Key Points
- North Dakota Vendor Id Mgt on bc
- Meet RFP requirements in Solution Design, Delivery Strategy
- Provide recommendations for POC software stack
- Provide strategies for IAM
- Provide examples of existing PS BC apps - f2plate, Sahoja mobile screen shot, NSF api shots
- Recommended process to improve quality, delivery, timing, communications for POC
- Recommended next steps
- Other
References
Reference_description_with_linked_URLs_______________________ | Notes______________________________________________________________ |
---|---|
https://drive.google.com/open?id=1bFKfSoFaX_BaghkKzWeOIZYrv5eNEjqQ | G Drive jem notes |
https://drive.google.com/open?id=1SwvsPaMtOHYYhQsQiaFfbOqlC6v15gXE | G Drive link to Paramount Proposals |
Research Areas for Presentation | |
https://www-01.ibm.com/common/ssi/ShowDoc.wss?docURL=/common/ ssi/rep_sm/9/877/ENUS5737-J29/index.html&request_locale=en&title= Europe_-_IBM_Blockchain_Platform_V2.1 | IBM Blockchain Platform features ensure key features covered in proposal |
references | |
https://hyperledger-fabric.readthedocs.io/en/release-2.0/whatis.html https://hyperledger-fabric.readthedocs.io/en/release-1.4/whatis.html | HLF concepts, diagrams |
file:///C:/Users/Jim%20Mason/Google%20Drive/_books/tech/ ibm-blockchain-for-business-book-9780135581391.pdf | ibm BC book - design, implementation, features, business cases the right scope, select the best technology, and establish an |
EnerBlock NSF SBIR Phase I Update 11-04-19.pptx | Enerblock POC proposal model with actions, next steps |
jmason_blockchain_strategies-v1.pptx | _psoft/writing - ebc, hlf concepts - solution strategies, impacts |
m Hyperledger Fabric Concepts | concepts on value, impacts, approach |
Chris G K8S hlf v1.4 deployment tutorials - see videos on hlf app dev | |
https://github.com/hyperledger/fabric# documentation-getting-started-and-developer-guides | Fabric getting started guides |
https://fabric-chaintool.readthedocs.io/en/latest/ | Fabric chaintool packager for smart contracts ( chaincode ) |
https://wiki.hyperledger.org/download/attachments/ 31196145/20200108_contributors_meeting.mp4?api=v2 at 18:42 time | Fabric Contributor Meeting - release cadence plan v1 |
Identity Management security concepts | |
m Hyperledger Indy | |
m Hyperledger Aries - identity, data management tools | |
m Hyperledger Fabric Concepts | |
m Fabric Concepts 2 | |
C:\Users\Jim Mason\AppData\Local\Amazon\Kindle\storage | Blockchain for SSI Identity Mgt Kindle Book ( via Kindle app ) |
Key Tasks
I have shared a list of questions for review.We are bidding for three segments within the five options in the list of documents i.e. Blockchain,ID Proofing and Self Sovereign Identity.The ID Proofing and Self Sovereign Identity specific part will be helped by Vipin.Vikram is in charge of the RFP for submission and feel free to connect with him for more details if you need.
a> review rfp
a> answer questions
a> research TYS vs custom
a> research Fabric samples for id mgt
a> research verified.me for Fab id mgt
a> research Besu, Indy for IAM
a> review oauth2, openid docs
research ...
https://www.hyperledger.org/blog/2020/04/21/trustid-a-new-approach-to-fabric-user-identity-management
Key Questions
- what are our service / education offerings ?? my QWU, IBM WebFacing, in-sourcing TGA
- what are the applicable regulations for the state to track identity, transcripts ?
- do individuals require NEW ids on this network?
- do the service providers ( schools and .. ) have a way to support DIDs? Not now
- who are trust providers?
- who are service providers?
- who are the hosting organizations?
- currently, state hosts the eTranscript program for schools
- do schools need to be hosts on the blockchain? No
- For SSI, how many DIDs would be issued potentially to a user? 1> network access 2> school registrations
- credentials issued by a school: enrolled, attended, graduated
- documents issued by a school: transcript, health record, diploma
Key Use cases
School registers with state
Individual enrolls on state network
Individual enrolls in a school program
Individual attends a school program
Individual graduates a school program
Individual requests transacript
Individual requests diploma
Individual requests attendance verification
Key Concepts
state Proposal Requirements
The Project Team expects the bidders to provide at the minimum the following information in their response:
- Architecture of the end-to-end systems required to achieve the solution(s).
Suggested approach for what data should be captured and stored on chain vs. off chain (e.g. via a database or other solution).
Detailed information about the blockchain/DLT technology, including: - a) the consensus mechanism that will be used and ability to configure the parties participating in that mechanism; and
- b) baseline performance metrics (e.g. transaction throughput),
- c) scalability of the solution,
- d) future proofing the solution by exploring the viability of implementing smart contracts, tokens,
- e) potential to interoperability of the solution(s) offered.
- Provide a governance model including processes, structure, etc. for the blockchain/DLT network.
- Recommendations for additional complementary technologies to support the objectives. Recommendations for a successful implementation and integration with other systems and to capture data automatically without human intervention.
- Recommendations for end beneficiary interaction with the blockchain/DLT system and the processes surrounding onboarding (KYC/AML), offboarding, data collection, data privacy/sharing of end users.
- Security, access control, permissions, data privacy and scalability are essential and must be described as part of the response. Also, from the data privacy perspective, provide information on potentially applicable local laws that may need to be considered to ensure that sensitive data of data subjects can be processed in the manner contemplated, examples include, banking or financial sector regulatory restrictions, or data localization issues and etcetera.
- A project plan for this proof of concept.
Challenges for a DLT Solution Strategy
Performance will continue to scale from current levels significantly over the next few years
As DLT evolves, timely testing and migrating to new versions is important
It's not clear how privacy, security and other regulations will evolve from different entities
How will new features, solutions and technologies be integrated?
Where will the solution run?
How will appropriate users participate in the solution?
What are the implementation, roll out challenges moving to the solution?
How will VCRS ( Value - Costs - Risks - Support ) be managed across the Value Chain Network ( VCN )?
Initial Solution Scope
identity - individuals
identity - organizations
individual enrolls in a school
individual earns diploma for a school program
credentials - diploma
requests - transcript
generate DIDs for existing users, orgs
estimate volumes - users, diplomas, requests
payment options - ccard, paypal, account, other ??
token options - custom on stellar or defined option
Candidate Solution Requirements
open-source
skills transfer - insourcing
integrated identity management - options for DID or existing IDs
Section 3 - Solution Strategy deliverables
Architecture of the end-to-end systems required to achieve the solution(s).
slides on Fabric solution software stack
logical vs physical network model
supports all actors, disbursement scenarios
Suggested approach for what data should be captured and stored on chain vs. off chain (e.g. via a database or other solution).
Identity
all participants ( users, organizations ) need an identity on the network
POC can use MSP, CA but production should consider DID
https://medium.com/uport/the-basics-of-decentralized-identity-d1ff01f15df1
Detailed information about the blockchain/DLT technology, including:
a) the consensus mechanism that will be used and ability to configure the parties participating in that mechanism; and
b) baseline performance metrics (e.g. transaction throughput),
c) scalability of the solution,
d) future proofing the solution by exploring the viability of implementing smart contracts, tokens,
e) potential to interoperability of the solution(s) offered.
Recommended Fabric Consensus Model
recommend RAFT consensus model at this point for a version 2x production solution
Fabric provides very flexible endorsement policies that can match specific network roles
Performance monitoring
Caliper provides operational metrics on blockchain performance
compare 3rd party tools like BlocWatch
create performance aggregates for throughput and response outliers by period for trend, exception analysis
RAS - Reliability, Availability and Service
Blockchain networks have some built-in advantages as decentralized systems
Fabric version 2x further decentralizes the system with decentralized ordering services
Organizations and nodes that go offline can catch up automatically on reconnect with the ledger
Smart Contract Life Cycle Support in v2x
Transactions are digitally signed, executed, endorsed and tracked on the immutable ledger
Smart contract versions are also signed and tracked on deployment providing complete audit trail
Smart contracts have decentralized governance for deployment with policy-driven endorsements for deployments
Smart contract ( chaincode ) packages can be inspected, deployed multiple times
Smart contracts can be extended to provide custom validations on transactions for example
Private Data Enhancements
https://hyperledger-fabric.readthedocs.io/en/latest/whatsnew.html
Instead of sharing private data within a collection of multiple members, you may want to share private data across collections, where each collection may include a single organization, or perhaps a single organization along with a regulator
Private data can be shared with members not a member of a private data collection
Member receiving shared data can verify the transaction is valid by matching the on-chain hashes
Private data allows custom, optional endorsement policies that override smart contract endorsement policies
For example, 2 orgs with private data may have to endorse the transaction as well
For direct, per-organization private data sharing, private data collections do not need to be defined first
Token Support
Design process can determine the need for different token types in the disbursement solution
Token Taxonomy Initiative defines a Token Taxonomy Framework
https://github.com/token-taxonomy-initiative/TokenTaxonomyFramework
http://tokentaxonomy.org/wp-content/uploads/2019/11/TTF-Overview.pdf
Examples of tokens defined in version 1 specification
Provide a governance model including processes, structure, etc. for the blockchain/DLT network.
Recommendations for additional complementary technologies to support the objectives. Recommendations for a successful implementation and integration with other systems and to capture data automatically without human intervention.
automation via IoT devices and sensors for data capture and validation where feasible
automated monitoring on data quality at data capture ( entry - edit - post )
automated monitoring of project disbursement limits by actor and role
external systems integration - real-time editing on data capture
event driven and batch control posting of blockchain transactions to auxilliary systems
Recommendations for end beneficiary interaction with the blockchain/DLT system and the processes surrounding onboarding (KYC/AML), offboarding, data collection, data privacy/sharing of end users.
Assumptions and Considerations for end users
All users ideally have a compatible mobile device to access the network BUT this can't be assumed as a requirement
When on-boarded, all users need to provide an proof-of-identity ( via online registration or another method )
All users need to be assigned an identity from the state and stored in the network for remote access
All users need to consent to the terms and conditions of operating on the state network and are subject to application local regulations
users accessing the network may use an approved multi-factor authentication method ( MFA ) on the device
Auditors and regulators have defined access rights to authorized data subject to any applicable legal limitations
Where feasible and within regulations, personal data is not shared with others on the network without consent
If self-sovereign identities ( SSI ) are used, then zero-knowledge proofs can be used as identity and claim proofs for verification
Decision on which languages and localization will be supported
Issues
Security, access control, permissions, data privacy and scalability are essential and must be described as part of the response. Also, from the data privacy perspective, provide information on potentially applicable local laws that may need to be considered to ensure that sensitive data of data subjects can be processed in the manner contemplated, examples include, banking or financial sector regulatory restrictions, or data localization issues and etcetera.
A project plan for this proof of concept.
Proposed POC Project Plan
The production project plan will be set during the POC based on requirements and results
The POC project prerequisites address several areas:
Establishment of POC project governance and success criteria
Transcript request process requirements
Requirements for actors by role to participate in the network and processes
Solution surveys validating needs analysis and usability of selected participants
Analysis of existing systems gaps, performance
Conceptual design of the production system
Conceptual design of the production infrastructure
Using the recommended Agile process, the POC project plan covers several areas:
POC Design of selected processes, actor roles, transactions and validations
POC infrastructure build out including POC security
POC integration interfaces
POC identity management enrollments and authorizations for participants
POC development of required artifacts
POC applications, systems integration and load testing
POC operations automation and testing
Evaluation and feedback from POC participants
Review of POC systems results
Section 3 - Solution Strategy updates
architecture models ...
.. see ibm docs
view the logical software stack
the logical network
the privacy & confidentiality
the identity
the security
update Logical slide with diagram
update Identity and Security slide
add Identity Integration Options
IDEMIX
add IDEMIX option ???
Indy ??
add slide
Candidate Solution Components
Indy, Explorer, Caliper, Cello and more
show Indy integration example – see verified.me and ??
Blockchain integration options
from IBM blockchain deck
The blockchain network events can be integrated with existing systems events automating workflows.
Where needed, integrations can be synchronous or asynchronous.
Blockchain Experience Section Write up
This is what I have gathered that we have so far - please change the information if it is any different.
Food Industry: Provenance & Tracking
Paramount has completed the implementation of a Hyperledger Fabric-based blockchain solution for a provenance & tracking of product for a client based out of a state in the United States. The operation involves procuring the raw product from the indigenous community in a South American rainforest and eventually packaging and selling it from the base location. The process also consists of passing through a complex, opaque and time-consuming transportation mediums involving trucks, rail, and shipping.
ID Management
Paramount has started a pilot project for a federal owned entity in the Power & Utility sector. The blockchain platform is being used to create smart contacts, that provide immutable, secured, traceable, and transparent data that can be converted into tangible and relevant information for the enhancement of the business. Smart Contract would help to store sensitive information while providing a secure and auditable tracking mechanism for a chain of custody, audit compliance and asset security. The goal of the pilot project is to build a robust and secure system that can grow and evolve without compromising security.
Token Management
Paramount has launched an MVP and working on a version 1 application, for an online social community platform focused on wellness and social good. In this platform, users will be engaging in a blockchain-powered platform to allow for transactions to be conducted on the Stellar Network.
Grid Stability
Paramount has engaged with a grant-based project with the National Science Foundation along with a partner offering energy-specific solutions to promote the Distributed Energy ecosystem through Hyperledger Fabric-based Blockchain solution. The project engages Utility token built using Ethereum (ERC20 preferably) on top of that for storage and exchange of energy to facilitate energy trading. Further, the blockchain solution will reconcile any payment issues between producers and consumers on the distribution end.
Food Industry: Provenance & Tracking
Opportunity
Create a global supply chain provenance and tracking solution for Ethical sourcing that tracks product from indigenous farmers in the Rain forest
Solution Strategy
Paramount delivered a Fabric blockchain solution for a global provenance & tracking of a product from raw product through packaging, shipping and selling it.
Expected Impacts
The solution provides an end-to-end ethical sourcing and delivery solution with lower overall costs and higher accuracy on shipments, billing simplifying a complex, opaque and time-consuming transportation process involving trucks, rail, and shipping.
Identity and Work Management
Opportunity
Automate accurate contractor login, permits and tracking on assigned work tickets to lower overhead costs, provide timely updates on jobs.
Solution Strategy
Paramount created a blockchain pilot project for a federal Power & Utility provider. The mobile app uses a blockchain platform to track and manage contractor work tickets securely and productively. Smart Contracts provide secure tracking of access, permits, work and assets.
Expected Impacts
When completed, the cost savings should be more than 200% of the system cost with accurate work tracking and fewer billing disputes to resolve.
Token management for Health and Wellness organization
Opportunity
New social good platform needs to accept online donations for projects, reward users for content and usage where many users have limited banking and Internet access.
Solution Strategy
Paramount launched an MVP Web app with blockchain for an online wellness and social good community platform where users can get and spend tokens from the Stellar Network.
Expected Impacts
The Web app made it easy to track user donations and rewards as tokens with less dependency on traditional banking systems.
Residential Energy Grid Management
Opportunity
An NSF project funded blockchain research for improved residential distributed energy management solution needs a token-based system to track power generated, purchased, sold to the utility
Solution Strategy
Paramount is delivering a Hyperledger Fabric Blockchain solution. The project engages Utility token built using Ethereum (ERC20 preferably) on top of that for storage and exchange of energy to facilitate energy trading. The solution reconciles any payment issues between producers and consumers.
Expected Impacts
The solution will efficiently track energy produced, consumed and sold from a residential system lower energy cost for a homeowner and lowering demand requirements for the grid provider. It can optimize the revenue generated for the homeowner using smart demand management.
Simple Use Case Format
Opportunity
Solution Strategy
Expected Impacts
Presentation Concepts
CBTP
VCRS
VCN
Why Paramount ?
Not the biggest
Not the most experienced in DLT
Most committed
Easy to work with
presentation focus points
- I agree the demo is a "nice to have" and should be limited at best as we proposed.
- On the response, your deck doesn't yet fully address the items listed in their presentation request.
- We will also need to "set the table" for the section 1 responses by summarizing key requirements for the selected use cases we agreed to focus on as well as a slide on key assumptions we are making. This isn't going to be just a single slide for each category listed in section 1 of the Response.
- Like the company introduction and blockchain experience which you and Pramod have covered well in this slide deck and defining why Paramount is well aligned on social values and public sector work as a vendor will be important but won't take a lot of time.
- We can talk to the approach to the POC but not really the detail design.- our process, our partnership etc. I do assume this won't be as extensive a discussion unless they share more detail requirements in the meeting.
- I may be wrong on how they run our 60 minute presentation but I expect a large part of the time will go into discussion on how we see the Fabric platform and related software environment addressing each of the section 1 issues with it's pros and cons. That's where I'm focusing most of my time now.
- Let me know if you see the focus differently.
Other thoughts on presentation approach
I agree the demo is a "nice to have" and should be limited at best as we proposed.
- understand their current systems and RFP well
- have a deeper knowledge of blockchain and Fabric ( since they already built an internal POC on Fabric ).
- I like the slide deck template you have created.
Potential Value Opportunities
Key Assumptions
Detail engineering for a production solution is out of scope for the presentation
- Addressing legal requirements by jurisdiction for transfer or sale of goods, services and money is outside the scope of the solution design
- Data privacy considerations reflect key concepts in GDPR and related statutes as they are interpreted
- Security considerations address concepts of identity, authentication, functional authorization, data authorization, data encryption
- This is a permissioned enterprise blockchain
- All transactions are recorded in the ledger
- All participants transacting on the network have: an assigned identity, a wallet, assigned credentials in the wallet
- Receipt of goods, services and payments by organizations and users can digitally tracked
- Distribution of cash, services and goods physically is separate issue
- If goods have bar code or QR code labels, those can be scanned as a transaction on the mobile device
- Services delivery could be validated as a simple online transaction referencing the service order or using a physical service work ticket if it's generated
Key Requirements
how do we rank requirements priority?
- governance model that fits state, agencies, banks, ngos, service provider and user community well
- support model that fits state, agencies, banks, ngos, service provider and user community well
- immutable ledger for track and trace of all transactions
- guaranteed participant identification, authentication, authorizations
- guaranteed transaction finality
- scalable performance
- platform portability
- automated event management with smart contracts to guarantee correct responses to business events in the use case scenarios
- options for DLT network configurations, consensus
- DR and BCP support for potential failure scenarios
Potential Challenges
Key Issues
Presentation will focus on key areas:
- company strength, experience and delivery capability in key areas
- understanding of the state transcripts solution needs and key use case scenarios in detail
- understanding of state disbursement channels, governance and related regulatory requirements
- depth and quality of solution design to meet requirements
- depth and quality of technical engineering depth on solution platforms, engineering, risks, mitigations and improvements
Vendor selection will focus on:
- existing relationships and experience working with state
Total capacity throughput and response times
Expected capacity and response times can be modeled during POC phase.
For selected transactions in the high volume use case scenarios, we can model
Focus is on write use case performance where transactions are created vs read performance where response times and throughput benefit from caching etc.
Key User Response benchmark
Estimate ave response time for key transaction writes based on similar Fabric benchmark tests on v1.4x.
Key System Throughput benchmark
Estimate ave TPS from existing benchmarks on similar use cases
Simple UX needed for Mobile devices - IOS, Android
Slow speed networks and offline access
Thanks Mahua for the focus on the "limited network connectivity" constraint.
Candidate Blockchain Demos for state transcripts Use Cases
use case 1> Show loan payments disbursement to a user scenario
We could create this demo and build a video of it to present if needed during the presentation to the state.
environment
AWS , Hyperledger Fabric v1.4x, Feathers.js, MongoDb
logical entities in loan disbursement demo scenario
- bank - bank that receives funds from loan to disburse to users
- user - user receives funds from loan bank based after authorization
- bank account - bank and user both have bank accounts
- loan - funds loaded to the bank's account ( not shown in demo )
- disbursement - based on authorization to a user, funds are transferred to user bank account from the bank's account
events for disbursement to user
** registrations create ids, wallets, keys for the bank and the user ( use existing logic in NSF POC for this )
>> create user bank account – created directly in MongoDb - No smart contract now
>> create grant bank account – created directly in MongoDb - No smart contract now
>> make grant payment to bank's grant account - add funds directly in MongoDb
** make payment from grant account to user account ( new smart contract to create )
** events defined need smart contracts ,, registrations support already exists from NSF
The events marked ** could be in the video
how to demo the loan disbursement test case
demo postman api calls to smart contracts
demo CouchDB Fauxton queries for blockchain World State transactions
demo MongoDb queries to show offchain data state
Reference UI for SAMPLE interfaces ONLY - not related to state use case at all
Farm to Plate console
Sahoja mobile screen shots
use case 2> set key service delivery to a user scenario
environment
aws, hlf v1.4x, feathers??, mongo ???
entities
bank, service provider, user, bank account, service, payment
events for service delivery and payment to user
** registrations create ids, wallets, keys for user, provider, bank
** create bank account for user, provider
** create service contract for provider
deliver service to a user
** receipt for service delivered from user
** make payment from grant account to provider account
use case 3> set transcript delivery to a user scenario
environment
aws, hlf v1.4x, feathers??, mongo ???
entities
bank, service provider, user, bank account, service, payment
events for service delivery and payment to user
** registrations create ids, wallets, keys for user, provider, bank
** create bank account for user, provider
** create service contract for provider
deliver service to a user
** receipt for service delivered from user
** make payment from grant account to provider account
Candidate Solutions
IBM Blockchain Platform features
IBM Blockchain on IBM Cloud as a platform to run Hyperledger Fabric
IBM Blockchain is a set of services built on Hyperledger Fabric that runs on IBM Cloud.
It's more mature than other competing Fabric services from AWS, Azure, Google. You can expect IBM to support the latest versions of Fabric before the other service providers normally. IBM also has deeper resources to support Fabric.
For supported integrations, it provides some easier administration tools and tool chains to enable certain types of integration.
The IBM Blockchain Services increase the runtime costs for operating the network over standing up Fabric with related infrastructure software.
references
Step-by-step guide for Example
sample code block