A dream within the transport and logistics sector is the ‘Physical Internet’, which allows goods to find the best way to their final destination by clever use of data. To make this dream come true, unanimity about our digital identity is crucial. Let’s make a choice now.
Who are you online and what are you allowed to do? To gain access to data, you must always identify yourself online as a person, company, employee, representative or IT system. This can be done in a wide variety of ways. Many parties – often competitors – offer very different solutions, based on a wide range of underlying technologies.
A maze of verification systems, login methods and authentication solutions
Who do I have in front of me?
Let’s go into this in more detail. The basic question is: with whom am I dealing? Who do I have in front of me? People have a passport with which they identify themselves: to prove that they are the one they claim to be. If necessary with the intervention of a notary, if you want to be sure.
There are different types of digital ‘passports’ for private individuals online. For companies and their employees or IT systems, on the other hand, it is much less clear. In the field of business ‘digital identity’ we come across a jumble of verification systems, login methods and authentication solutions.
Who is that driver?
Suppose you have a warehouse with various carriers driving in and out. Who are the drivers of the carrier you or your business partner hired? Are they really qualified to enter your premises? Do they have the right diplomas, are they aware of the safety instructions and house rules? Larger warehouses hire security companies who check this at the gate. And in contracts, liability is neatly excluded. Is that adequate, efficient? Or is this just window dressing? How will it be when autonomous trucks arrive at the warehouse?
Pre-registration without authentication plays malicious intent into the hands
Verification, authentication in check
It’s not just about identity verification, but also about authentication and checking on it. Is someone who he says he is and what powers, skills and licenses does he have? In short, what is his ‘digital identity’? Important to know because if, for example, we are going to pre-register digitally without thorough authentication and check, then we are playing into the hands of malicious parties. Think of the tragedies that take place daily with freight exchange systems. Fake haulers with false IDs get hold of loads and then run off. This alone clearly indicates the need for a well-secured uniform logistics ‘digital identity’ system.
100 log ins
How can we realize such a system? The easiest way is to join in to how things are going now. Let’s see if that is possible. Currently, a business internet user has an average of one hundred different login accounts [2]. Managing these is an art in itself. Do you change passwords regularly? And who in your company (still) has access to your systems? You will probably be amazed! Remember that the corresponding account information is ‘fragmented’ into different systems. And what about data quality? Building on existing authentication methods is – euphemistically put – in any case a challenge.
Who in your company (still) have access to your systems?
Via Facebook?
Simplifying login (for example by logging in via Facebook or LinkedIn), as it is possible with many private accounts nowadays, is downright dangerous. In fact, account management then comes into the hands of the social network. Only recently, some fifty million Facebook accounts were hacked [3]. Yet this authentication method continues to grow strongly. The reason for this is simple: convenience for the consumer. While the service provider or institution likes to shift the responsibility to the ‘weakest link’: the consumer. This system is not sustainable in the long term.
eIDAS
Years ago, the Dutch government introduced DigiD and eRecognition – and so each EU country has its own system. Through the European eIDAS regulation, all these national systems provide access to government systems within the EU. Industry can also use these systems, but for the time being this rarely happens. We encounter this sparsely in B2C communication, for example when logging in with an insurance company. In B2B we never see this variant, it is too unknown and too limited for the logistics sector. Because only the verification of the online identity can be organised with DigiD and eRecognition. Things as diplomas and (company) qualifications cannot be linked, so real authentication is not possible. Let alone a (real-time) check on this.
Business can also use DigiD and eRecognition, but rarely does it
Industry protocols and blockchain
In addition to these better-known identity control systems, there are numerous technologically driven solutions. Often very specific in nature. In logistics, for example, we are familiar with the iSHARE agreement system, which is based on a decentralised open standard protocol. This tackles both the issue of verification (who are you?) and authentication (are you authorized?) via one implementation. In addition, there are several blockchain community initiatives, such as Sovrin. These are based on a self-regulating community that can confirm digital identity and reliability. Should we, as an industry, invest in this? That too is not without risk. Because who in the world (except for the Chinese government, perhaps) is big enough to enforce a digital identity? The chance of divestments is very high.
Spaghetti of connections
Then how? In the offline world we accept passports and IDs. Online we work with numerous identity control systems but without a clear choice in logistics it continues to muddle in. It reminds me involuntarily of the start of data exchange (EDI) in the 90s. As a result, all logistics service providers now have a spaghetti of links because no choices were made at the time. In the end, this does not benefit anyone, not even the shipper.
Who takes up the gauntlet? IRU, industry, transporters, the EU?
Call for action
Who takes up the gauntlet? IRU, the industry, IT services in logistics, carriers, shippers, consignees or the EU? It doesn’t matter, as long as we do it. I would therefore like to make an appeal. Let us curb the proliferation, make a clear choice, avoid the expensive bill of divestments and, above all, make sure that it does not block our dream of the Physical Internet.
* First published 17-12-2018 on transfollow.org
