Skip to content
This repository has been archived by the owner on Apr 21, 2022. It is now read-only.
Matthew Hall edited this page Oct 22, 2021 · 17 revisions

Mines Digital Trust

About the Project

What is the product vision?

People want to know where things come from. Producers of mineral resources want to prove they are a responsible source. The purchasers of those mineral resources want to prove this to their customers. Establishing this provenance and related attribution is challenging. But, new technologies are available that enable this digital trust. It requires a community effort to improve how we exchange trustworthy data. Verifiable Credentials are one these technologies which will enable digital trust.

TLDR: In support of producers of consumer goods and purchasers of mineral resources who desire to prove the responsible sourcing of mineral resources, as well as internal government learning regarding the community effort to establish a better way to find, issue, store and share trustworthy data via Verifiable Credentials, the Mines Digital Trust POC of issuing verified credentials for Mines Act Permits and any related observable data metrics of the mine site was initiated.  

What is being done to achieve the vision?

We have created a team with members from Government, Industry and Academia. This team is our advisory committee on the Mines Digital Trust project. The advisory committee is providing feedback on the value of using verifiable credentials to conduct business. We are starting with verifiable credentials for the following categories:

  • Mine Permit Authorizations
  • Climate Change Reporting
  • Health and Safety Protocols

The Mines Digital Trust team is using a blockchain-based technology called Hyperledger ARIES. It enables a higher level of trust, security and privacy for our business processes. A production example in use today is the web application https://orgbook.gov.bc.ca/. Within this the Provincial Government has issued verifiable credentials for every BC company.
Digital wallets holding verified credentials are special in their use of cryptography. These special digital wallets use blockchain to verify four elements of digital trust:

  1. Who issued a credential?
  2. Who was the credential issued to?
  3. Check for any credential tampering
  4. Check if the issuer revoked the credential

The holder keeps all other credential data in a secure digital wallet, not on the blockchain.

The Orgbook provided a starting point for building a digital trust ecosystem. The next step is to expand the ecosystem so businesses can hold, issue and verify credentials. This creates a gold standard for trusted business to business information sharing. This new approach allows for selective disclosure. This means you can choose to limit the attributes you share to those required for the process. Decentralized identity solutions allow businesses to automate credential verification. Furthermore, it removes call backs to the issuer.

TLDR: The Mines Digital Trust project is building a proof of concept using a blockchain technology called Hyperledger to enable a handful of program areas within the BC Government to add a higher level of trust to their current business processes. To start with BC Registries issued a Verifiable Credential for every registered company in BC. This web application https://orgbook.gov.bc.ca/ constitutes a digital wallet that holds verified credentials from issuers like, for example, BC Registries or a permitting officer in the BC Government. Currently this is strictly for public information only.  In this project we are looking to issue a few “verifiable credentials” into The Orgbook which will be linked to the existing registered businesses and provide a starting point for building a digital trust ecosystem. This ecosystem will grow into businesses holding their own credentials obtained from various issuers like BC Registries or WorksafeBC, and will allow for a new kind of business to business sharing of the information. One where they choose to share only the information they wish and without needing to go back to the issuer to get it or confirm its validity.  

What are the goals for the proof of concept?

  • To confirm that verifiable credentials can improve trust in business processes.
  • To provide data about environmental, social and governance factors and prove responsible sourcing.
  • To explore interoperability with supply chain solutions.
TLDR: The purpose of this project is to explore the use of the Hyperledger blockchain solution and verifiable credentials to build out a responsible sourcing assessment tool. If successful, further investment will be made to issue additional verifiable credentials for data objects needed by industry to meet the increasing demands for responsible sourcing and traceability in the supply chain.  

What will you do after the proof of concept?

  • The BC Government will issue verifiable credentials to the digital wallets of organizations.
  • We will reengineer our wallet tools to support enterprise level performance and scalability.
  • We will create system integration capabilities using APIs.

How will this solution change things from what we are doing today?

Today we either have a choice to take someone's word for it, or check back with a reference or source of authority. Tomorrow's solution allows businesses to independently verify the following:

  • The authenticity of data without checking with the issuer of the data
  • The holder of the data was actually the person or company that it was given to
  • The data has not changed since it was given to the holder
  • There has been no revocation of the data and the holder is still permitted to use it

What is the point of all of this?

At its core this project is about identity. Validating the identity of people and businesses who desire to attest to any form of information. Some examples include authorizations, permits, licences, and other relationships like membership, employment or accreditation. With this validation of identity we can be absolutely certain of the origin of information. If we trust the issuer of the data then we can conduct business transactions with confidence. We want to provide the ability to meet the demand for proof that products are made by companies striving for responsible sourcing. We want the effort to establish proof to be reduced to zero. We want to eliminate unnecessary verification processes. We want to promote new economies where good business practices are valued and rewarded. We want to support business transformation and global efforts towards sustainability, traceability and transparency.

Who is building the long term solution?

The BC Government recognizes that this goal will be successful only with the coordinated efforts of governments, industries and academia.

So how does it actually work?

TLDR: (For Issuing to OrgBook) The issuer of a credential has to run some software that can create a verifiable credential and the cryptographic keys, and be registered to be able to submit the credential to the OrgBook digital wallet. The issuer defines a set of attributes that will be submitted with the verifiable credential and used to provide context and explain the implications of its issuance. The issuer can then programmatically trigger a request from its parent software application each time it wishes to issue or revoke a credential. The cryptographic keys created with the Hyperledger components are what go up on the blockchain ledger and enable proving who issued it.   

There are four layers of technology needed. For each of those layers of technology there is an aspect of governance that is also required to be understand and managed. This model can be view on the Trust Over IP website.

  1. Register the identity of a digital wallet on the blockchain or distributed ledger
  2. Register the identity of a credential on the blockchain or distributed ledger
  3. Using the published identity of another digital wallet you can create secure connections between the two
  4. Using the published identity of a credential you can create an entry in your digital wallet stating your intention to either issue that credential or request proof that someone else has been issued one of them
  5. With a secure connection established you can conduct credential transactions such as
    • request credential
    • issue credential
    • request proof
    • present proof
    • request verification of self attested data
    • send instant messages
  6. Manage Templates for the Credentials you own or the Proof Requests you wish to ask for

For our project we are running a software product called the Business Partner Agent. It has to be registered to be allowed to create new types of credentials on the blockchain solution we are using called "Sovrin Mainnet". The Business Partner Agent can issue credentials to other digital wallets that are using Hyperledger ARIES API for a communication protocol. The Business Partner Agent can make specific connections directly to another digital wallet. These connections are secure and encrypted. The information flows through the internet but is not uploaded to any other centralized service. The information stays encrypted the entire journey until it reaches the other wallet. A small amount of public data is uploaded to the Sovrin Blockchain or distributed ledger.

The data on the blockchain is limited to what is required to verify the identity of the issuer of a credential or what is published to allow for invitations to make a secure connection with another wallet. All other information that would otherwise identify the actual names of businesses or contacts or any of the attributes of credentials are all stored in the encrypted wallets of each company ("off chain"). This highlights the purpose of Hyperledger ARIES to maximize privacy and security, enable decentralized identity, and to promote self-sovereignty of data.

Other services like supply chains may need to implement a different approach than this in order to provide public transparency into the lifecycle of a product, however, we are still investigation ways to accomplish this transparency without relinquishing the self-sovereign control of data.