Creating the Internet of Logistics
however. Therefore, there is need for a
federation of trusted identity providers,
each of which will determine other identity
providers they trust via a cryptographic
mechanism—thus enabling a company
registered with one identity provider to trust
other companies registered with other
identity providers.
transport and encryption at rest will be
mandatory for platform providers to ensure
that data cannot be easily accessed.
Even with the controls mentioned above,
participants in the Internet of Logistics will
need to ensure the integrity of the data for it
to be trusted. The data will therefore need
to be digitally signed. However, digitally
signing RDF data is not a trivial task, and
there is a current lack of standards in place.
The main challenges with signing RDF data
include the existence of blank nodes,
multiple serializations and the arbitrary
order of attributes. There are efforts being
made in this space (including a recently
published draft – Linked Data Proofs), 7 and it
will require the collaboration of the logistics
community to drive these efforts forward.
Following authenticated identities, the next
security challenge falls under authorization.
Using JSON Web Signatures (JWS; RFC 7515),
JSON Web Encryption (JWE; RFC 7516) or
access tokens generated by identity and
authentication providers that are bound to
the sender, distributed applications are now
able to check the authorization of clients or
users. A key concern for data owners is the
control over who is able to access their data.
This control must be granular to the level
that a data owner will be able to restrict
access to specific logistics objects or even
restrict access to specific data within an
object. ACL per logistics object or blockchain
ledgers are mechanisms used to attain this
control. Logistic object owners can therefore
specify not only who can access their objects
but also importantly who can cascade
authorization to objects to other companies
in the logistics chain.
With security in place, the final step is to
make sure the data is available. Highly
available platforms and a publish-and-
subscribe mechanism (so that data is
available in advance of its operational needs)
are the last building blocks needed to ensure
one has a trusted and secure distributed
platform to start consuming data from the
Internet of Logistics!
I MPLEMENTATIONS
After restricting access to only certain
authenticated identities, one must take care
of the data’s confidentiality so that
unauthorized users cannot access it using
unethical
mechanisms.
Perimeter
technology that enforces TLS during
Ericsson, together with IATA, has developed
the first initial version of the Internet of
Logistics under the IATA initiative ONE
Record, 8 a data sharing architecture based
on the concept network of platforms using a
single web Application Programming
7 Linked Data Proofs - https://w3c-ccg.github.io/ld-proofs/
8 IATA ONE Record - https://www.iata.org/en/programs/cargo/e/one-record
- 23 -
March 2020