Today’s big buzzwords are ‘blockchain’ and Bitcoin, but the concept has been around since the 1990s.
The Attributer himself in 1998 was consulting for one of the companies involved in the Bolero consortium, a project to digitise and dematerialise paper bills of lading (BoLs). A BoL is a negotiable financial instrument. Ownership of the bill means ownership of the cargo of a ship on the high seas. The bill is a ‘document of title’ that can change ownership during its lifecycle. The security issue with digital documents is that multiple copies are indistinguishable, being bit-for-bit replicas, unlike paper for which there is only one physical original. The scheme developed by the Attributer was based on a chain of interlocking digital signatures that secured and publically proved the entire history of the document.
It is easy to get carried away with the cryptographic technology, but back 1998 The Attributer was applying SABSA thinking to determine the business requirements for a digitised BoL scheme. Here are the main principles that were the foundation for the 1998 work:
• An authorised, trusted party must be able to create an electronic document of title, such as a bill of lading, which holds real value that can be transferred from party to party.
• Other parties, who trust the creator to have created only valid electronic documents that have real value, must be able to view the document, to verify its contents and to verify its authenticity. They must be able to verify that a trusted originating party created it to be sure that it has the value that it purports to carry.
• The creator must be able to pass ownership to another party, who in turn may pass ownership to another, and so on indefinitely.
• At any stage in the ownership process, any interested party (who is authorised to so do) must be able to view the electronic document, verify its original authenticity, verify its history of ownership transfers and verify its present ownership.
• The security mechanisms used must be linked to the documents only, and must not be dependent in any on the methods used for communicating or storing these documents. The system should work with whatever data communications protocols and networks the various participants use. Security mechanisms embedded in network solutions will not meet the requirements.
• Whilst trust is obviously an important attribute associated with the creation of the original electronic document, the chain of trust from that point onwards should as much as possible rely on provably strong security mechanisms that cannot be easily subverted. In particular these security mechanisms should not rely on the trusted operation of computer systems by third parties where those systems cannot be secured to a ‘provably secure’ level.
It is not just origin authentication and contents authentication that counts here. It’s a question of current ownership. We need to have a means to establish the following criteria:
• Who created the electronic document? Are they someone we trust? Therefore do we believe that the document they created carries real value? Can we be sure that the document we are looking at is authentic and really came from that trusted party?
• Has the document remained unchanged in its substance since it was created? If there has been a bona fide need to enrich or change the document in any way during its lifetime, do we recognise the party doing the changes as authorised and trusted to do that? Can we verify the authenticity of the changes, both in terms of origin and content?
• Who owns the document NOW? When someone represents him/herself as the rightful owner of the electronic document, and hence as the owner of the value that it carries, can we be sure that they are telling the truth?
This is where the SABSA thinking is important. Getting the business requirements right is what leads to a successful technology model that can truly support the business application.