A new SDK combines Zebra devices with blockchain to facilitate the development of decentralized solutions on the edge
This blog introduces the new Zebra-IOTA Edge SDK and how it can be used to build and test decentralized solutions leveraging the IOTA Distributed Ledger. In particular, the first public release includes an “Identity Enabler” that can be used to issue, verify and manage decentralized, interoperable identities for people, organizations and devices.
When it comes to supply chains, this SDK, in combination with the already available Track & Trace Ledger APIs, facilitates building digital solutions that allow securely sharing non-repudiable, trusted and immutable data among multiple stakeholders.
Understanding DLT technology
Decentralized Identities based on DLT open up new solutions
There are many business processes, particularly along supply chains, that involve digital identities. An identity is composed by the attributes a system knows about a particular actor (person, organization device, etc.). Currently identities are usually locked into specific systems and are not portable. On the other hand, often (federated) identities are stored by a cloud service, but this has privacy implications, as anytime we interact with a service the cloud-based identity “gatekeeper” knows it. These problems are also happening in global trade and supply chains. For instance, an organization trading in one country has to be verified again to trade in a different country. Thus, we can conclude that in the context of privacy-sensitive, heterogeneous, global, or distributed application services, centralized or federated identities have many drawbacks.
And this is where Decentralized Identities come to the rescue. Decentralized digital identities (DIDs) are a new type of digital identities that do not require any one to one integration between identity issuers and identity verifiers. As a result DIDs allow for privacy, high scalability and reduction of time and costs. For instance, claims already proofed against a given identity issuer are not required to be proofed again against a different one (e.g. a company operating in a different country).
The IOTA Identity Framework is an implementation of the W3C DID and Verifiable Credentials standards. A DID is a global ID that can be dereferenced into an auditable JSON document (DID document). Such a document contains all the cryptographic materials or metadata associated with the DID. A Verifiable Credential is another JSON Document that contains credentials issued by a trusted entity to a “holder”, both identified by a DID. VCs may be created by trusted entities, such as government agencies, businesses, universities, or employers, and issued to a “holder” of the VC. VCs are like digital passports, or unique stamps which serve to attest to specific information about an entity associated with a specific DID.
The IOTA Identity Framework handles all the interactions with the IOTA Tangle where the DID documents are published and anchored to. In the context of Verifiable Credentials, the Tangle acts as the Verifiable Data Registry. The IOTA Tangle is well-suited as it provides guarantees of data integrity and immutability and, therefore, trust between participating parties, but without incurring any fees.
Some inspiration on the kind of applications that can be built are:
Personal Information Management: The main application is self-sovereign identities as a privacy improvement. In fact, self-sovereign identities allow individuals to manage and present their identities (securely stored on their devices) without the intervention of a central authority or issuer. For instance, health credentials could be verified by a restaurant owner using a Zebra device powered by our SDK without interacting with a government service endpoint. You can find more information on our previous joint whitepaper with IOTA on health passports.
Trade Certificates: Verifiable claims anchored to decentralized identities can be used to represent digitally different kinds of certificates associated with trade items. For instance, phytosanitary certificates, guarantee certificates, compliance certificates issued by third party auditors, … All these certificates, represented as interoperable Verifiable Credentials, can be scanned and verified by any Zebra scanner, powered by our SDK. And that can be done at a warehouse, sales point or even by consumers with their own personal devices.
Decentralized Identity (DID) for Organizations: The main application is the “DID for organizations in global trade” use case. For instance, a trader from Kenya creates its decentralized digital identity (DID) and receives a number of Credentials from Kenyan authorities after the requested verification processes. Some of these Credentials are also accepted by the EU authorities when importing goods. You can watch this video which shows how we are applying it to the TLIP Project jointly developed by TradeMark East Africa and IOTA.
Decentralized Device Identity. Any device, such as a printer, scanner or RFID reader used in supply chains, can be issued a decentralized identity and associated credentials by the organization owning it. As a result all interactions made with that device can be recorded and audited, increasing the level of traceability, accountability, security and trust in the daily operations of an organization. The Zebra-IOTA SDK already includes a reference application (DeviceID Application) structured around a wizard that allows onboarding devices owned by an organization.
Supply Chain Credentials. Currently there are many supply chain processes that are actually conducted without the proper level of security or with no digitisation at all. We can imagine a truck driver arriving into a warehouse requesting to load / unload some pallets and showing just a document on paper with the transportation order. These kinds of processes involve identity, trust and change of custody records between multiple parties each one holding their own decentralized identity: the warehouse manager, the truck driver, the logistics service provider, the supplier company and the customer company.
The Zebra-IOTA Edge SDK Overview
The Zebra-IOTA Edge SDK is composed of different open source modules (enablers) that facilitate the creation of applications that exploit IOTA’s DLT capabilities on edge devices, in particular Zebra Devices. The first enabler open for public feedback and described by this blog (Identity Enabler) is the one corresponding to decentralized identities. It is based on the IOTA Identity Framework and makes it easier to develop solutions on the edge (solving problems like the ones previously discussed) around decentralized identities.
The Identity Enabler is composed of a set of reference applications that can be used as a scaffold / blueprint for developers, and as guidance on how to solve the most common problems around decentralized identity, such as credential issuance or verification, using the APIs offered by the IOTA Identity Framework.
These applications are integrated with Zebra DataWedge and include:
- Holder Application which defines the scaffold for creating applications for credentials’ holders, being people or organizations. As a result credentials can be shared by way of data matrix codes ready to be scanned with Zebra devices.
- Verifier Application which allows interoperable credential verification through the scanning capabilities provided by Zebra devices and the IOTA Identity framework. The latter checks for tampering and authorship of both the presentation and the contained credential(s) using the embedded proof (digital signature).
- DeviceID Application which offers a customizable wizard for onboarding devices on supply chains by generating a new identity and requesting verifiable credentials to the organization owning the device, which acts as an issuer. Afterwards the device can start reporting authenticated scan events (after having been previously registered to the Track & Trace Ledger APIs) that can be immutably recorded on the IOTA Tangle. Those events could later be transformed into EPCIS 2.0 events.
Zebra and IOTA Foundation will be publishing a detailed Tutorial (stay tuned), including Zebra DataWedge profiles to facilitate the utilization and learning of the Identity Enabler of the SDK. We encourage you to experiment with it and to provide feedback.
Webinars and feedback
The Zebra-IOTA Edge SDK opens up a new world of business opportunities and applications thanks to the combination of IOTA and Zebra edge devices. Thus, we encourage you to participate in our first introduction webinar:
- Webinar Wednesday 16th February, 2022
- An overview of decentralized identities and how to use and develop with the Zebra-IOTA Edge SDK.
- Jose Manuel Cantera (IOTA Foundation)
- You can sign up here!
The combination of Zebra Edge devices with the IOTA DLT opens up a new world of novel, decentralised supply chain applications, enabling secure, trusted and immutable data exchange. Zebra and IOTA Foundation are facilitating developers to build and test decentralized identity applications through the Identity Enabler of the Zebra-IOTA Edge SDK.
With the feedback from the community, IOTA Foundation and Zebra technologies intend to continue working on improving and polishing the SDK. In fact, during Q2 2022 a new enabler, EPCIS Enabler, will be released. It will have to do with the capability to record GS1 EPCIS 2.0 events directly from Zebra devices. Those events can be stored on distributed datastores and anchored immutably to the IOTA Distributed Ledger.