TJTS4300 Group Assignment:

Describe & Model

Your SSI Ecosystem

This deliverable template includes:

1. Descriptions of the use case(s) and
the Verifiable Data in the use case(s)
2. Models of Governance, Business,
Legal & Regulatory Context aspects

The final deadline is on Sunday, 3.3., but we are

working on the deliverable iteratively week by
week. Ask your questions latest on the last
course seminar on Tuesday 20.2.
Group Information
Group number & name

• Group 2

Team members

• Firas Turak
• Quyen Pham
• Muhammad Ashfaq
• Paavo Pennanen
• Lassi Laaksosaari
ActivityLevel
Ecosystem Lifecycle Stage: Adoption

Industries: Leisure and Sports

Short description:
Connects free time activity practitioners and providers to a local network. The solution includes sports players, excercise groups and board
game players. Through the ecosystem users can find an activity in a centralized way with other verified users, and specify the activities they
are skilled in.

Value proposition of the ecosystem:

Practitioners save time and mental effort when finding other activity practitioners in activities that lack platforms for finding other
practitioners. They also have one app for all the activities instead of relying on multiple apps that work different ways. Every time
practitioner goes to practice, they can feel safe that the other party isn't scammer or doesn't appear to practice with them. They
also can be assured that the opponent is on the same level in the activity to avoid the frustration that comes from big differences
in level. Platform can also encourage players to improve their level through gamification and competition towards other users on
the platform which can make activities more enjoyable and therefore can increase activity organizers/providers cash flow. Activity
organizers/providers can reach wider audience with our platform which in turn increases their potential profits. They can also be
assured that improvements on service quality are communicated through our platform to the practitioners, which can lower the
risk of investments on service quality improvements.
Chess Use Case
Description
• The ecosystem enables chess players (holders)
to connect with other verified chess players
in tournaments with Chess.com (activity
provider)
• Verifiable Data attributes: Name, Birth Date,
Gender, Skill Level, Feedback Score.
• ActivityLevel issues the verified credentials to
the holders (activity practitioners), in this case
Chess players
• Chess.com (activity provider) hosts Chess
tournaments and verifies participating users
and their skill level with ActivityLevel.
• Example scenario: Chess.com opens a chess
tournament in central park. Chess Smith uses
his ActivityLevel credentials to validate himself
and participate in the tournament as a skilled
Chess player.
Use Case General Information

Use case name or short description:

• Connect users to a free-time activity event. Utilize SSI to verify users are real and
evaluate skill and knowledge levels on the activity to limit potential participants.
Key SSI authority roles in your ecosystem
• Issuer: ActivityLevel and 3rd party activity platforms.

• Verifier: Activity provider

• Holder: Activity practitioner

• Governance authority: ActivityLevel

 Verifiable Data Attributes
The most important components of a Verifiable Credentials are the Claim(s).
Please list the attributes of your verifiable claim(s) in your chosen use case(s).
Example: in case of a digital passport: Given name, Family name, Birth date,...
• User Identification:
Unique identifier for each user within the ecosystem.
• Verification Status:
Indicates whether the user's identity has been verified by the platform.
• Skill Proficiency:
Claims related to the user's proficiency in specific activities or skills, e.g., sports, exercise, board games.
• Activity Preferences:
Information about the types of activities the user is interested in or prefers.
• Provider/Practitioner Status:
Distinguishes between users who are providers (organizing activities) and practitioners (participants).
• Activity History:
Records of past activities the user has participated in or organized.
• Location Verification:
Geographical data ensuring that the user is located in the specified local network.
• Connection Status:
Information about the user's current connectivity within the ecosystem.
• Time Availability:
Claims regarding the user's availability for activities during specific times.
• Community Ratings:
Ratings and feedback received from other users within the ecosystem.
• Issuer Information:
Details about the entity or platform issuing the verifiable claim.
• Timestamp: Examples from W3C standard
Records when the verifiable claim was issued or last updated.
Use Case SSI Interactions
Steps through which the holder, verifier and issuer interacts.

Sport club (issuer) issues certificate of persons

(holder) achieves and attendance in the sport
and signs it with the club specific key

The certificate is then documented in the

decentralized event log (verifiable data
registry) and to holder's digital wallet/register

Holder applies wants to attend to competition

and provides records as an evidence of skill
level

The organization (verifier) arranging the

competition verifies the authenticity of the
document form the verifiable data registry
Verifiable Credential Issuance
Steps through which the holder and issuer interact and a Verifiable Credential gets issued.

● Holder requests certificate of

achievements and attendance from sport
club
● Club issues certificate that is verified by
the club specified key
● The certificate is distributed to the holder
and issuance is registered in event log
● Now the holder has certificate that can be
verified by decentralized event log

Get inspired by the TrustOverIP Interactive Model

Verifiable Credential Verification 1/2
Steps through which the holder and the verifier interact and a Verifiable Credential gets verified

● Holder(person) wants to attend to

competition and provides certificate to the
verifier(organization)
● Verifier then verifies the authenticity of
the certificate from verifiable data register
● Verifier then approves the attendance of
the holder

Get inspired by the TrustOverIP Interactive Model

Verifiable Credential Verification
How the authenticity of the Verifiable Credential gets verified in your ecosystem.

● Verifier (organization) has the certificate

from holder(person)
● Verifier wants to verify authenticity of the
certificate from the verifiable data registry
(decentralized event log)
● Keys of the issuer(sport club) and
holder(person) match to the issuance of
certificate in the log
● Verifier has now verified the certificate to
be authentic
Get inspired by the TrustOverIP Interactive Model
Modeling the
Ecosystem
• This part of the assignment includes:
• Governance aspects + descriptions
• Business aspects + descriptions
• Legal & Regulatory Context +
descriptions
• <Optional> Ideas for Ecosystem
Governance Compass language
development

• See the instructions in Moodle!

GOVERNANCE

Incentives Governance Risks

Customized Network Economic Reputation Privacy

Activities effects growth gain Concerns

Gets Gets Gets Gets

Actors & Roles

Organizations
3rd-party activity /
Players ActivityLevel platforms Companies

Is Is
Is Is

Activity Governance Activity

Issuer
Practitioner Authority Providers

Gets Complies with Gets provides verify complies Is responsible for

Sub-containers: Scale or move the
sub-containers to your needs. If
Rights, Rules, Responsibilities needed, create a new slide for each
sub-container and copy-paste
connected components such as
actors.

Maintain Fair Verifiable Up-to-date

Network Access Data Integrity
Play credentials service info

Provides
GOVERNANCE

Actors & Roles

THIS IS AN EXAMPLE OF HOW TO

Has
Bank Issuer CREATE A NEW SLIDE FOR SUB-
CONTAINERS IF NECESSARY.

Is responsible for

Rights, Rules, Responsibilities

Verifiable
credential
issuance
Description: Governance
Component Type Component Name Description
Actor, Role, Incentive, Right,
Responsibility, Rule, Risk

Actor Activity Practitioner Individuals participating in activities, verifying others,

and using services in the ecosystem.
Role Verifier Validates the qualifications and skills of other
practitioners within the network.
Incentive Network Growth Motivated by the expansion of the network and the
increased opportunities it brings.
Right Access to Services Entitled to access various services within the SSI
ecosystem based on verified credentials.
Responsibility Data Integrity Must ensure the accuracy and integrity of their data
and credentials within the system.
Rule Fair Practice Obligated to follow fair practice rules in interactions
and verifications.
Risk Privacy Concerns Risks associated with data privacy and the
mishandling of personal credentials.
BUSINESS

Financial Aspects Business risks

Service doesn't Balancing

Recurring Salaries
Subscription gain enough subscription fees
promotion
fees subscriptio Ad revenue Recurring popularity
High
Improve n fees Paas fees
High
quality of
service

Developing Competition in
universal platform certain activities is
is too expensive too good

Business Activities High

Medium

Delivering the
Advertise software
products

Access on
Development Increases the
Access to the exclusive Reviews of other
feedback popularity of
platform promotion on customers
platform Delivering the
platform
platform

Provides the
Provides core of service
Gets Provides
for practiners

Sub-containers: Scale or move the

sub-containers to your needs. If
needed, create a new slide for each
Actors & Roles Provides Gets sub-container and copy-paste
connected components such as
Cloud Platform actors.
Customer Provider
Business
Partner

Is Is
Developer
Week 5 assignment,
due to 12.2.2024
Practitioner Activity Provider
Assosiacated Prod
uct
owner/distributor
 Description: Business aspects
(please continue on the next slide if necessary)

Component Type Component Name Description

Revenue model, Cost model,
Business Activity, Risk

Revenue Model Subscription Fee Users pay a monthly subscription fee to access the full
features of the platform, including advanced search
filters, skill level verification, and participation in
gamified activities.
Revenue Model Premium Activity Listings Activity organizers/providers pay a fee to feature their
activities prominently in the search results, gaining
increased visibility and attracting a larger audience.

Revenue Model In-App Purchases Users have the option to purchase virtual goods,
badges, or other enhancements through in-app
purchases, adding a layer of personalization and
status symbols within the platform.
Actor Activity Provider Provider of certain activity (e.g. Company owning
tennis courts)
 Description: Business aspects
(please continue on the next slide if necessary)

Component Type Component Name Description

Revenue model, Cost model,
Business Activity, Risk

Cost Model User Verification The platform incurs costs for verifying users' skills and
backgrounds to ensure a safe and trustworthy
community. This includes background checks and skill
level assessments.
Cost Model Customer Support Expenses associated with providing customer support
to address user inquiries, resolve issues, and maintain
a positive user experience.

Cost Model Platform Maintenance Costs related to the regular maintenance, updates,
and improvements to the platform to ensure its
functionality and user satisfaction.
Description: Business aspects
(please continue
Component on the next
Type slide if necessary)
Component Name Description
Revenue model, Cost model,
Business Activity, Risk

Business Activity Skill Level Gamification Implementing and managing gamification elements
that encourage users to improve their activity skills,
fostering healthy competition and engagement.

Business Activity Activity Quality Monitoring Monitoring and evaluating the quality of activities
provided by organizers, ensuring that the platform
maintains a high standard and effectively
communicates improvements to users.

Business Activity Marketing and Outreach Conducting marketing campaigns and outreach
programs to attract both activity practitioners and
providers, expanding the user base and increasing
visibility.
Description: Business aspects
(please continue
Component on the next
Type slide if necessary)
Component Name Description
Revenue model, Cost model,
Business Activity, Risk

Risk Scammer Detection Implementing measures and technologies to detect

and prevent scams within the platform, mitigating the
risk of fraudulent activities that could harm users'
trust and safety.
Risk Dispute Resolution Monitoring and evaluating the quality of activities
provided by organizers, ensuring that the platform
maintains a high standard and effectively
communicates improvements to users.
LEGAL & REGULATORY CONTEXT

Actors & Roles Agreements

Laws, Acts & Regulations

Data Prosessing End Use License

Data protection Cyber Resielence Agreement Agreement (EULA)
GDPR Eu privacy law
act 1050/2018 Act

International Privacy Policy

Accounting Act Directive (EU) Consumer Code of
1336/1997 2016/680 act Protection Act Advertising
Practice

Standards
User Agreement
Developer
Data protection
Data privacy
PCI DSS 4.0 ISO 27001 impact
policy
assesment

User Consent
ISO 8000-
61:2016
Practitioner
(Customer) Terms of Service
ISO 27018:2019 Data secuity Technical (Practitioner)
ISO 42030:2019
policy standards

Provider
(Customer)
Terms of Service
(Provider)
Legal & Regulatory Risks

Cyber attacks Sub-containers: Scale or move the

Medium sub-containers to your needs. If Cloud platform Is responsible for
needed, create a new slide for each provider
sub-container and copy-paste Terms of Service
Violation of data connected components such as and Service Level
Cloud
privacy and actors. Agreement (Cloud
infrastructure
handling laws location Provider)
Medium Low
Software
service Complies with
Scams made with Software security controller
bots for sensitive data Week 5 assignment,
Low High due to 12.2.2024
Description: Legal & Regulatory Context
(please continue on the next slide if necessary)

Component Type Component Name Description

Law, Act or Regulation,
Agreement, Risk

Agreement Terms of service (Provider) Creating a comprehensive terms of service agreement

that outlines the rights and responsibilities of both
users and the platform. Users must agree to these
terms before accessing the platform's services.
Agreement Subscription Agreement Defining the terms and conditions for users
subscribing to the premium features of the platform,
including payment details, subscription duration, and
cancellation policies.
Regulation User Privacy Compliance Ensuring compliance with data protection laws and
regulations by implementing measures to protect user
privacy. This includes handling and storing user data
securely and transparently, in line with relevant legal
requirements.
<Optional> Ideas for Ecosystem Governance Compass
Language Development
Group
Assignment
General
• This part of the assignment includes:
• References used for the group
assignment
• Work distribution within the group
• The use of ChatGPT and other AI-
based applications

• See the instructions in Moodle!

References
(please use a consistent reference style, such as APA 7)
Work Distribution Within The Group
(to be filled in for the final submission)

• Discuss the work distribution within the group and choose one of the options
below by deleting the other two options:
❑The work has been evenly distributed within my team. We would like
to get the same grade.
❑We agreed that someone gets a higher grade: <NAME>
❑We agreed that someone gets a lower grade: <NAME>

• Other comments/ justification (optional):

The Use of ChatGPT and Other AI-Based Applications
(to be filled in for the final submission)

• What application have you used (if any)?

• For which purpose?

Thank you!

Good luck with your

SSI ecosystem development ☺