Descartes Stakeholder Access

Inspiration

I am a CBSA Border Agent and need to inspect dangerous cargo upon arrival at YYZ. Inspiration comes from real use cases we have to face today.

What it does

Allows stakeholder without ONE Record Server to access data stored on ONE Record Server without the burden of user account management.

How we built it

Joined effort in the ideation phase from Monday, multiple ideas analyzed and best option voted. UI built for data presentation, JWT token authentication and process workflow definition.

Challenges we ran into

We've been exploring ways how to manage authentication of a user without a user account and how to identify an organization. Achieving multi-factor authentication in this area is very challenging.

Accomplishments that we're proud of

Test data for our solution was created in the EDI world which was connected to our 1R server and used by the UI through an API. Process workflow implementation is feasible and the user interaction from data owner perspective is minimal.

What we learned

Certificates used by mutual TLS cannot authenticate the party on the other side as Identity providers can only validate the certificate itself but not the party presenting it. Encryption mechanisms cannot be easily implemented without effort by both parties. A concept similar to chain of trust but used within an organization seems like a feasible option.

What's next for Descartes Stakeholder Access

Lot of ideas poped up during the process of preparation and building of the solution and this may be a proof of concept of a solution for data access management in ONE Record world during transition period from EDI.