) fall into certain business patterns as listed below:

Shared and immutable view of data that is of common interest to the business partners
Secure Trade Financing
Settlements of transactions such as invoicing and payments
Dispute resolutions or minimization
System of record for elements such as orders, suppliers, customers and products
Audit and Compliance including both regulatory and business practices
Digital registry of physical and digital assets
Asset Track and Trace to assist with managing the lifecycle, circular economy and other applications
Provenance of assets such as parts or produce
Self-Sovereign Identity and Access Management
International trade includes taxation (VAT, ST, GST), cross border payments, customs

A preliminary review of the supply chain processes in the context of the technological advances of today suggests that the BAVI combo can help streamline many issues in supply chain collaboration. A short list may include:

Export Regulations and Controls
Import Regulations and Management
Asset Life Cycle Management and Provenance
Tracking Engineering Parts and Part Certifications
Shipments Visibility and Tracking
Repairs and Returns processing (Reverse Logistics)
Inventory Visibility across suppliers, manufacturers, customers, 3PLs and warehouses
Optimizing inventory and materials usage across multiple producers, consumers or factories
Product Data Management including product content, catalog and BOM
Logistics & Transportation including handling equipment, inter-modal, cross-docking, container tracking
Fighting Fraud and Counterfeiting
Document management including all kinds of supply chain transactions, customs documents, drawings
Sales and Purchase Order as smart contracts
Digital Identities for assets, individuals and business participants

Enterprise Blockchain Technology for Supply Chain Optimization

The origins of the current blockchain technology can be traced to the Bitcoin and Ethereum networks both of which are public blockchain technologies where anybody can join the network by running a blockchain specific node. Transactions are validated by smart contracts, and miners execute consensus protocols such as PoW (Proof-of-Work) or PoS (Proof-of-Stake) to verify transactions and cut blocks. Transaction execution is powered by crypto currency aka gas or fuel. Miners are rewarded with crypto-money for their role in verifying transactions and maintaining the integrity of the network.

However, enterprises conduct business with partners with whom they have contractual business relationships for producing and trading in goods and services. Hence a class of blockchain technologies known as “permissioned” blockchains was born, where the members of the network are granted permissions to join the network, become users and operate nodes. Permissioned blockchain transactions are not powered by crypto; and consensus algorithms focus on transaction validation and chronological ordering. The Hyperledger Project is a prime example of permissioned blockchains. Hyperledger Fabric and Sawtooth Lake have both gained considerable traction in the supply chain optimization space.

Some real examples of blockchain driven supply chains have been in the news for quite some time such as IBM Maersk, Walmart Food Trust, Shipchain, Chronicled to name a few. Initiatives to standardize blockchain aspects of supply chain have sprung up. BiTA (Blockchain in Transport Alliance) an organization with over 40+ organizations is attempting to develop a standard blockchain view of common business objects like party, shipment, bill-of-lading, location etc. The Hyperledger Grid project is another initiative to build a standard set of inter-operable supply chain components. The Accord Project is focused on developing schema(s), template(s) and contract coding languages for digitizing legal contracts as smart contracts.

Blockchain may eliminate some traditional technologies such as EDI and B2B integrations over the long term. However, blockchain cannot completely eliminate the ERP, CRM and other enterprise applications but reduce some of the baggage that they carry.

Supply Chain as-a-Blockchain Service

Not all processes are candidates for blockchain, and blockchain is not a silver bullet to resolve past gaps in the supply chain processes. There is a tendency to think blockchain as a data processing alternative to current approaches and many PoCs have failed because of a lack of enough analysis. In many cases, fixing current processes and applications can remove frictions. In other cases, other technologies may provide better answers. One of the things that I have pondered is making Supply Chain as a service on top of blockchain platforms. Presented below is a conceptual model and can be a subject of exploration in a future article.

At a high level, each layer builds on top of the layer below:

The Foundation layer provides the core supply chain business objects such as Sales Order, Purchase Order, Order Acknowledgement, Bill of Lading, Invoice, ASN, POD, Good Receipt, Delivery Order, Payment Advice, Shipment, Location/Location Tracking etc. These objects define at a minimum, those attributes that have shared interest, potential to cause friction or mistrust and trigger smart business rules.

The Business and Technical Smart Contracts include sales or purchase order as a digital contracts that are signed of by the parties to the contract. Other smart contracts related to trusted processing of transactions include maintaining records such as shipment location and scans, invoice processing, asset life-cycle, settlements etc.

Workflows will include application or industry specific logic such as order processing, processing forecasts, demand or factory planning etc. In my experience at Nortel Networks, order processing workflows varied by product type, geographic region and other factors.

Introducing the blockchain into the solution landscape does not eliminate current business applications. Blockchains have not yet evolved to where they can perform heavy duty supply chain transaction processing. This layer would include “Oracles” that feed trusted data into the blockchain. It will also include integrations into various enterprise applications and trusted sources of external data such as exchange rates, spot prices, weather etc.

The Business Participants and Personal define various organizations that will be part of the business network, their roles as validators/endorsers, personas such as order processing agent, goods receiver, truck driver etc. Each persona receives credentials to execute various workflows that are governed by access controls.

Finally, without valid business use cases with well defined benefits and as business model, one could be knocking on the wrong doors. Good industry use cases that have tremendous business value have been highlighted in various articles. Some notable ones include conflict minerals tracking, good manufacturing practices (GMP in pharma), digital registry of molecular chemistry used in pharmacology, software license management, asset tracking, engineering parts certification, anti-fraud and counterfeiting of goods and cold chain logistics. With the federal government renegotiating trade deals, sanctions on rogue nations and new regulations around privacy, safety and record keeping, blockchains could play a major role.

This article was originally published on LinkedIn

Traditional Supply Chain Collaboration Issues

Shared and immutable view of data that is of common interest to the business partners
Secure Trade Financing
Settlements of transactions such as invoicing and payments
Dispute resolutions or minimization
System of record for elements such as orders, suppliers, customers and products
Audit and Compliance including both regulatory and business practices
Digital registry of physical and digital assets
Asset Track and Trace to assist with managing the lifecycle, circular economy and other applications
Provenance of assets such as parts or produce
Self-Sovereign Identity and Access Management
International trade includes taxation (VAT, ST, GST), cross border payments, customs

Export Regulations and Controls
Import Regulations and Management
Asset Life Cycle Management and Provenance
Tracking Engineering Parts and Part Certifications
Shipments Visibility and Tracking
Repairs and Returns processing (Reverse Logistics)
Inventory Visibility across suppliers, manufacturers, customers, 3PLs and warehouses
Optimizing inventory and materials usage across multiple producers, consumers or factories
Product Data Management including product content, catalog and BOM
Logistics & Transportation including handling equipment, inter-modal, cross-docking, container tracking
Fighting Fraud and Counterfeiting
Document management including all kinds of supply chain transactions, customs documents, drawings
Sales and Purchase Order as smart contracts
Digital Identities for assets, individuals and business participants

Enterprise Blockchain Technology for Supply Chain Optimization

Supply Chain as-a-Blockchain Service

At a high level, each layer builds on top of the layer below:

The Alpha release of Hyperledger Fabric v2.0 allows users to try out two exciting new features — the new Fabric chaincode lifecycle and FabToken. The Alpha release is being offered to provide users a preview of new capabilities and is not meant to be used in production. Additionally there is no upgrade support to the v2.0 Alpha release, and no intended upgrade support from the Alpha release to future versions of v2.x.