Qué es el aceite de lanolina

The Grongingse Kredietbank (GKB) supports debtors in getting out of their debts by offering services like courses and small loans. Keeping track of all the documents relating to the debtor is often a difficult task for the GKB. It may be possible that certain documents go missing or mistakes in filing are made. In order to create a better overview for the debtor and the GKB, a system is proposed to collect the related documents for the debtor and the GKB and keep the debtor in control of its own data.

6.7.1 Case description

In order to better support its clients in managing their debts, the GKB have started a project together with CGI in which data relating to its clients is managed in a blockchain. A successful proof of concept

6.7. GRONINGSEKREDIETBANK- DEBT RELIEF 45

was created and is being further developed into a production ready system to be used by the GKB. The application that is being developed consists of a dashboard for debtors and GKB employees. Entities that want to collect debt from the debtor can check if the debtor is registered at the GKB and submit their request for payment through a portal. This way a collector of debt does not unnecessarily start a claim against a debtor who is unable to pay.

All information is stored on an Ethereum permissioned blockchain running on nodes owned by the GKB and parties which have a direct connection to the system to upload claims to debtors. Each party with claims is able to upload their claims to the system which then stores it in a separate cloud with the hash in the blockchain. Only the debtor, the GKB and the debt collector are able to access the documents.

6.7.2 Risk analysis based on preliminary model

Based on the preliminary model a number of risks were identified within the project. The first one is the choice to run a system on the blockchain. Upon an analysis the conclusion can be drawn that the blockchain may not be the most efficient back end for the system. Due to all of the centralization tendencies of the system, a traditional database may also be used to create a system with similar functionalities.

Currently the system is limited to the municipality of Groningen. The full benefits of the system can only be established when more municipalities and debt collectors are involved in the system. Since the system requires a custom connection to existing systems, it may be difficult to involve more parties in the system because of the extra processes involved and relatively high startup costs.

The performance of the system is currently not a bottleneck since there is no large scale deploye- ment of the system yet. Due to some of the restrictions of the Ethereum blockchain adding data to the system may take up to 15 seconds per record. When scaling up the system this may become an issue.

The development of the system started with a proof of concept formed out of a simple project from a Hackaton. Some of the choices made early in the project create limitations for the current state of the project. These decisions made earlier in the project are not being revised because of costs reasons. This may create a system with legacy code which does not function properly.

6.7.3 Model fit

During the last use case evaluation some earlier identified shortcomings of the model were further confirmed. In this use case there is no IoT involved and there is no plan for there to be. The gov- ernance structure of the application is not fully set up yet but it will likely consist of a centralized structure. There is currently no risk which solely focuses on the risks relating to a centralized gov- ernance structure of a decentralized application. A truly decentralized application should also be governed using a decentralized governance structure. The risks relating to a centralized governance structure should be better emphasized in the model.

Overall the model fit well with the use case. Many of the risks which were identified in the model were also identified in the use case. Not all risks were handled and many were only partly handled. This also calls for a more staged approach for the model. The risk relating to GDPR compliance shows this well: while there has been a big focus on making the application GDPR compliant and they believe they have, there has not been a ruling yet which makes it clear how the regulation will be applied to blockchain application.

46 CHAPTER6. CASESTUDIES VERIFYINGRISKS

6.8 Conclusion

The preliminary model was able to identify a large number of risks relevant for the use cases. A limitation of the current form of the model is that the level of the risk cannot be consistently identified. While in one use case an effort may be made to reduce the impact of a risk, it will rate the same as an application where no effort is made to reduce the impact. In order to compare these cases, a model which include pre-defined levels will be more beneficial.

Between the different case studies we have also identified a number of areas where the model may not fit well with the analyzed use cases. Elements like IoT fit of a DLT protocol and external connections are not relevant for use cases where these elements are not included in the application design. While for some use cases these elements may become relevant in a future state of the application, for others they will stay irrelevant.

When applying the risks from the different risk areas we found that a number of sub-risk areas were either overlapping or did not fit well with the use cases. These areas are programmer expertise and skill, code ownership, external data sources and DLT platform partners. The risks from these areas have been moved to other sub-risk areas. The ‘programmer expertise and skill’ sub risk area overlaps with the ‘code quality risk area’, as the risks of programmer expertise is often poor code quality. ‘Code ownership’ overlaps with ‘legal liability’ due to the agreements formed with code own- ership. The ‘external data sources’ sub risk area has been combined with the ‘integration with existing systems’ sub risk area since we decided to limit our scope only to the security of the DLT and not all the external systems connected to it. The ‘DLT platform partners’ sub risk area can be combined with the ‘DLT platform choice’ risk area. Since within the choice of a DLT platform, the functionality of the platform should be investigated but also the partnership risks of using the platform.

The model may not be as useful to analyze developing proof of concept applications. These applications have a lot of risks associated with them but they merely exist to show the possibility of a concept for an application. Many design choices are made based on ease of development and while these design choices may form additional risks, this may not be relevant since the proof of concept will not be further developed. When a choice is made to further develop the application into a production system, the risks become relevant.

Based on the findings from the use cases it can be concluded that the current model is not a good fit for all applications. The model needs to be further generalized, or a restriction should be made as to what applications can be measured using the model.

Chapter 7

Forming the maturity model

The risks that have been identified through the Delphi study and tested with the case studies are translated into a number of level descriptions in order to create a maturity model which can be applied to specific DLT use cases.

7.1 Focus of the model

Based on the findings during the case study the focus of the maturity model has been narrowed. As further explained in the previous chapter, the risks did not properly match with the varying use cases. This was mainly due to the varying methods of using DLT and the different business environments DLT can be used in. In order to create a model which can better identify risks for a DLT application, a number of criteria for the use case are identified. A DLT use case which adheres to these criteria can be properly analyzed using the maturity model.

The case studies have shown that the risks fit a number of use cases better than others. We have decided to create the criteria for the model based on the best fitting use cases and generalize from these cases. The criteria of the model are based on the case study of the project from MotionWerk regarding a smart charging system. This use case has been chosen because the application shows a clear maturation path through it’s different iterations of the system and a possibility to connect IoT devices directly to the chain. The criteria for DLT applications are the following:

• IoT devices should be used currently or in the near future within the DLT application. • DLT application is benefited by higher transaction speeds.

• DLT application is created by a business and used for B2B or B2C interactions.