Figure 1. Credential management with granular permissions. This shows the steps involved in creating a “Public Liability Insurance” certificate, assigning it to Bob, and Bob permitting “Construction Company” to view it.
Using a blockchain for this application has a number of advantages:
- Blockchains ensure provenance: the origin of a certificate is guarantee by the underlying technology.
- Every party on the blockchain can audit the smart contracts.
- The responsibility for maintaining the system is distributed.
- Each party has access to the most recent information.
- Entities can only see the information that they have given permission to.
One key component of this credential management system is the ability to choose which attributes of a credential to share. The example in Figure 1 shows Bob sharing a certificate with “Construction Company”, but not the cover amount. This is possible because attributes are permitted to have their own permissions.
The blockchain application was developed using Hyperledger / Fabric. It consists of several smart contracts, asset definitions, entity types and a permissions file for accessing the smart contracts. The main smart contracts are used for:
- Issuing a certificate
- Authorizing access to a certificate/attribute
- Revoking access to a certificate/attribute
Scripts were used to deploy the blockchain network. To enable interaction with the blockchain, the network was setup with two REST endpoints, both using multi organisation authentication. This setup enables multiple entities to authenticate with the same rest server.
For each entity type (Provider, Owner andChecker) on the blockchain, a unique web interface was developed. This enables them to perform all the operations to create, revoke, share and update credentials according to the their role and permissions.
Credentials are an essential part of many organisations. This demonstrator was proposed by Site Passport who are interested in being able to manage construction related credential on a blockchain. However, the demonstrator is domain agnostic and can be deployed to address credential management in many domains, including:
- Insurance: Storing and sharing insurance documents.
- Education: Managing Certificates, Diplomas and Degrees.
- Consumer Banking: KYC — Manging customer information between banks.
- Healthcare: Managing medical staff access and permissions.
- Property Law: Land deeds stored on a blockchain asset registry.
- Saad Shahid
- Dr. David Haughton
- Dr. Oisin Boydell
- Dr Brian MacNamee