BDI defines Common Roles as the standardized roles for activities in a specific sector or type of supply chain. They form the basis for standardized role-based authorizations, lowering the effort for maintaining authorization rules. .
This type of roles is sector specific, as opposed to BDI Roles that are part of the building blocks
See Policy Agreements.
Sector specific Common Roles
Common roles define operational responsibilities within supply chains, helping to create standardized policies, particularly Data Access Policies.
Each specific sector (type of cargo, modality) has common roles that are well understood and recognized. The same applies to data elements that a role needs to have access to, in order to be able to perform a task.
Defining these common roles (like truck driver, customs agents, inspection agent, forwarder, terminal planner, etc. etc.) reduces the cost of interactions between entities. An undefined role needs custom definitions for the combination role-data access policy: a labour-intensive action.
Managing access rights is simplified by standardization.
Members of different Associations that have different policies per common role, or different roles, will need to align these policies and roles to become interoperable. It is expected that a natural convergence on common roles in a sector will appear over time: Associations will agree upon shared common roles and policies if this benefits their business objectives.
This page contains references to demo projects and their lessons learned where the Representation KIT has been used.
Summary
The Representation Chain is a building block that lets other entities verifiy mandates.
The Representation Chain is a method to show verifiable mandates given to natural persons, legal entities or governmental bodies that act on behalf of the entity that issues the mandate. A mandate is a record of representation by an authoritative command (mandator) provided to whom a mandate is assigned (mandatee). The mandate transfers accountability and liability to the mandator for acts done by the mandatee.
The Representation Chain consists of a Representation Evidence (nested or embedded JWT's) that can be verified offline and/or online by a check at the issuer that the token is still valid .
Purpose
The Representation Chain is a method to show verifiable mandates given to natural persons, legal entities or governmental bodies that act on behalf of the entity that issues the mandate. A mandate is a record of representation by an authoritative command (mandator) provided to whom a mandate is assigned (mandatee). The mandate transfers accountability and liability to the mandator for acts done by the mandatee.
This covers H2M and M2M (process acting on behalf of a legal entity) use cases.
The Representation Chain is the Building Block to facilitate Boundary Management, especially for Physical Acces Boundaries https://app.gitbook.com/o/6jFQJqnMRyd4T2pZ1IBi/s/EsnYrgeqsPPZtbALTQAj/~/changes/224/reference-architecture/boundary-management/physical-asset-boundaries
and Legal Asset Boundaries. https://app.gitbook.com/o/6jFQJqnMRyd4T2pZ1IBi/s/EsnYrgeqsPPZtbALTQAj/~/changes/224/reference-architecture/boundary-management/legal-asset-boundaries
Relationship to other Building Blocks
The Representation Chain is (directly or indirectly) related to the following Building Blocks:
Authentication
Authorisation
Digital Identity:
Common Roles:
Professional Qualification Chain : this is a similar methode to show proof of the professional qualifications of Natural Persons acting on behalf of the issuing entity.
Verifiable Credentials: (future work)
Elements & core Functions
A Representation Chain is not a central register but a method.
The Representation Chain holds the relationship between
the (digital identity of the) mandator
the digital identities of mandatees
the scope of the mandate
role based
optionally order related (transient)
other relevant data
The Representation Evidence is in the form of a nested JWT including additional information as desired. The JWT is transferred to the mandatee (H2M use case Physical Asset Boundary Management) for temporary use. The mandatee show/transfers the JWT as Representation Evidence to third parties, online or offline. These parties can verify the (nested) JWT and optionally follow the link's in the JWT's to the respective issuers to check to validity of the tokens.
The third party does not need to be Member of an Association, lowering the barriers for implementation.
Documents
Further Reading
Verifiable Credentials
E-Herkenning
The Professional Qualification Chain is a method that lets other entities verifiy if representatives of the entity that isses the evidence have the required qualifications.
The Professional Qualification Chain registers the relationship between
the digital identity of the owner/controller
the proof of relevant professional qualifications of humans or legal entities
for instance verifiable representations of verifiable credentials
the digital identities of these humans or legal entities
The relationship is transient: as long as it is relevant, and only for relevant qualifications.
The legal implication is that the owner/controlling party assumes accountability and liability for the existence and verification of the relevant Professional Qailification of its representatvies.
The purpose of the building block is to specify:
the interface and structure to issue claims of Professional Qualification (Evidence)
to allow automated verifications of the claim in the Evidence.
The building block is used in Boundary Management, especially Physical Asset Boundaries and Digital Asset Boundaries, for example:
access to a location where specific safety training is required
delivering services that require professional qualifications
use of certified processes (ISO certifications of tools)
Personal qualifications means criteria related to an individual's background, including completion of an approved educational program, satisfactory performance on an examination, work experience, testimonials and completion of continuing education.
Personal qualifications are issued by competent organizations to natural person. Examples include universities (education courses), former employers (work experience), governments (VOG statements, driving license), and terminals & chemical plants (health and safety courses).
Process qualifications means criteria related to a process, such as certification of compliance to an ISO standard.
The traditional paper based approach is to collect and store a physical file of the professional qualifications and to present the applicable qualifications when required. This is a cumbersome process and sensitive to fraud as many copies are kept at multiple sources of which varying levels of controls are applied to validate authenticity and validity of the evidence.
A modern approach is to collect the qualifications in an mobile app or a secure card. On request the employee can share the qualifications. Examples include the Vakpaspoort of the Centraal Register Techniek and the XS-ID of Secure Logistics.
The drawback of the app approach is that the different implementations are not interoperable. For example the protocols for retrieving the qualifications from the sources are not standardized. Also the protocols for presenting the qualifications are not standardized.
The (open) European Wallet is an enticing prospect because it will standardize both the retrieving and the presentment of the qualifications as verifiable credentials in the personal wallet of the employee.
The Professional Qaulification Chain transmits only the verificanle representations of specific relevant qualifications.
The following is to be considered:
the personal qualifications are personal data and most likely privacy sensitive. Sharing this data with other organizations is limited to its purpose meaning that anything else not trivial is to be masked.
It requires clear authorization conditions to be provided to the association to ensure that the data is only made available to the organizations that can present clear evidence of the need need to access the data.
This Building Block is linked with
Trust KIT
Digital Identity
Authentication
Authorization
Representation Chain
Boundary Management
(EU) Wallets are under development. Large scale pilots have started, however focus initially has been on the natural person as civillian in relation to it's state authority and lesser on the 'role' of a natural person as a employee / staff in relation to a Legal Entity / business.
Relevant standards to consider or adopt for the BDI are:
The Verifiable Credential Data Model (current v2.0). This defines the 'shape' of the claims and belonging metadata that cryptographically prove who issued it. Not the content of the credential itself. This is to be defined in large-scale pilots to strike consensus and find adoption.
The VC can be stored in a Wallet. The BDI supports an exchange is through tokens (JWT's) where embedddd JWTs with VCs for representation evidence to provide a Chain of Trust. Specification of the application of the protocol and interfacing is work in progress