filecoin-project / devgrants

👟 Apply for a Filecoin devgrant. Help build the Filecoin ecosystem!
Other
377 stars 308 forks source link

Supply Chain - Product Metadata Sharing #1737

Closed jamescbury closed 5 months ago

jamescbury commented 7 months ago

Open Grant Proposal: Claim Derived Authority (CBA)

Project Name: Confidential Settlements with Embedded Rights (CSER)

Proposal Category: Developer and data tooling

Individual or Entity Name: Zeroth Technology LLC

Proposer: jamescbury

Project Repo(s): https://github.com/zeroth-tech/CSER/tree/main

(Optional) Filecoin ecosystem affiliations: Decentralized Storage Alliance `

(Optional) Technical Sponsor: I've discussed this with many individuals in the past - in particular, Jonathan Victor - I do not currently have a technical sponsor.

Do you agree to open source all work you do on behalf of this RFP under the MIT/Apache-2 dual-license?: Yes

Project Summary

In CSER we describe a way to settle the transfer of claims on physical objects. As the claim on a product moves from participant to participant it leaves a trail of transactions - this is helpful to capture the "who", "what", "when" of a supply chain event, but we also care about "where", "why", and "how". There is also a lot of product information that various participants may want, or be required, to make available to future claim holders on that product (even if they do not know who those claim holders are). A good example of this is the information on a product label or records that document the quality control over the products' production - thousands of data schemas that govern supply chains in different industries... that information has to go somewhere, and it has to carry some guarantees that it will be available when needed at some unknown future date. At best the network (or more precisely the payload in a CSER transaction) will only carry a pointer/hash to where that data is.

Through the use of claims CSER also serves as an access control layer independent of any other governing systems. If there is product information posted and retrievable through a URI, CSER can serve up a "proof of claim" on a product that serves as the authorization for that participant to access the data. It will allow a claim holder to follow the "trail of breadcrumbs" that is the complete product record.

Filecoin as for sharing product Metadata Traditionally enterprises have been responsible for making product data available when needed. This is hit or miss... in regulated industries there are often laws that require the data can be retrieved, but it's not easy and never consistent. Some industry groups have tried to create central repositories to make all of this easy - but that generally results in a consolidation of risk and rent seekers. And it rarely answers the simple question of "what if the information provider goes away?" Additionally, enterprises often desire to remove the data as soon as their regulatory obligations have been met to limit their liabilities - considering that this is often years in the future, this is often difficult to consistently perform.

The programable nature of data through the FVM solves many of these problems, multi-hash used in the CIDs to point to the data gives the attestation/trust can give the fine grained control over data access that is needed. CSER will not necessary result in a large dataset being stored on the filecoin network by a single data provider, but it will result in a massive volume of transactions, both posting and retrieval, across a large ecosystem of enterprise users.

Zeroth Technology was founded to bring CSER to life - we are currently working on that solution and have been attempting to gain grants from the US Federal Governments and other institutions that are fostering innovation within supply chain. But those efforts are focused solely on CSER; our objective with this grant is to formally define the "Claim Derived Authority" that works in conjunction with CSER using the FVM and the Filecoin network for storage of the metadata. Note that it will never be the case the Filecoin is the "only" place where the metadata can be stored, as enterprises will always need options, but having the approach defined with a prototype available will make Filecoin the easy option.

Impact

At the highest levels this solves significant issues with current state supply chains. In the pharmaceutical industry lack of access to trusted product data has been linked drug shortages which are often categorized as a human health crisis. The volume of transactions and potential access to off-chain metadata is immense. The following was shared at the FIL Vegas conference back in Oct 24.

If we look at just one industry in one geography - Pharmaceuticals in the US - there are ~6.7 Billion prescription medicines dispensed (based on a 2022 stat from statistica). Let’s assume there each product changes hands 6 times from manufacture to dispense, that results in about 40 B transactions per year. Let’s assume each transaction generates 225 bytes of data (this is what it would take to store the transaction log - not necessarily the size of the blockchain DB). that is about 8.2 TB per year in transaction data. Lets also assume that each product carries about 1 kb of product information. That results in 6.2 TB. So, for one industry in one geography for one year we can expect about 14.2 TB of data creation that needs to be available for at least 10 years.

But it's not the size of the data that matters... it's the volume of transactions and the number of users that will need to access it. The above scenario results in 1,274 transactions per second. The number of participants in the US pharma supply chain is over 70,000 entities. That is a large use base and a lot of traffic.

In this project we will specifically address how a previously unknown user (any future claim holder of a product) can securely and efficiently access data regarding that product. Getting this right drives that much more traffic to the FIlecoin network - getting this wrong erodes confidences in decentralized storage as a viable enterprise approach for data sharing. Success is being able to provide the tooling for developers to integrate this approach into supply chain solutions.

Outcomes

We aim to use this grant to conduct the research needed to properly define Claim Derived Authority. There are plenty of implementations of token gated access and access governance (I.e., sign in with ethereum) but they all rely on public blockchain transactions to provide the proof needed to grant access. CSER performs supply chain settlements under confidentiality - so the proof of claim is something quite different. Not only will we need to define the "how" but we will also need to explore the limits of such an approach to determine if we can meet expected volumes.

The final outcome will be a whitepaper detailing the technique and the theoretical limitations. We also aim to produce a prototype for testing and demonstration purposes. The functionality of the prototype will be to retrieve an arbitrary piece of metadata based on providing proof of a current, or prior claim to a product token. The negative functionality (I.e., proving that without a claim you cannot retrieve the metadata) will also be tested.

Success will be measured primarily on the soundness of the white paper which must hold up to peer review. The limitatiion testing through the prototype will also be an indicator of success.

Adoption, Reach, and Growth Strategies

At the largest scale the target audience is the human population, but we are starting small. The prototype for CSER, and as such the prototype for Claims Based Authorization will be geared towards the pharmaceutical industry as we are actively seeking funding from the FDA for the formalization of the CSER technique (you can see more information about that on out GitHub). To that end we are currently engaged with the industry through the PharmaLedger Association, the International Society of Pharmaceutical Engineers / GAMP, and the FDA traceability working group.

This is an enterprise level application of the Filecoin network - new users will be added to the solution as it is adopted across enterprises. If we are successful very few users will realize they are storing data on a decentralized network.

Development Roadmap

As indicated above, this research effort is in conjunction with the broader development of the CSER technique. We are seeking a grant from the Filecoin Foundation to help us dedicate more resources to the specific componets of CSER that have to do with metadata retrieval. The CSER prototype is currently designed to store this in a traditional centralized database (which will also need to be supported). The milestones listed below are for the Claims Based Authorization technique where a CID is used to refrence the metadata in a CSER transaction and proof of a claim is used to later access that data.

  1. Whitepaper: Claims Based Authorization as a method to share product metadata in conjunction with Confidential Settlements with Embedded Rights (CSER). Target white paper completion date: June 30, 2024. Target peer review completion date August 30, 2024. Primary research team: Yair Frankel, Don Beaver, James Canterbury. We expect the effort for the white paper to take 320 hours across the three resources mentioned above. The full unburdened cost for this effort is $80,000. We plan to dedicate $20,000 of the Filecoin grant to help offset this effort.

  2. Prototype: A working demonstration of the technique using mock data and running in a test environment. Target completion date October 30, 2024. The aim of the prototype is to test the limits of the technique to understand the capacity/efficiency requirements. The basic flow is tied to the CSER technique, but will follow: mint product token --> post some data about the product to the Filecoin network --> transfer a claim to the product token to another account --> use the second account to access the product token metadata. Attempt to access the product token metadata from a third account that does not have a claim (negative testing). Our prototype team consists of the researchers in addition to our three developers (Tom Garlick, Patrick Macom and Ankur Garg). We expect the effort for the prototype to take 450 hours across the five resources mentioned above. The full unburdened cost for this effort is $103,000. We plan to dedicate $30,000 of the Filecoin grant to help offset this effort.

  3. Reference Implementation (future scope, not covered by this grant): Following the prototype we will develop a reference implementation of the full CSER technique using CBA on Filecoin for metadata storage. The reference implementation is a critical component of the overall adoption for the technique as it will show the interoperability of CSER with existing supply chain management systems - the implementation will be developed based on requirements from the PharmaLedger foundation and follow the EPCIS standards for supply chain events and interoperability. This effort will be significant (estimated 1,500 hours) and we may seek additional funding if needed.

Total Budget Requested

| Milestone # | Deliverables | Completion Date | Funding | | 1 | White Paper | Aug 30, 2024 | $20,000 | | 2 | Prototype | Oct 30, 2024 | $30,000 |

Maintenance and Upgrade Plans

Our long term plan is to grow the adoption of CSER across many supply chains. Our motivations for dedicating reseach into the core technique is so that it can remain open source as a public good. We envision services to be needed around the growth and support of the technique, and a by product of those services will be continued investment into the core.

Team

Team Members

Team Member LinkedIn Profiles

Team Website

Zeroth Technology LLC

Relevant Experience

Supply chain transparency - in particular pharmaceutical track and trace - has been the primary focus of my career for the past 20 years. While at EY I was a Partner in our US Blockchain Consulting practice and lead numerous blockchain for supply chain development projects, including a tokenization system for Meck that is currently in production to track the manufacture and consumption of vaccines within North America. I also lead a similar project for tokenized traceability with Takeda's Plasma Derived Therapies division. Both of these projects where on private Ethereum POA networks and were limited in their ability to scale due to the lack of confidential transactions. As a special advisor to the PharmaLedger Association and as the leader of the ISPE GAMP Blockchain Special Interest group I regularly interact with pharma regulators and supply chain experts who have been working on serialization and track and trace for decades. As one of the early members of the Decentralized Storage Alliance I understand the importance of developing use cases where the Filecoin network is at the core of data sharing across an ecosystem. This is one such use case.

Yair and Don are expert cryptographers having invented the primary components used widely today in secure multi-party compute. Both are simultaneously researching several topics, but have a special interest in solving supply chain issues as there is an opportunity to apply novel cryptography (they are primarily focused on CSER; CBA will be the next white paper).

Team code repositories

Unfortunately all of the prior projects that I have run were managed in private code repos for enterprise clients.

Additional Information

Porter Stowell suggested I apply

jamey@zeroth.technology

This article has a lot of the context for CSER included, the application of CBA is fairly evident as well.

realChainLife commented 6 months ago

Hi @jamescbury can you share the links for CSER articles that will provide additional context for this proposal? Also, since a full whitepaper finalization is part of the roadmap, do you have a lite version we can include in the review?

ErinOCon commented 5 months ago

Hi @jamescbury, thank you for your time with this proposal and for your patience with our review. Unfortunately, we will not be moving forward with a grant at this time. To contact our team with inquiries regarding our review or grants program, please send an email to grants@fil.org.

Wishing you the best as you continue building!