8H/ Identity in the Supply Chain: GS1 Verification LIbrary - POC nd Future Use Cases

From IIW

Identity in the Supply Chain: GS1 Verification Library PDC and Future Use Cases


Session Convener: Yousuf Hossain, Andy Meyer, Paul Nicolard

Notes-taker(s): Andy Meyer

Tags / links to resources / technology discussed, related to this session:


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

GS1 US Verification Library

Question How do you prove the authenticity of your pharma product through the supply chain.

Proof of concept project.

Built a library of data that was created by the product owner and made accessible for verifiers of data.

Pharma ledger is EU based blockchain project.

Why build the library at all, to create a verifiable chain, that would denote which world region / company / product through chain of custody, to prove out theat the product is safe and correct for customer use. if one data point was off the product would not pass verification.

Technical:

Key vault: store key for the manufacturer

Credential server: Allows the push pull of credentials used for verification.

Pharma ledger App: for customers to fetch and verify the credential

Utilize digital bazar. Default web SSLs

Went with index based revocation list which is cached on phone.

Challenges:

Ecosystem is in flux so which DID method to use? Went with DIDWeb.

No standard wallet because most are custom built and mission specific.

Time to market.


Library challenges:

Mobile use and inherent size restrictions, used webpack to overcome.

Revocation:

Approach to credential chaining and the AC DC discussion have been very interesting.

API responses: originally used default responses and have had to evolve.

Private Key management: currently use Azure Key vault but is not scalable.

Caching: had to develop homegrown caching process.


Q: Did GS1 look at a GS1 DID method? No time to market was key.

Q: Why does GS1 develop standards for this are they planning to move this past proof of concept?

If more companies are willing to adopt and more use cases are identified, they will move past proof of concept.

-

Any feedback on verification libraries?

Q: What is it that you are adding on top of the digital bazar?

Certain standards around verification and the caching method. Additional standards related logic.