The document describes the first reference implementation of the user interface for the PharmaLedger Governance tool. The UI is organized around two main dashboards - a Voting dashboard and a Deployment Automation dashboard. The Voting dashboard allows users to view existing voting sessions, initiate new sessions of different types, and view results. The Deployment Automation dashboard provides functions for technical management of blockchain networks, including their initiation, deployment, monitoring and removal. The Governance tool is implemented as a self-sovereign application using decentralized identifiers for security and authentication.
3. PharmaLedger – 853992 | Deliverable D3.12 V5.0 | PUBLIC 3/21
DOCUMENT INFO
Authors
Authors Organization
Zeev Pritzker (editor) AVO
Sinica Alboaie RMS
Marco Cuomo NVS
Bogdan Mastahac RMS
Ana Balan RMS
Contributors Organization
Catalin Paraschiv Paius RMS
Rafael Mastaleru RMS
Noa Arazi AVO
Document History
Date Version Editor Change Status
01/11/2021 0.1
Zeev Pritzker
Sinica Alboaie
Marco Cuomo
Bogdan Mastahac
Ana Balan
Table of contents and continuous
input in sections
Draft
10/11/2021 1.0 Bogdan Mastahac Added new inputs Draft
16/11/2021 2.0
Zeev Pritzker
Noa Arazi
Added content and reviewed the
document
Draft
18/11/2021 3.0
Sinica Alboaie
Marco Cuomo
Ana Balan
Review, editing and formatting Draft
18/11/2021 4.0 Zeev Pritzker Final review Final
17/12/2021 5.0
María Eugenia
Beltrán, Cecilia
Vera (UPM)
Final review and submission Final
Disclaimer: Any information on this deliverable solely reflects the author’s view and neither IMI nor the European
Union or EFPIA are responsible for any use that may be made of the information contained herein.
5. PharmaLedger – 853992 | Deliverable D3.12 V5.0 | PUBLIC 5/21
Executive summary
The PharmaLedger governance framework includes both off-chain and on-chain governance functions. This
document reports on the design and first implementation of the user interface (UI) of the PharmaLedger
Governance tool that implements the part of the PharmaLedger on-chain governance using automated or
semi-automated procedures.
The Governance tool will be typically implemented in a PharmaLedger blockchain network (that may be a
leaf blockchain of the PharmaLedger framework) that is built for a specific business use case, where every
blockchain node is run by a different network member. The tool supports voting by the members of the
network and automation of technical management of the blockchain network, including its deployment.
The Governance tool is implemented as a self-sovereign application running in an execution context
provided by the user wallet, using DSUs which provide self-sovereign security, authorization, and
authentication. Users may include system administrators, IT teams of members of the PharmaLedger
network and PharmaLedger application developers.
The first working reference implementation of the Governance UI reported in this document is based on
two main dashboards – Voting and Deployment Automation. The former provides a variety of on-chain
voting functions, some of which may trigger an automated implementation by a smart contract; the latter
provides the ability to perform an automated initiation, deployment, monitoring and removal of blockchain
networks that serve the PharmaLedger use cases.
6. PharmaLedger – 853992 | Deliverable D3.12 V5.0 | PUBLIC 6/21
1. Introduction
The PharmaLedger governance framework includes both off-chain and on-chain governance functions. This
document reports on the design and first implementation of the user interface (UI) of the PharmaLedger
Governance tool that implements the part of the PharmaLedger on-chain governance using automated or
semi-automated procedures. Off-chain governance is out of scope of this document and is described in
deliverable D4.21
.
The requirements for the Governance application, including its UI, were specified in deliverable D4.32
based
on the governance research work performed in WP4. The terms “Governance tool” and “Governance
applications are used interchangeably in this document.
The Governance tool will be typically implemented in a PharmaLedger leaf blockchain network that is built
for a specific business use case, where every blockchain node is run by a different network member. The
tool supports the following functions:
• Voting by the members of the network
• Automation of technical management of the blockchain network, including its deployment
At the time of release of this document, the Governance tool was implemented only in the PharmaLedger
ePI use case. Therefore, much of the description of the architecture and the implementation refers to a
specific implementation for this use case. Extension to other PharmaLedger use cases is expected to be
straightforward.
2. Governance tool architecture
2.1 Overview
As shown in Figure 1, the Governance SSApp is executed in a wallet on the client side. The wallet is
responsible for loading the Governance tool DSU using the user access key. The DSU will produce an
AnchorID which is a zero access KeySSI for the application. The key itself will not give access to any resource
but will only declare that something exists. Using the AnchorID and information from the security context
1
D4.2: Recommendation report for PharmaLedger governance, PharmaLedger Consortium
2
D4.3: Governance application requirements, PharmaLedger Consortium
Figure 1 Governance tool architecture (ePI use case)
7. PharmaLedger – 853992 | Deliverable D3.12 V5.0 | PUBLIC 7/21
of the user, the wallet will access the Pharma Ledger Blockchain Network, gather the HashLinks for bricks
from it, request from Brick Storage encrypted bricks using the HashLinks, and reconstruct the DSU from
the bricks. This process is executed for any DSU manipulated by the Governance SSApp and will prove
ensure that the data that we own will remain private, while enabling sharing parts of it with partners.
The main responsibilities of the Governance tool are Voting and Deployment of blockchain networks. In
both cases we will use a DSU to store information, such as the configuration of a blockchain network or the
details of a voting session, whether we have we voted or not etc.
When the user wants to share information, such as that a Voting Session has started or access details for a
smart contract, without the recipient being able to change them, a read-only access key will be shared with
the recipient of the shared data.
In the case of a Deployment scenario in which the user wishes to monitor, deploy and manage blockchain
networks, an external Jenkins Server will be used, deployed in a Kubernetes cluster. The Jenkins Server
uses pipelines with source code stored in private or public repositories. Partners can change the pipeline
source code to meet their needs using a standard naming convention. This makes implementation of any
deployment scenario possible and supports different deployment scenarios, giving the blockchain network
partners a full control over the deployment code, including what every pipeline will execute. In case of a
need for modification or a new privacy requirement, they can use their own private source code
repositories and even their own private registry, to store their docker images.
2.2 Security, authentication and authorization
The Governance tool is implemented as a Self-Sovereign Application (SSApp) which by definition is not tied
to any server or any other kind of external centralized hardware or software resource.
The execution context of the application is provided by the hosting wallet, which will take care of gathering
encrypted blocks of data from the Brick Storage and using the encryption keys provided by the user to
reconstruct the DSU. The DSU resulting from this process is executed in the secure context of the wallet,
ensuring security and immutability of the executed application. All the operations are executed on the
client side with the help of a DSU which will also handle all operations with external encrypted resources.
All the operations executed by the Governance SSApp will produce, use or update data stored in the DSU.
Using the DSU for storage will enforce the privacy of the data, as only the user under which the SSApp runs
can read or write the data. To share data, a DSU with read only access keys is used, with recipient of the
access key being able to read the information stored in the DSU bit not to change it. Only the owner of the
DSU that holds its KeySSI will be able to change its contents. All the DSUs are stored in an encrypted form
in Brick Storages, thus preventing even successful attackers of the storage server from reading them. Since
every DSU has its own access keys, granularity of access to specific data records is ensured.
To run an SSApp in the context of a wallet, the user will need to provide the wallet’s access key. Users will
have different SSApps in their wallets, depending on the use case. This approach combines authentication,
authorization and security in a single platform.
3. Governance tool UI
The following sections describe the reference implementation of the PharmaLedger Governance tool and
its UI, as implemented in the PharmaLedger ePI use case. User story, stakeholders and a plan for final
version in M36 of the project are provided for each UI page.
3.1 Main navigation page
The main navigation page of the UI is shown in Figure 2. It allows navigating the main functionalities of the
Governance tool:
● Governance dashboard
● Organizations dashboard
8. PharmaLedger – 853992 | Deliverable D3.12 V5.0 | PUBLIC 8/21
● Tools for monitoring the underlying systems
User story As a system administrator of a pharma company or as PharmaLedger
developer I can create wallets that give me access to the governance
dashboard, organization management and other governance related tools.
Stakeholders PharmaLedger business network members, IT teams, application developers
Plan for M36 A refined version will be available for testing by industry participants.
3.2 Blockchain network governance
3.2.1 Voting dashboard
As shown in Figure 3, the Voting dashboard presents a list of voting sessions with the following information:
● Vote: the voting proposal that was initiated in a voting session
● Type: type of voting for that voting session
● Due date by which the votes must be submitted
● Current user status for the voting session. The status will reflect the current date, due date and
whether the user has voted.
● Overall status of the voting session, such as whether it is in progress or concluded
● Options for the voting session. For example, for a concluded voting session, a link will be provided
for viewing the voting session results.
Figure 2 Main navigation page of the Governance tool
9. PharmaLedger – 853992 | Deliverable D3.12 V5.0 | PUBLIC 9/21
User story As a system administrator of a pharma company, I have access to the Voting
Dashboard which allows me to access current and old voting sessions. The
Voting Dashboard allows me to initiate a new voting session, vote or view the
results of a concluded voting session.
Stakeholders PharmaLedger business network members, IT teams, application developers
Plan for M36 A refined version will be available for testing by industry participants.
3.2.2 New Voting Session dialog
Voting sessions differ in the type of vote. This is reflected in the voting page structure and behavior.
Currently the following types of voting are supported:
● Consultation / Opinion Poll: check the members;’ opinions on general questions
● Generic Proposal: vote on a free text proposal
● Fixed - Structure Proposal: vote on a proposal with a predefine structure, with automated actions
performed in some cases as a result of the vote
● Next: action to navigate to a vote specific type dialog in order to create the voting session
Figure 3 Voting dashboard
10. PharmaLedger – 853992 | Deliverable D3.12 V5.0 | PUBLIC 10/21
User story As system administrator of a pharma company, I want to initiate a new voting
session and I should be able to determine what type of vote I want to create,
such as Consultation/Opinion Poll, Generic Proposal or Fixed-Structure
Proposal.
Stakeholders PharmaLedger business network members, IT teams, application developers
Plan for M36 A refined version will be available for testing by industry participants.
3.2.3 New Voting Session - Consultation dialog
The Voting Session of Consultation type asks the users to answer a specific question, and has the following
fields:
● Question: the voting proposal to which the voters can provide theirs votes
● Possible responses: a list of possible answers, with the options to define new ones if it’s needed
● Deadline: the date when the voting concludes and results can be viewed
● Response type: the type of answer that it’s required, being unique or not
● Finish and Publish button
Figure 4 New Voting Session dialog
11. PharmaLedger – 853992 | Deliverable D3.12 V5.0 | PUBLIC 11/21
User story As system administrator representing a pharma company, I want to initiate a
new voting session of Consultation type and should allow me to propose the
question, the dead line, the type of allowed answers and if the voter can
choose one or more options when performing the vote.
Stakeholders PharmaLedger business network members, IT teams, application developers
Plan for M36 A refined version will be available for testing by industry participants.
3.2.4 New Voting Session - Generic dialog
A generic voting session page has the following fields:
● Question on which the voters are requested to vote
● Possible responses: a list of predefined answers (Yes, no, Abstain), with the option to define new
ones if needed
● Deadline for conclusion of the vote
● Response type: the type of answer that it’s required, unique or not
● Finish and Publish button
Figure 5 New Voting Session - Consultation dialog
12. PharmaLedger – 853992 | Deliverable D3.12 V5.0 | PUBLIC 12/21
User story As system administrator of a pharma company, I want to initiate a new voting
session of Generic type.
Stakeholders PharmaLedger business network members, IT teams, application developers
Plan for M36 A refined version will be available for testing by industry participants.
3.2.5 New Voting Session - Fixed Structure dialog
The Voting Session of the Generic type has the following fields:
● Question on which the voters are requested to vote
● Possible responses: a list of predefined answers (Yes, no, Abstain)
● Deadline for conclusion of the vote
● Type of voting action which will performed based on the voting results
● Partner DID: the voter’s decentralized identifier
● Upload candidate documentation: documentation to be presented to voters before the vote
● Response type: the type of answer that it’s required, unique or not
● Finish and Publish button
Figure 6 New Voting Session - Generic dialog
13. PharmaLedger – 853992 | Deliverable D3.12 V5.0 | PUBLIC 13/21
User story As a system administrator of a pharma company, I want to initiate a new voting
session of Generic type
Stakeholders PharmaLedger business network members, IT teams, application developers
Plan for M36 A refined version will be available for testing by industry participants.
3.2.6 Perform Vote dialog
The Perform Vote dialog is available for a voting session in progress and allows the voter to vote and
document their vote. Based on the type of answers, the voter will see either radio buttons (in case of a
unique answer) or checkboxes (in case of multiple answers). The dialog has the following features:
● Question to vote on
● The date by which the voters can see the final results of the current voting session
● The type of action that will be executed when the voting session concludes
● Documents associated with the current voting session
● Possible answers using either checkbox or radio buttons, based on the type of answer (multiple or
unique)
● Vote and sign button
Figure 7 New Voting Session - Fixed Structure dialog
14. PharmaLedger – 853992 | Deliverable D3.12 V5.0 | PUBLIC 14/21
User story As a system administrator of a pharma company, I want to participate in the
voting sessions and before I present my vote, I need to know what the
question is, when the voting will be concluded, the type of voting action and
the documentation associated with the voting session. I want to be able to
provide a single or multiple answers to the question.
Stakeholders PharmaLedger business network members, IT teams, application developers
Plan for M36 A refined version will be available for testing by industry participants.
3.2.7 Voting Results dialog
The Voting Results dialog should provide a clear view of the concluded voting session, the context of the
voting and the possibility to perform the action associated with the voting. The dialog will have the
following features:
● The question that has been voted on
● The type of concluded vote
● The date when the vote concluded
● The type of action that will be performed based on the result of the voting
● A diagram showing distribution of the results
● The Smart Contract action that will be performed as a result of the vote
Figure 8 Perform Vote dialog
15. PharmaLedger – 853992 | Deliverable D3.12 V5.0 | PUBLIC 15/21
User story As a system administrator of a pharma company, I want to view the results of
a concluded voting session. If I am the person responsible for triggering the
smart contract to implement the action voted on, I can trigger the action.
Stakeholders PharmaLedger business network members, IT teams, application developers
Plan for M36 A refined version will be available for testing by industry participants.
3.3 Automation of intra-organizational blockchain management
The following functionalities of the Governance tool implement or support the automation of management
of PharmaLedger blockchain.
3.3.1 Organizations dashboard
The Organization dashboard shown in Figure 10 provides a high-level view over the blockchain networks
that owned by the user and the ones that are shared with the user. The dashboard provides the following
information:
● The name of an organization
● The type of Organization, being either:
○ Owner: the user created the organization and has a full control over the defined blockchain
networks
○ Shared: the user created the organization using information shared with the user by other
partners and thus can only view partial information of their organizations
● The number of blockchain network clusters belonging to the organization
Figure 9 Voting Results dialog
16. PharmaLedger – 853992 | Deliverable D3.12 V5.0 | PUBLIC 16/21
● Blockchain Networks: actions performed to manage the blockchain networks
● Options: actions such as View or Edit the user is allowed to perform
● Add New Organization button: allows the user to create a new organization, either their own or
reflecting information shared with the user by another partner
User story As a system administrator of a pharma company, I have access to the
Organizations Dashboard which allows me to view and access my current
blockchain networks and view the blockchain networks that are shared with
me.
Stakeholders PharmaLedger business network members, IT teams, application developers
Plan for M36 A refined version will be available for testing by industry participants.
3.3.2 Blockchain Networks dashboard
The Blockchain Networks dashboard, shown in Figure 11, supports management of the user’s blockchain
networks including their deployment, creation of new ones or joining existing networks. The information
and actions available to the user are:
● The name of a blockchain network
● Type:
○ Owner: means that the user has executed the Initiate Network action
○ Shared: means that the user has joined an existing blockchain network using the Join
Network action
Figure 10 Organizations dashboard
17. PharmaLedger – 853992 | Deliverable D3.12 V5.0 | PUBLIC 17/21
● Status: represents the status of the blockchain network and can be Installed, Ready to Install or
Installation Pending
● Operation: action by which I manage the blockchain network
● Options: different actions related to the configuration of the blockchain network. For the Shared
type I can only View because the information is shared with me and I cannot change it directly
● Initiate Network button – creates a new network
● Join Network – enables user to join an existing network
User story As a system administrator of a pharma company, I use the blockchain
networks dashboard to create, join or manage blockchain networks.
Stakeholders PharmaLedger business network members, IT teams, application developers
Plan for M36 A refined version will be available for testing by industry participants.
Figure 11 Blockchain Networks dashboard
18. PharmaLedger – 853992 | Deliverable D3.12 V5.0 | PUBLIC 18/21
3.3.4 Initiate Network dialog
The Initiate Network dialog, shown in Figure 12, collects from the user information required for access to
the Jenkins server that manages the deployment of a blockchain network, including information about the
repository where the definitions of the pipelines are located. The information required in order to initiate
a new network:
● Blockchain name
● Jenkins: the URL of the Jenkins server
● Jenkins user name: the Jenkins user under which the connection to the Jenkins server will be
made
● Jenkins token: the Jenkins access token provided by the Jenkins Server for the Jenkins user
● GitHub pipeline repository: the GitHub repository where the pipelines are stored
● GitHub access token: the access token provided by GitHub in order to access the repository
● Deployment configuration: additional configuration in JSON format if necessary
● Save Network button
User story As a system administrator of a pharma company, I can create a new blockchain
network to be deployed using a Jenkins server with pipeline definitions loaded
from my private repository.
Stakeholders PharmaLedger business network members, IT teams, application developers
Plan for M36 A refined version will be available for testing by industry participants.
Figure 12 Initiate Network dialog
19. PharmaLedger – 853992 | Deliverable D3.12 V5.0 | PUBLIC 19/21
3.3.5 Edit Network dialog
The Edit Network dialog provides the means to update the configuration of an existing, owned, blockchain
network being either access tokens, repository locations or Jenkins Server access and/or location. Also, a
blockchain network status is provided in order to know if changing the blockchain network configuration
has/when it has an impact. The available configurations to be updated are as follows:
● Blockchain name: the name of the blockchain network
● Jenkins: the URL of the Jenkins server
● Jenkins user name: the Jenkins user under which the connection to the Jenkins server will be
made
● Jenkins token: the Jenkins access token provided by the Jenkins Server for the Jenkins user
● GitHub pipeline repository: the GitHub repository where the pipelines are stored
● GitHub access token: the access token provided by GitHub in order to access the repository
● Deployment configuration: additional configuration in JSON format if necessary
● Blockchain network cluster status: represents the current state of the blockchain network.
Operations over blockchain networks that are in progress will snapshot the configuration and
changing it during that time has no effect.
● Update Network: updates the blockchain configuration and next operations will use the updated
information
User story As a system administrator representing a pharma company, I can change the
configuration of an existing blockchain network.
Stakeholders PharmaLedger business network members, IT teams, application developers
Figure 13 Edit Network dialog
20. PharmaLedger – 853992 | Deliverable D3.12 V5.0 | PUBLIC 20/21
Plan for M36 A refined version will be available for testing by industry participants.
3.3.6 Manage Blockchain Network Deployment dialog
The Manage Blockchain Network Deployment dialog, shown in Figure 14, allows installing or removing an
existing blockchain network. A blockchain network installation is initiated using a configured Jenkins server.
The operation is a long running one and when it is finished the Governance tool will be notified.
When the Manage Blockchain Network Deployment dialog is opened, the current installation status is
updated and depending on the status, the various actions supported by it may or may not be available. If
the installation is in progress the only option is to exit the dialog.
Once the installation is finished (see Figure 15), opening the dialog will have the UI automatically updated
and new options are available now:
● Installation logs: will show the installation logs provided by the Jenkins Server. The logs will be
loaded at runtime from the Jenkins Server
● REMOVE Blockchain network: action to remove the current blockchain network. For this case the
pipelines defined in the GitHub repository for the remove are used.
User story As a system administrator of a pharma company, I can install or remove a
blockchain network. I can monitor the installation progress and the logs
emitted by it.
Stakeholders PharmaLedger business network members, IT teams, application developers
Plan for M36 A refined version will be available for testing by industry participants.
Figure 14 Manage Blockchain Network Deployment dialog – installation in progress
21. PharmaLedger – 853992 | Deliverable D3.12 V5.0 | PUBLIC 21/21
4. Conclusion
The PharmaLedger Governance tool supports the governance and management of a PharmaLedger
blockchain network, where every blockchain node is run by a different network member. The tool is
implemented as a self-sovereign application running in an execution context provided by the user wallet,
using DSUs which provide self-sovereign security, authorization, and authentication. Users may include
system administrators, IT teams of members of the PharmaLedger network and PharmaLedger application
developers.
The first working reference implementation of the Governance is based on two main dashboards – Voting
and Deployment Automation. The former provides a variety of on-chain voting functions, some of which
may trigger an automated implementation by a smart contract; the latter provides the ability to perform
an automated initiation, deployment, monitoring and removal of blockchain networks that serve the
PharmaLedger use cases.
This first implementation will be followed by a refined one in M36 of the PharmaLedger project. The refined
implementation will benefit from the progress of the PharmaLedger use cases in the last year of the project
and may provide additional use case specific governance features.
Figure 15 Manage Blockchain Network Deployment dialog - Installed successfully