Blockchain Based Digital Identity Trust Framework Proposal for e-Commerce in Turkey

Yıl 2022, Cilt: 5 Sayı: 2, 256 - 279, 30.12.2022

Ömer Doğan Hacer Karacan

https://doi.org/10.33721/by.1113558

Öz

The difficulties in the validation of the records, such as commercial identity, licenses, accreditation certificates, quality certificates and other kinds presented by the sellers cause issue of trust in e-commerce activities. Since the digitally presented records are usually the images of their simply physical counterparts in paper and the images are not tamper-proof, buyers cannot be sure about the validity of these digital records. Therefore, a mechanism is needed in the digital environment that allows organizations to issue digital records and buyers to validate them digitally in a trusted way; similar to how authorized organizations issue paper records with some physical validation means such as signature, seal and watermark. Mentioned issue of trust is expected to be mostly overcome when authorized organizations can digitally issue these records in a trusted way. This study proposes a blockchain based digital identity trust framework at the conceptual level without detailing the technical implementation of the trust framework. Using the proposed trust framework, authorized organizations can issue digital identities and buyers can validate these issued digital identities in a trusted way. Proposed digital identity trust framework is a set of rules which defines the roles and processes in the framework based on international standards for management and sharing of digital identities. It is anticipated that the trust in the e-commerce activities will increase with the establishment of the digital identity trust framework and ensuring that the stakeholders comply with the rules of the trust framework. Having blockchain as part of the technical implementation of the trust framework ensures that it has a secure infrastructure.

Anahtar Kelimeler

Trust Framework, Digital Identity, Electronic Commerce

Türkiye’deki e-Ticarete Özgü Blokzincir Tabanlı Dijital Kimlik Güven Çerçevesi Önerisi

Öz

E-ticaret işlemlerinde satıcı firmaların sunduğu ticari kimlik, sertifika, ruhsat, akreditasyon belgesi, kalite belgesi gibi belgelerin doğruluğunun kanıtlanmasındaki zorluklar, e-ticaret ile yapılan alışverişlerde güven sorununa yol açmaktadır. Dijital ortamda sunulan bu belgeler, genellikle kâğıt ortamda alınmış olan fiziksel belgelerin görsellerinden ibaret olduklarından ve bu görsellerin dijital ortamda kolaylıkla taklit edilebilmesi nedeniyle bu belgelerin gerçekliğinden emin olunamamaktadır. Bu nedenle, yetkili kuruluşların kâğıt ortamında muhatabına fiziksel belge sunmalarına ve belgedeki imza, mühür, filigran gibi fiziksel doğrulama yöntemlerine benzer şekilde, dijital ortamda da belgelerin güvenli bir şekilde sunulabilmesini ve gerektiğinde bu belgelerin dijital olarak güvenli bir şekilde doğrulanmasını sağlayan bir yapıya ihtiyaç vardır. Yetkili kuruluşların belgeleri dijital olarak sunabilmesi ve bu belgelerin dijital olarak güvenilir bir şekilde doğrulanabilmesi, bahsedilen güven sorununu büyük ölçüde ortadan kaldıracaktır. Bu çalışma ile literatürde dijital kimlik olarak adlandırılan bu bağlamdaki dijital belgelerin yetkili kuruluşlar tarafından güvenli bir şekilde verilmesi ve alıcılar tarafından doğrulanması için blokzincir tabanlı bir dijital kimlik güven çerçevesi önerisi getirilmektedir. Dijital kimlik güven çerçevesinin teknik gerçekleştirimine yönelik detaylara girilmeden kavramsal seviyede bir model sunulmaktadır. Önerilen dijital kimlik güven çerçevesi, dijital kimliklerin yönetimi ve paylaşımı için uluslararası standartları temel alan ve güven çerçevesi kapsamındaki rolleri ve süreçleri tanımlayan bir kurallar bütünüdür. Güven çerçevesinin tesis edilmesi ve paydaşların güven çerçevesindeki kurallara uymasının sağlanması ile e-ticaret işlemlerinin güvenilirliğinin artacağı öngörülmektedir. Önerilen güven çerçevesinin blokzincir tabanlı olması, güven çerçevesinin teknik olarak güvenli bir alt yapıya sahip olmasını sağlamaktadır.

Anahtar Kelimeler

Güven Çerçevesi, Dijital Kimlik, Elektronik Ticaret

Kaynakça

• AccessNow. (2018). National Digital Identity Programmes: What's Next? Access Now.
• Akram, M., & Sen, A. (2022). A case study Evaluation of Blockchain for digital identity verification and management in BFSI using Zero-Knowledge Proof. 2022 International Conference on Decision Aid Sciences and Applications (DASA), (s. 1295-1299).
• Argento, L., Buccafurri, F., Furfaro, A., Graziano, S., Guzzo, A., Lax, G., . . . Saccà, D. (2020). ID-Service: A Blockchain-Based Platform to Support Digital-Identity-Aware Service Accountability. Applied Sciences.
• BCTR. (2019). Dijital Kimlik Raporu. Blockchain Türkiye Platformu.
• BM. (2020). Digital Identity for Trade and Development: TrainForTrade case studies in South-East Asia. TrainForTrade Programme of the United Nations Conference on Trade and Development (UNCTAD. Birleşmiş Milletler.
• CESG. (2012). GPG 43: Requirements for Secure Delivery of Online Public Services. CESG - National Technical Authority for Information Assurance.
• CESG. (2013). GPG 44: Using authenticators to protect an online service. CESG - National Technical Authority for Information Assurance.
• CESG. (2013). GPG 46: Organisation Identity. CESG - National Technical Authority for Information Assurance.
• CESG. (2014). GPG 45: How to prove and verify someone's identity. CESG - National Technical Authority for Information Assurance.
• DIACC. (2020). Pan-Canadian Trust Framework Glossary. The Digital Identification and Authentication Council of Canada.
• DIACC. (2020). Pan-Canadian Trust Framework Model. The Digital Identification and Authentication Council of Canada.
• Dissanayake, K., Somarathne, P., Fernando, U., Pathmasiri, D., Liyanapathirana, C., & Rupasinghe, D. L. (2021). “Trust Pass” - Blockchain-Based Trusted Digital Identity Platform Towards Digital Transformation. 2021 2nd International Informatics and Software Engineering Conference (IISEC), (s. 1-6).
• European Union. (2014, 08 28). Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC. Official Journal of the European Union.
• Gada, S., Dhuri, A., Jain, D., Bansod, S., & Toradmalle, D. (2021). Blockchain-Based Crowdfunding: A Trust Building Model. 2021 International Conference on Artificial Intelligence and Machine Vision (AIMV).
• Goodell, G., & Aste, T. (2019). Decentralized Digital Identity Architecture. Front. Blockchain, 2-17.
• Gruner, A., Muhle, A., Gayvoronskaya, T., & Meinel, C. (2018). A Quantifiable Trust Model for Blockchain-Based Identity Management. 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), 1475–1482.
• ID2020. (2018). Manifesto. https://id2020.org/manifesto.
• ID2020. (2019, 01). ID2020 Technical Requirements. ID2020.
• ITU. (2018). Digital Identity Roadmap Guide. The International Telecommunication Union.
• Jamal, A., Helmi, R. A., Syahirah, A. S., & Fatima, M.-A. (2019). Blockchain-Based Identity Verification System. 2019 IEEE 9th International Conference on System Engineering and Technology (ICSET), (s. 253-257).
• Liao, C.-H., Guan, X.-Q., Cheng, J.-H., & Yuan, S.-M. (2022). Blockchain-based identity management and access control framework for open banking ecosystem. Future Generation Computer Systems, 450-466.
• Lim, J. (2020). Self-Sovereign Identity: The Harmonising Of Digital Identity Solutions Through Distributed Ledger Technology. Australian National University Journal of Law and Technology.
• Lim, S. Y., Fotsing, P. T., Almasri, A., Musa, O., Kiah, M. L., Ang, T. F., & Ismail, R. (2018). Blockchain Technology the Identity Management and Authentication Service Disruptor: A Survey. International Journal on Advanced Science, Engineering and Information Technology.
• Liu, J., Hodges, A., Clay, L., & Monarch, J. (2020). An analysis of digital identity management systems - a two-mapping view. 2020 2nd Conference on Blockchain Research & Applications for Innovative Networks and Services (BRAINS), (s. 92-96).
• Maler, E., Nadalin, A., Reed, D., Rundle, M., & Thibeau, D. (2010). Open Identity Trust Framework (OITF) Model. Open Identity Exchange.
• Mothershaw, N. (2020). OIX Guide to Trust Frameworks. Open Identity Exchange.
• Nitin, N., & Jenkins, P. (2020). Self-Sovereign Identity Specifications: Govern Your Identity Through Your Digital Wallet using Blockchain Technology. 2020 8th IEEE International Conference on Mobile Cloud Computing, Services, and Engineering (MobileCloud), (s. 90-95)
• NZ Digital government. (2020, 07). Digital Identity Trust Framework | NZ Digital government. https://www.digital.govt.nz/digital-government/programmes-and-projects/digital-identity-programme/digital-identity-trust-framework/
• Pöhn, D., & Hommel, W. (2020). An overview of limitations and approaches in identity management. Proceedings of the 15th International Conference on Availability, Reliability and Security.
• Rasouli, H., Valmohammadi, C., Azad, N., & Esfeden, G. A. (2021). Proposing a digital identity management framework: A mixed‐method approach. Concurrency and Computation: Practice and Experience.
• Resmi Gazete. (2017, 06 06). Elektronik Ticarette Güven Damgası Hakkında Tebliğ.
• Resmi Gazete. (2020, 10 22). Türkiye Cumhuriyeti Kimlik Kartı Elektronik Kimlik Doğrulama Sistemi Yönetmeliği.
• Resmi Gazete. (2021, 04 01). Bankalarca Kullanılacak Uzaktan Kimlik Tespiti Yöntemlerine ve Elektronik Ortamda Sözleşme İlişkisinin Kurulmasına İlişkin Yönetmelik.
• Statista. Global retail e-commerce market size 2014-2023. https://www.statista.com/statistics/379046/worldwide-retail-e-commerce-sales/
• Temoshok, D., & Abruzzi, C. (2018). Developing Trust Frameworks to Support Identity Federations. National Institute of Standards and Technology.
• The Better Identity Coalition. (2019). Better Identity in America: A Blueprint for Policymakers.
• TOBB. (2018). Güven Damgası. https://www.guvendamgasi.org.tr/
• TSE. (2017, 04 24). Elektronik kimlik doğrulama sistemi - Bölüm 1: Genel bakış.
• UEKAE. (2015). Elektronik Kimlik Doğrulama Sistemi. EKDS. https://www.ekds.gov.tr/ekds/elektronik-kimlik-dogrulama-sistemi
• UEKAE. (2015). Kimlik Doğrulama Yöntemleri. https://www.ekds.gov.tr/ekds/kimlik-dogrulama-yontemleri
• Usta, A., & Doğantekin, S. (2019). Blockchain 101. Bankalararası Kart Merkezi.
• W3C. (2019, 11 19). Verifiable Credentials Data Model 1.0. https://www.w3.org/TR/vc-data-model/
• WBG. (2018). G20 Digital Identity Onboarding. The World Bank Group.
• WBG. (2019). Practitioner's Guide. The World Bank Group.
• WEF. (2018). Identity in a Digital World. World Economic Forum.
• WEF. (2019). Digital Identity. World Economic Forum.