Logo PTI Logo FedCSIS

Proceedings of the 17th Conference on Computer Science and Intelligence Systems

Annals of Computer Science and Information Systems, Volume 30

A Blockchain-Based Self-Sovereign Identity Approach for Inter-Organizational Business Processes

, , ,

DOI: http://dx.doi.org/10.15439/2022F194

Citation: Proceedings of the 17th Conference on Computer Science and Intelligence Systems, M. Ganzha, L. Maciaszek, M. Paprzycki, D. Ślęzak (eds). ACSIS, Vol. 30, pages 685694 ()

Full text

Abstract. Blockchain presents a promising and revolutionary technology for organizations' collaboration, particularly for Inter-Organizational Business Processes (IOBP). It addresses the lack-of-trust problem thanks to its transparency and decentralized features. However, while the adoption of Blockchain technology can alleviate some of IOBP's challenges, it does so at the expense of significant privacy issues. In fact, some process execution data, such as customers' data or business secrets, cannot be shared across the collaborating organizations owing to regulatory restrictions such as the General Data Protection Regulation (GDPR). To address trust and privacy issues in IOBP, this paper presents a Blockchain-based Self-Sovereign Identity (SSI) approach. The SSI concept is combined with a registry proof smart contract to provide an efficient privacy-preserving solution. The proposed approach is applied to the pharmaceutical supply chain case study and implemented on the Ethereum Blockchain.

References

  1. R. Wehlitz, F. Jauer, I. Rößner, and B. Franczyk, “Increasing the reusability of iot-aware business processes.” in Proceedings of the Conference on Computer Science and Information Systems (FedCSIS), 2020, pp. 17–22.
  2. M. Nizioł, P. Wisniewski, K. Kluza, and A. Ligeza, “Characteristic and comparison of uml, bpmn and epc based on process models of a training company,” in Proceedings of the Conference on Computer Science and Information Systems (FedCSIS), vol. 26, 2021, pp. 193–200.
  3. P. Voigt and A. Von dem Bussche, “The eu general data protection regulation (gdpr),” A Practical Guide, 1st Ed., Cham: Springer International Publishing, vol. 10, no. 3152676, pp. 10–5555, 2017.
  4. S. Nakamoto, “Bitcoin: A peer-to-peer electronic cash system,” Cryptography Mailing list, 2008.
  5. G. Wood, “Ethereum: A secure decentralised generalised transaction ledger,” Ethereum project, vol. 151, pp. 1–32, 2014.
  6. O. López-Pintado, L. Garcı́a-Bañuelos, M. Dumas, I. Weber, and A. Ponomarev, “Caterpillar: A business process execution engine on the ethereum blockchain,” Software: Practice and Experience, vol. 49, no. 7, pp. 1162–1193, 2019.
  7. A. B. Tran, Q. Lu, and I. Weber, “Lorikeet: A model-driven engineering tool for blockchain-based business process execution and asset management.” in Proceedings of the BPM Demo Track and BPM Dissertation Award co-located with the International Conference on Business Process Modeling (BPM), 2018, pp. 56–60.
  8. O. López-Pintado, M. Dumas, L. Garcı́a-Bañuelos, and I. Weber, “Controlled flexibility in blockchain-based collaborative business processes,” Information Systems, p. 101622, 2020.
  9. A. Abid, S. Cheikhrouhou, and M. Jmaiel, “Modelling and executing time-aware processes in trustless blockchain environment,” in Proceedings of the International Conference on Risks and Security of Internet and Systems, 2019, pp. 325–341.
  10. S. Alboaie and D. Cosovan, “Private data system enabling self-sovereign storage managed by executable choreographies,” in Proceedings of the International Conference on Distributed Applications and Interoperable Systems (IFIP). Springer, 2017, pp. 83–98.
  11. L. Argento, F. Buccafurri, A. Furfaro, S. Graziano, A. Guzzo, G. Lax, F. Pasqua, and D. Saccà, “Id-service: A blockchain-based platform to support digital-identity-aware service accountability,” Applied Sciences, vol. 11, no. 1, p. 165, 2020.
  12. K. Wittek, L. Lazzati, D. Bothe, A.-J. Sinnaeve, and N. Pohlmann, “An ssi based system for incentivized and selfdetermined customer-to-business data sharing in a local economy context,” in Proceedings of the IEEE European Technology and Engineering Management Summit (E-TEMS). IEEE, 2020, pp. 1–5.
  13. M. Kang and V. Lemieux, “A decentralized identity-based blockchain solution for privacy-preserving licensing of individual-controlled data to prevent unauthorized secondary data usage,” Ledger, vol. 6, 2021.
  14. V. Lemieux, A. Voskobojnikov, and M. Kang, “Addressing audit and accountability issues in self-sovereign identity blockchain systems using archival science principles,” in Proceedings of the IEEE Computers, Software, and Applications Conference (COMPSAC). IEEE, 2021, pp. 1210–1216.
  15. J. Sedlmeir, R. Smethurst, A. Rieger, and G. Fridgen, “Digital identities and verifiable credentials,” Business & Information Systems Engineering, vol. 63, no. 5, pp. 603–613, 2021.
  16. V. C. W. Group, “Decentralized identifiers (dids) v1.0. world wide web consortium (w3c) (2020) [online]. available: https://www.w3.org/tr/vc-imp-guide/. “
  17. DID, “Didcomm messaging [online]. available: https://github.com/decentralized-identity/didcomm-messaging. “
  18. DSCSA, “Drug supply chain security act (dscsa) [online]. available: https://www.fda.gov/drugs/drug-supply-chain-integrity/drug-supply-chain-security-act-dscsa. “
  19. V. Dods and B. Taylor, “A proposal for decentralized, global, verifiable health care credential standards grounded in pharmaceutical authorized trading partners,” Blockchain in Healthcare Today, 2021.
  20. Veramo, “Performant and modular apis for verifiable data and ssi [online]. available: https://veramo.io/.
  21. A. Abid, “Ssi4iobp [online]. available: https://github.com/amal-abid05/ssi4iobp. “
  22. R. Soltani, U. T. Nguyen, and A. An, “A new approach to client onboarding using self-sovereign identity and distributed ledger,” in Proceedings of the IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). IEEE, 2018, pp. 1129–1136.
  23. P. C. Bartolomeu, E. Vieira, S. M. Hosseini, and J. Ferreira, “Self- sovereign identity: Use-cases, technologies, and challenges for industrial iot,” in Proceedings of the IEEE International Conference on Emerging Technologies and Factory Automation (ETFA). IEEE, 2019, pp. 1173–1180.
  24. P. Kavassalis, “Designing an academic electronic identity management system for student mobility using eidas eid and self-sovereign identity technologies,” 2020.
  25. R. Karatas and I. Sertkaya, “Self sovereign identity based e-petition scheme,” International Journal of Information Security Science, vol. 9, no. 4, pp. 213–229, 2020.
  26. D. W. Chadwick, R. Laborde, A. Oglaza, R. Venant, S. Wazan, and M. Nijjar, “Improved identity management with verifiable credentials and fido,” IEEE Communications Standards Magazine, vol. 3, no. 4, pp. 14–20, 2019.
  27. A. Abid, S. Cheikhrouhou, S. Kallel, and M. Jmaiel, “Novidchain: Blockchain-based privacy-preserving platform for covid-19 test/vaccine certificates,” Software: Practice and Experience, vol. 52, no. 4, pp. 841–867, 2022.