 Thank you for sticking around until the last session of the conference. I can imagine you're already quite exhausted after so many sessions. So, we are going to present on deploying and hosting EPC nodes based on Hyperledger Bezu. So, first, a short introduction. I'm Shane De Kooling, I'm Web3 Lead at Holwest University of Applied Sciences in Bruges, Belgium. And I'm here together with my colleague Robbie Hooting, who is an Infrastructure and Web3 Engineer. I will Robbie later when he presents, let him more introduce himself. This short intro where we're from. So, at our university, we have 26 bachelor programs, 12 associate degrees and many postgraduate certificates, all with a strong practical focus. And next to that, we also have research and innovation labs with a clear focus on applied research. Yes, we have great research teams. And what we have at the core of our applied research is the quadruple helix. So, this means that we combine the academic, the government, the industry and the citizens. We really believe to have powerful applied research that you need to do it together. Web3, it's a broad word with many definitions. For us, it's quite a simple one. We say we address the power imbalances and limitations that are inherent to Web2 technologies. We focus mainly on distributed ledger technologies, decentralized storage solutions and decentralized identity and ownership. And we are really open-minded towards all technologies. At the bottom, you see some icons of technologies we have been using so far, but it's not limited to this. What we are offering regarding Web3 is we offer education through our bachelor program, applied computer science. We organize master classes, which are online in English and can be flexibly followed. And we are also working out some postgraduate degrees. We do applied research. These can be multi-year consortium projects where we bring together organizations and build proof of concepts with them. Or we can do test before invest. So a lot of enterprises before they can really make big investments regarding new technologies. We can enable a way for them to gain experience and to find funding. Next to this, we also provide services, consulting and workshops. And we organize events. Last Thursday, we had a hyperledger meetup in Brut on the topic of Web3 evolved and European shift to decentralized technologies. And we are also proud that every year we organize a decentralized autonomous hackathon, which is a hackathon that is run completely on a smart contract, including the voting and awarding the price. But actually, I'm here to talk mainly about our work with EPSI. EPSI is the European Blockchain Service Infrastructure. We have done two early adopter projects with them. We are also issuing digital student cards through EPSI in collaboration with KBC Bank in Belgium, where actually the student card is issued as a verifiable credential. And then also together with BelNet, and BelNet is a Belgian hosting organization, we are hosting an EPSI note for Belgium. But this will be completed more soon. So what is the challenge that EPSI currently with SSI is trying to solve? It is that verification matters. So here you can see in 2020, 9% of EU consumers were tricked into buying a fake product. 1 in 3 EU consumers was doubting if there was a real product or possibly a fake product. And 6% of EU imports are attributed to counterfeit and pirated goods. In another area in education, the hiring managers, 60% of hiring managers, reported catching fabrications on job applicants resumes. So if you see, if you need to replace an employee, it can cost between $3,500 and $40,000. I'm not that fast in converting it to yen, but it's a lot of money. So how do you combat fake? Well, then you verify. We have an example. So my colleague Robbie, he studied applied computer science, or that's at least what he claims to have studied. Is it true or is it false? Here we see two axes. We see the time it takes and how much we can trust it. The easiest thing would be if I go to LinkedIn and I see at the bottom of his profile page that indeed Robbie said that he studied applied computer science at Hoest. But it's easy to do. I can type whatever I can. The next thing is I can ask Robbie to send me a scan of his degree. What some do in a degree is they put a hard stamp so you see something. So I have heard stories that they ask, can you please with a pencil? Write on it so we can see the stamp in the PDF, but still it's not great. Third one, I could ask Robbie, can you show me your paper diploma? But you see it's already taking more time and it's cumbersome to get that paper version. Or I could contact Hoest directly, the university where he studied and ask, is it true? But that might take a long time. Maybe I never get an answer. But also it carries the risk that for the privacy of Robbie, maybe Robbie wants to be recruited with a competitor of the university he studied. So how can we solve this? With Web3, so with technologies as digital wallets, verifiable credentials and blockchain, we can actually make it happen fast and with a lot of trust. So here I will explain how this works. So in this system you have issuers, holders and verifiers. And this is a typical diagram of a self-sovereign identity. So the issuer in this case would be the university. They issue a verifiable credential that actually claims that Robbie graduated and applied computer science at Hoest. Robbie would store this in his digital wallet. So that is not on the blockchain, that would be in his wallet. And then Robbie, when he wants to present it to the company or the organization where he wants to prove it, he can make a presentation. Now in a typical scenario, if you don't have this decentralized network, the verifier would have to check straight to the issuer, is it true? That is what happens if you log in to a website with Google, then the verifier redirects you to Google. You log into Google and then Google will say it's okay to the verifier, but that makes privacy. Then every time Google knows where you are browsing. With this model, the verifier does not have to go to the issuer. And that is because at the bottom you can see EPC, the European blockchain, where what is on the EPC blockchain? You have the public keys of the issuers. You have a register of the issuers, so West as university. West as university is on there in that list, recognized as university by our Ministry of Education. And in case Robbie would have cheated what he would never do, then also there's a mechanism to revoke to see if a credential is revoked. So because the issuer, West, signed the credential and that signature is in that verifiable credential, the verifier can easily check it by asking the public key of West through the letter and they can verify if it's true. What I just demonstrated for a diploma, it can be applied to many scenarios. You can issue claims about almost anything. So what is the vision of EPC? So you can see that in the European Union we have quite a specific political situation. We have lots of member states in the European Union. And actually in the European Union there's the European Blockchain Partnership. Lots of member states and also Norway and Liechtenstein are part of it. And so all of them are running a note each in their member state. And then through that blockchain and through the services built upon it, there are transparent services that everyone can use. It's also contributing to data spaces which is something in Europe, a name we use to, we don't want one giant data monopoly. We provide that there's more spaces where data resides as sovereign as possible and also that it's in line with our regulations such as the GDPR for the privacy, etc. You can use it in almost every sector. You can use it in education, tax, mobility, social security, health. And through the further innovations on EPC, it will also be possible for product and materials traceability, copyright, anti-contrafitting, e-receipts, etc. There are already a lot of pilots being done. So currently already more than 350 organizations from both private and public sector have used it from more than 30 countries. And you can see actually all universities are also part of the early adopters program involved in two cases. So what kind of use cases are they now empowering? There are formal pilots between Greece and Switzerland regarding formal accreditation so that if you want to have higher education in another country from Greece to Switzerland that it can be recognized automatically your diploma. The second one is my academic ID. That's the card you get when you're a student somewhere that this can be more recognized in many countries. University alliances. We have alliances of universities that if you're in another university part of the same alliance that you can also access some facilities that is being piloted regarding vocational education. There's also pilot happening. Public services in Spain also have a use case where between the regional and the national administration that it's more easy because maybe you also already experienced it can be confusing as a citizen if you have to bring documents and they don't yet sometimes even need a double. European intellectual property organization has together with the logistics sector a use case regarding product intensity. Europas actually works on student wallets that actually makes it easier for students across Europe and then also regarding social security in Italy and through ESS pass. These are only some there all the time there are more coming. The reason why they are doing these use cases is that they really want to also test and grow the model step by step every use case you add you learn more and you see okay maybe you need this or this option. This is quite different from the permissionless public web tree world where a lot is built and they fix it after here they it's through the government is the other way around. It's step by step and to bring something that might be a commodity. Okay. And then the last part of me before I bring it to my colleague. So technically we have been coming actually from the use now to the technical what is underlying. So what is underlying is that there's verifiable credential exchange framework profile that there are trust models both to trust issuers but also can you trust the verifier because in some cases as Robbie will explain might be important. How actually does revocation work which options we have then which wallets there are and then also trusted registries of organizations. So. All right. Thank you Shane. I'm Robbie who think I'm also from the West University and infrastructure member tree engineer and I will go a little bit more into technical detail. I know this is the clicker or the other one. All right. Okay. So what is EPSI today EPSI today is a user centric decentralized and reusable in many contexts. What they actually provide are the bottom two layers the EPSI ledger and apis as well as the EPSI verifiable credentials that are built on top of the ledger. These things are built with Bezu. So they're built with open source software from the hyper ledger foundation and we invite the open source community to help build applications that connect to these apis and build use cases that continue the work of EPSI. As Shane already mentioned we have a couple of trusted lists that are implemented by the decentralized network because our philosophy EPSI is a project about decentralization. You want to deliver added value to our users for that reason. EPSI supported decentralized network and as far as we've experimented with this distributed ledger technologies are the best option in this market. We want to limit the use of blockchain as much as possible and only apply it to where it is needed and where it makes sense basically. One key aspect of our philosophy is that we do not put user data on the blockchain because that creates conflict with GDPR etc. As already mentioned EPSI network is providing HPA apis. These connected to a couple of smart contracts that are deployed on the blockchain on the EPSI ledger. In this sense actors do not have to speak blockchain. They only have to connect to a couple of apis for which the specifications are publicly available and therefore they don't need to know the nuts and bolts of a blockchain for this. Our philosophy is to facilitate the adoption and ensure an easy integration. As already mentioned there are a lot of open apis that you can connect to. You can find them if you look up epsi.eu. There you can get a description for all the apis endpoints that are available and how you can get more information on there. There's a detailed website to facilitate the adoption of this for IT providers. But you may ask why ledgers? Why don't we just trust the current system that we have? The short answer is no we can just trust that but we want more. The current system is a distributed static XML file in which each XML file references another. Business requirements drive the current state to add more synchronization, replication, traceability and accountability. If we add all of these attributes to an existing XML file then we actually come closer and closer to a distributed ledger technology or DLT such as EPSI provides. The default static XML file it provides a level of integrity, authenticity and proof of existence whereas a distributed database will add distribution and replication because you have many databases dropped around many places and you add a level of resilience to the network and you increase the performance. But if you want to go a step further and add accountability to see who changed what and when if you want to have a chronological set of actions and data records, access management, etc. So the information cannot be deleted but only appended and create an integrity or tamper proof mechanism then you arrive to a distributed ledger. This ensures that we can have a decentralized truth. A decentralized truth means that we have a collective truth where new information is agreed upon by all parties in the network through a consensus mechanism. Now when people hear blockchain they often think about Bitcoin and the power consumption with the proof of work mechanism in EPSI we rely on proof of authority which is a whole other story in itself. I will not go into depth on that but it means that we don't have the power consumption that a legacy blockchain has. There are no rewrites and all transactions are added in order. This means that all data is chronologically readable and due to innate cryptographic properties that cannot be changed without leaving a trace. And even if one actor goes rogue in the blockchain network then all other nodes can still agree on what is the truth because that one bad actor will not change the entire blockchain without convincing all other nodes in the network to also include those bad changes. This brings us to a trusted list of distributed PKI, public key infrastructure model based on the ledger. In EPSI we talk about TAUS, these are trusted accreditation organizations. They actually sign the DID or decentralized identifier of a trusted issuer. The trusted issuer has its DID, its public-facing address, if you will, not to be confused with the public key and private key. The schema shows you that you can roll your public and private keys to invalidate old ones and minimizing the impact if a private key is compromised, let's say. They are always linked with a timestamp because as I already mentioned the DLT provides an append-only mechanism. The DID document that describes an organization will append more and more public keys as time goes on. This is what we call key rolling. So the information cannot be removed or modified, it can only be appended and ensures a chronological sequence of events due to the ledger's immutability property. I think I already mentioned that. I don't know why I jumped back so many pages. I'm going to talk a little bit more about the onboarding process because EPSI, I don't know if Shane already mentioned it, it's a public permissioned blockchain and the permissioned element comes from the onboarding process, how to run a node. Now I know this may not be very suitable in the context of Japan or APAC in of itself, but we still wanted to include this because it might provide you an insight on how maybe you could also set up a similar system and it comprises of five basic steps. The first one is you want to get an endorsement from EDP representative. An EPSI blockchain program representative is someone who represents your country on the European or EPSI council, so to speak. And if you want to run a node in pre-prod or production, you need to supply an ISO 27K certification or something similar in your local state. If it is present, your representative will verify and endorse it. If you cannot obtain a certificate before deploying a node, the EPSI itself is still flexible. You can proceed with the node installation, but you have to wait to connect to the network. Then you have to get your certification, it endorsed, and then connect to the network. Once you have that endorsement and verification, you can create a ticket request to set up a new node. You have to fill out the form, ensure you upload the endorsement and all of its attachments. If you didn't already, you'll be asked to sign the relevant legal package because there is also an SLA included on hosting a node. So not everyone is just able to host a node. Once you get everything approved, you will get an image which can be KVM or QMU or any hypervisor type of image that you can run on the cloud or on premise. There has to be one dedicated machine per environment. We have the pilot environment, the pre-production, and the production environment. Anyone is free to run the pilot environment and participate in that. There are, of course, a couple of requirements for this virtual machine being in production, 8 CPUs, 64 gigabytes of RAM, about 600 gigabytes of disk space, and just a short of half for pre-production. In order to maintain a healthy network of the blockchain, it is crucial to actually have a couple of requirements. You have to have one IPv4 public address per environment, again pilot, pre-production, and production. And you have to have direct or unrestricted access to the internet. So outgoing traffic cannot be hindered. There are a couple of in-mound rows, so other nodes can talk to your node, of course. Another big requirement is a web application firewall. Now, EPC does not want to specify which application firewall you want to use. I recommend using an open source one, because this is the Linux Foundation, and we love open source. But the point of this is to prevent attacks. Well, you cannot prevent attacks, but you can protect against attacks, such as DDoSs against your node or network nodes. As I already mentioned, they provide in a couple of formats KVM, VHD, VMDK, or VMware compatible images. You can just download it, mount it on to your operating, your hypervisor, and then log in with a default username or password, which you will be forced to change. After this, you have to configure it with a couple of parameters, such as your DID that you registered, etc. And as far as the API is running on a node, we require that there is an SSL certificate and DNS records to be configured. You can use Let's Encrypt, again, Setbot, and Let's Encrypt. They provide very well software for most web servers that you put on the front. And once the installation has been completed, it will be verified by the support office who are running a number of verification steps. Like, have the minimum specifications been met, is the connectivity to the other nodes okay, and are the containers within the instance installed and behaving as expected. After all that is said and done, you will be whitelisted. The node will be added to the whitelist and the FC support office will add it, meaning that your nodes will connect to the network and start communicating. This communication consists of synchronizing the blockchain in which you get the full history of all the blockchain so far. Once it's fully synchronized, it will become active on a network and you can start using it as a node operator. Last but not least, you have to monitor your node because, as I already mentioned, there's a legal package you have to sign, like an SLA, you have to keep a certain uptime and you have to have 24-7 support included with that. So that even during the night or during the weekend, if your node goes down, you have to be able to get it back up and running within a certain time frame. It's good practice to use other open source Grafana dashboards that will be included in the package. Now, what is actually running under the hood? As I already mentioned on the slide, you have the ledger and APIs that are running under the hood of EPSI. On the ledger there are a couple of EPSI verifiable credential profiles. These are based on W3C credentials. Their standards are also open source and we try to be as compatible with them as possible. On top of that is where the users, the organizations, the private and the public sector, they come in and they start building their applications and use cases on top of it. Now, inside the network you have a couple of options, like you can actually configure it as much as you want. You can run a couple of nodes within one organization, set up a load balancer in front of that. You can combine with other organizations and share a load balancer. Or there's actually even a public load balancer for the nodes that it's provided by EPSI support office. Inside the network, as you can see, the data center where you deploy the VM, the EPSI image, it already has a firewall table inside of it with the containers running in Docker. This is the Bezu container, the API container, they're all inside. All you have to do is actually just set up a firewall, the web application firewall, as well as a network firewall before it can connect to the other EPSI compliant apps and wallets. In the network diagram we can actually see that there's a... where each component within the EPSI image is working together. Like, I will not go into detail of each of them, but basically these are the internal workings of EPSI node. Now, I've actually come to the end of our presentation and I am wondering if you have any questions for us. Make it a good one, I say. Please, again, please teach me how to validate. And who is the validator? Who is the validator? Well, in EPSI currently we're becoming one of the node validators. Do you mean a verifier or a node validator? A node validator is someone like our public college. We are a node validator for the member state of Belgium. There can be many. It can be a public institution like ourselves as a college or it can be a private organization as well. Anyone can become a validator, but they have to go through the process of the onboarding. The five steps that I explained, these are the steps that you have to take to become a validator node. However, if you want to be a verifier, this can be anyone. Let's say that I made the claim that I studied computer sciences at Hoest. If I want to go to a job offer and that company wants to verify that I have studied applied sciences, then they can verify it even without being on the blockchain itself. They don't have to run a node, they can just trust the credential that I present them through cryptography in of itself. Very important in that is that all the wallet that you have to use has to be EPSI compliant. There are many companies that provide wallet software, but the wallet software has to be EPSI compliant to receive EPSI credentials on it. For example, Bitcoin, Proof of Work, Winner of Calculation, this mechanism. You want to know more about the proof of authority mechanism. The proof of authority mechanism is a consensus mechanism that actually uses... That's why we go through the entire process of the onboarding. Not anyone is allowed to run a node. Anyone who complies with the process and is tested and validated by the network, they become a node operator. These nodes, they can create new blocks in the blockchain. I don't know the internal mechanism. I think it's going to be a round robin, depending on their availability. Each block, each operator sometimes has to add a block and then propagate it through the network. There is no mining, there is no coin added to it, so there's no cryptocurrency involved in this process. No robin token? No, there's no token. It's not a cryptocurrency network. It's a distributed ledger technology. It's actually an advanced form of a distributed database where you have more accountability and append-only systems in place. That's the aspect of a permissioned network, if you will. There's a randomized process. If four of people in the room are a node validator, then I will pick blindly one of four who are going to add the next block. Random or round robin, it depends. It can be different kind of mechanisms. But because we have this onboarding process, anyone who is a node operator, we know we can trust because we have verified it before. Or we have validated it before, to not confuse the terms. If we spot that someone does want to become a bad actor within the network, then that node will be disconnected and will be no longer whitelisted. I would say they have a blacklist, but I'm not sure about that. You're very welcome. Yes, please. I have three questions. One thing is the Kohaming education. Now you said making a whitelist is an actual validation for your system. Yeah, they actually validate. If I go back a couple of slides. Okay, so this is the node whitelisting. So the second point or the first point, well, the EPC support office, they will go through a checklist. They will see if you notice up and running, first of all, if you have a fixed IP address, if you meet all the requirements. And even before you can get started, you have to be ISO 27K compliant and sign the legal package. So these are a couple of items that you need to meet before you can become a node operator. So this, you cannot even join the network, become an operator without matching all these criteria. Thank you so much. And then the second question is, so why do you choose hyper-legia base, not using public? What is the difference point? Well, I'm not internal of EPC, so I don't know why exactly this choice has been made. But if I would have to make a guess, and it's a guess, is that there are many frameworks existing like Open Zeppelin. I don't know if you're familiar with that. That's where they host many Solidity projects or standards or contracts where you can base yourself off. Like ERC 20 token, ERC 1155 tokens, they are well tested by the community. They are well known. And Bezu is an EVM compatible machine, and Fabric is not. So you would have to either rebuild all of that, which already exists in Fabric, or you can just use what's already available also. But here Shane also has a comment on this. Yeah, so actually EPC started in 2018, and back then there was not even hyper-legia Bezu. So in the start they used hyper-legia Fabric. So, but now what we see also what we hear and see in the hyper-legia foundation ecosystem. In a lot of use cases, Bezu is chosen because in the public permissionless blockchain world, there's already a lot of experimentation happening. And so there's a lot of things you can try to copy within a different governance model. So if next to SSI maybe they want to facilitate security tokens or whatever in the future, it's more easy to implement because you have this ERC standard system. So yeah, we are not internal. We say a lot we, that's because we are using their slides. But we are very good friends and next time I see them I will ask and I will let you know. Yeah, if you want you can always reach out and drop us the question on LinkedIn or via email. We're always happy to answer later. Sure, thank you so much.