Solving International Trade Challenges with Emerging Web Technologies
United Nations Centre for Trade Facilitation and Electronic Business (UN/CEFACT), 28th Plenary meeting, 11 October 2022
I had the great honor of being invited to speak last month at the 28th Plenary meeting of the United Nations Centre for Trade Facilitation and Electronic Business. My focus was to describe the top three challenges preventing digitization within global trade, and how modern technologies are stacking up to overcome them.
This blog post is adapted directly from my presentation at the UN, capturing the hopeful message that emerging technical standards constitute a promising solution on the horizon. My slides are available here.
By means of introduction, the following challenges have obstructed trade and supply chain digitization on a global scale:
- Mutual understanding and common semantics
- Global identification of trade parties
- Establishing and maintaining trust at the distance
The corresponding solution is a technology stack based on cryptography and international W3C web standardization:
- JSON Linked Data
- Decentralized Identifiers
- Verifiable Credentials
These three technologies individually address the particular challenges listed. And as we shall see, in combination they shape an exciting path towards global trade digitization.
Establishing a Common Interpretation of Data
The heterogeneous environment of international trade makes it particularly difficult to ensure that the meaning of data is understood. When I say “x”, might it be understood as “歪”, or perhaps “ζ”?
UN/CEFACT’s Buy-Ship-Pay model is the undisputed global semantic dictionary for terms in trade, broadly adopted and recognized by WCO, WTO, EU and essentially all other relevant organizations.
However, due to methodology and the way which UN/CEFACT has traditionally been published, making use of the BSP terminology has still entailed certain challenges:
- Out-of-bounds vocabulary agreement; the sender must somehow tell the receiver “I am encoding data with UN/CEFACT, so you should interpret it accordingly”.
- Human interpretation, mapping source data into UN/CEFACT terms, making decisions such as “Shipping Container means Transport Equipment”.
- Another human’s interpretation, mapping UN/CEFACT terms to a target model, for example “Transport Equipment means ตู้คอนเทนเนอร์”.
- Breaking legacy API agreements; if a vendor’s API uses
shippingContainer, then changing it to
transportEquipmentis a breaking change, adversely affecting all dependent customers.
JSON Linked Data is a standard for overlaying normal API JSON with semantic meaning in a non-breaking manner. This is done by literally adding a context to the data message. The context defines the types and identifiers of the data by use of web URIs. For example, a “consignment” attribute would be defined as https://vocabulary.uncefact.org/Consignment. Such URIs are easily interpretable by computers; and humans too, as it resolves directly to the appropriate documentation of the term.
JSON-LD enables the data sender to be explicit about the meaning of data such that no further interpretation is needed downstream. Interpret once, understand everywhere.
Further, JSON-LD is in fact an implementation of a first-order logic data model known as RDF. This allows computers to automatically consume data without the need of human interpretation. JSON-LD data is directly machine readable, building knowledge graphs which enables advanced data analysis.
Here you can see an example of a JSON-LD file and its expanded machine knowledge interpretation.
Identification of Global Trade Parties
Digital identity today is largely based on the concept of identity federation. Federation was a step up from the 1st generation online identity which required establishing identity for every single online service. However, while large commercial Identity Providers dominate the personal identity space, the realm of global trade poses a number of specific challenges which has prevented federation-based adoption on a global scale. It is certainly not for lack of a golden business opportunity — the potential of establishing The Identity Provider for Global Trade is a mighty pot of honey. If a federation-based solution was possible, it would exist already.
Commercial organization identifier registries do exist, but are not used for federated authentication. The same is true for other identifiable things; GS1 and BIC are noteworthy successful identifier registries. But again these offer identifiers, not authentication.
State-governed Identity Providers do exist, also for businesses. But these are almost entirely recognized within that country, international federation is basically non-existent.
Also, the federation approach logically does not scale well: everyone recognizing everyone else’s Identity Providers is an exponentially complex problem.
Even assuming all of these problems could be overcome, Identity Provider model would be unattractive:
- The 3rd party Identity Provider gains trade secret insights. Such insights are the main business model of today’s Identity Providers. While already questionable for personal usage, it is definitely unacceptable for businesses.
- An identity provider for global trade would effectively be granting a monopoly to a vendor; monopolies tend to not benefit users.
- Centralization entails a single point of failure. The honey pot is equally tempting for malicious exploitation — a classic argument for decentralization.
Decentralized Identifiers are based on a model where the controller of an identity keeps a private key which is used for authentication, assertions and other use cases where proving identity control is required.
All DIDs resolve to a DID Document, which include the corresponding public key. This way, anyone can verify that an entity claiming to control a given identifier indeed holds its private key. This removes the need to map between multiple identity provider representations; each DID is essentially its own Identity Provider.
This is an example of a DID:
did:web:transmute.industries. You can try resolving this DID and explore its corresponding DID Document here.
Establishing Trusted Relationships
Global trade spans cultures, political environments and jurisdictions almost by definition. This makes it hard to establish and maintain trusted business relationships. Trust today in large part rides on costly and fragile personal relationships.
Even assuming a trusted relationship, how can you be sure that a set of claims are in fact representing the business partner’s intention? The traditional way is based on signed paper documents, backed by law. The intuitive digital equivalent is PDFs with scanned signatures as a means to “digitization”. But while a digital picture can be transmitted over the internet, it does not enable automation; and data security is also brittle and based on human judgment.
Commercial platforms typically approach this challenge by signing into a walled-off contractual environment which. This has several shortcomings:
- It is limited to a particular business process.
- Disincentive for cross-platform interoperability, passing the problem to users.
- Trust is lost when data leaves the platform.
A Verifiable Credential essentially ties a data message to an issuer with a cryptographic signature. At any later point in time, it can be verified that this cryptographic linkage is unbroken. As simple as that sounds, it is an incredibly powerful way to enable trust.
Structured data can be transmitted from a trusted party, and the receiver can be confident that the data is untampered and corresponds to the issuer’s intent. The Verifiable Credential may change hands many times over, just like physical and digital documents always have been passed around. At any point throughout the supply chain, its content can be verified.
Further, if a trusted organization has issued a Verifiable Credential about an unknown organization, that becomes a trust enabler. For example, it can be challenging to trust ethical manufacturing from a supplier manufacturing on a different continent. Trust can be bootstrapped by a locally present certificate issuer. This way, cryptographic chains linking back to relevant and trusted organizations can form entire supply chain trust graphs.
You can try verifying a Verifiable Credential here.
Cultural, language and other contextual obstacles can be overcome by overlaying common data messages with Linked Data. JSON-LD is a fully mature technology, used on 44% of the world’s websites, enabling explicit expression of data.
The UN/CEFACT Linked Data Vocabulary brings the rich and mature BSP semantic model to the web, allowing explicit term definitions specifically for trade and supply chain data messages.
Proper identification of international trade parties is a major barrier to trade. The Decentralized Identifiers model is the only globally scalable solution with the promise to establish an identification infrastructure amongst trade parties.
Verifiable Credentials are the basic building blocks with which trust can be cryptographically established and continuously verified. The DID+VC — also referred to as “SSI” or “Web 5” — is gaining tremendous traction, including adoption by nation states as a means to digitization.
With such significant challenges to overcome — meaning, identification and trust — the LD+DID+VC stack looks very promising as the “Killer App” for Global Trade.
Nis Jespersen, Transmute’s Solutions Architect, is editor of the United Nations CEFACT JSON-LD Web Vocabulary project.
About Transmute: Building on the security and freedom that Web3 promised, Transmute provides all the benefits of decentralization to enterprise teams seeking a cost effective, interoperable, planet-forward experience provided by experts in technology and industry.
Transmute was founded in 2017, graduated from TechStars Austin in 2018, and is based in sunny Austin, Texas. Learn more about us at: http://www.transmute.industries