The architecture specifies a number of security services, which are applicable to both local and global federations of DigiPrime. The security services include:
Authentication: This service deals with the authentication of the various users of the DigiPrime digital platform. Each user of the platform will be required to have an account in the platform and to become authenticated against this service.
Authorization: Different stakeholders have access to different data, services, and functionalities of the platform. In this direction, the DigiPrime digital platform specifies an authorization service that provides stakeholders with access to the capabilities of the platform in-line with their roles in the circular chain. Characteristics examples of the different roles including OEMs / Manufacturers, Remanufacturers, Recyclers, End-users, Raw material processors, Policy Makers, Innovation hubs and CE Industries.
Identity Management: Includes a set of framework services and policies that manage users’ authentications and authorizations within the DigiPrime digital platform. It caters for managing multiple authorizations and authentications in heterogeneous environments. Typical functionalities of the identity management framework include management of credentials (e.g., certificates, passwords) and single sign on functionalities.
To support the decentralized operation of DigiPrime services, the architecture specifies a number of ledger services that enable the implementation of decentralized applications over a distributed ledger technology (DLT) infrastructure i.e. blockchain. The initial specification of the Ledger Services is inspired by mainstream permissioned block-chain infrastructures such as the Hyperledger Fabric. It is a structured as a set of Peer Nodes that maintain a ledger with the different transactions and state changes of key entities like products, modules/components, and materials. It comprises the following main components/services:
Orderer: This is a special node of the DLT infrastructure (i.e. an “ordering node”), which orders decentralized transactions in the Ordering service of the block-chain. Ordered transactions are made final in the peer nodes based on the implementation of consensus mechanisms. The latter ensure that the peers agree on the state of the objects and transactions ordered on them.
Endorser: This is a special block-chain node (peer) that is responsible for simulating transactions in order to prevent unstable or non-deterministic transactions.
Committer: This is the peer of the block-chain that appends the validated transaction to the ledger of the proper peers. It considers the specific channels of the distributed ledger infrastructure in order to append the transactions to the ledgers of the proper peers. The DigiPrime permissioned block-chain network will enable different peers to maintain different ledgers depending on their authorizations and role in the DigiPrime digital platform.
Permission Issuer: This component will handle the permissions of the various nodes, in terms of their ability to access certain channels of the DLT infrastructure and to maintain the respective information in their ledgers. It can be seen as a security and authorization enabler at the level of the block-chain infrastructure.
In principles, the ledger services will provide the means for peer nodes to read and write in the blockchain, but also to execute smart contracts (i.e. chaincode in Hyperledger terminology) that will alter the state of objects/entities that will be tracked in the blockchain. Hence, ledger services will offer a decentralized alternative to tracking objects/entities in the DigiPrime digital platform i.e. keeping the state of the objects in the ledger, rather than keeping and managing it in centralized repositories of the local or global federations.