Potential uses incorporating international standards (Part 3)



Trust in a digital world

As I previously mentioned, trust in the digital world is an important subject, and I have explained how standards can play a part in building that trust.

Technological convergence

The convergence of creativity and technology can lead to radical changes in existing business models and the organizational structures they sit within.
Distributed Ledger Technology (DLT) is presently as much a series of challenges and questions to existing structures, as opposed to a set of answers and practical possibilities.
But it appears to have at least some qualities, and to be in the appropriate context, to produce change at the more revolutionary end of the spectrum.
DLTs offer significant challenges to established orthodoxy and assumptions of best practice, far beyond the recording of transactions and ledgers. These potentially revolutionary organizational structures and practices should be experimentally trialled — perhaps in the form of technical and non-technical demonstrator projects — so that practical, legal and policy implications can be explored.

Make no mistake, blockchain is potentially disruptive to any existing organisations whose business model is founded on centralised control.

It is this potential for disruption and the ability to create global networks quickly that gives smaller, more agile, businesses an opportunity to compete in global markets in the same way as the internet has done in recent years.

There are challenges to be overcome, and new best practices will emerge through the development and adoption of standards, but small companies are well placed to benefit from this disruption to traditional ways of doing business.

Trust and interoperability

Trust is a risk judgement between two or more people, organizations or nations. In cyberspace, trust is based on two key requirements:

  • Prove to me that you are who you say you are (authentication)
  • Prove to me that you have the permissions necessary to do what you ask (authorization)


All contracts, smart or otherwise, rely on the ability for each party in a transaction to know who the other parties are.

There are many cases currently where the true identity of certain parties is not clear, and ISO 8000-116 identifiers will play a massive role in the future of smart contracts.

Another key element to ensure trust, is the level of security based on public key infrastructure federations, known as PKI. These security systems are rated by their Level of assurance (LoA).

In any system that has achieved a very high assurance, level 3 or 4, some sort of encryption standard will have been deployed.

In Austria, the e-government scheme is a level 3+ PKI.

Trust and interoperability

Trust is a risk judgement between two or more people, organizations or nations. In cyberspace, trust is based on two key requirements:

  • Prove to me that you are who you say you are (authentication)
  • Prove to me that you have the permissions necessary to do what you ask (authorization)

Interoperability involves several factors:

Data interoperability. We need to understand each other in order to work together, so our data has to have the same syntactic and semantic foundations;

Policy interoperability. Our policies need to be aligned or based on agreed common policy, so that I can be confident that you will treat my information in the way that I expect (and vice versa)

The effective, collaborative implementation and use of international standards.


Smart contracts of the future will take many forms. Whether these are permissioned or unpermissioned, public or private shared systems, depends on the use case.

Permissioned smart contracts could give a user the right to either share or withhold data with or from another party.

In this part of this section, we will discuss some practical, potential applications for the use of this technology. 

Trust in a digital world

Several industries use security systems based on Public Key Infrastructure (PKI) federations that rely on a cryptographic standard called X.509. These offer high and very high assurance levels (LoA 3 and 4) for employee authentication, notably in aviation, the pharmaceutical industry, defense, banking and, increasingly, e-health.

The US and China have the largest deployments of international-standard PKI federations, closely followed by South Korea (where it is mandated for all companies by regulation), Estonia, Netherlands and many others.

At LoA 3+, it is possible to link a user’s identity to other trust functions, such as legally-robust digital signatures, identity-linked encryption and physical access control in buildings. PKI federation isn’t the only option for high assurance supply chain collaboration and sharing sensitive information at scale, but it is the de facto norm today

Personalausweis, the Austrian e-government scheme is a level 3+ PKI

Today, most businesses run a centralised business model. This is a very controlled model, and it is vulnerable to a single point of failure.

At the other end of the scale we have unpermissioned, public shared systems that are 100% decentralised. Bitcoin and other crypto currencies are examples of unpermissioned, public, shared systems that are 100% decentralised.

Crypto currencies rely on anonymity, therefore must also rely on a control to gain consensus that transactions are genuine. Crypto currencies achieve this consensus through a protocol called “proof of work”. You may of heard that machines linked to Bitcoin require a lot of power to solve complex puzzles. These puzzles are the way in which thisproof of work is verified.

Business is not likely to adopt the crypto currency model. It is likely that the future of smart contracts will involve a private network of trusted parties who are authorised to verify transactions,

Permissioned, public shared, smart contracts

  • User 1 opts in to a smart contract on a shared ledger to share their address with an institution that possesses a blue key (there may be many other institutions, with many different keys).
  • But User 2 has opted out of sharing their address, so the institution only receives a copy of the latest address from User 1.
  • Opting in via a trusted agency may be useful when an individual changes their address, because the change could be reflected on their passport, drivers license and other key department databases.

Public authorities however, are predicted to adopt permissioned, public shared systems.

More from this presentation