Sphereon


Founded 2015 | HQ Utrecht, The Netherlands | <30 employees | <$15M revenue

Organizations are exploring and implementing blockchain technologies to reduce or eliminate the need for files and documents. But ripping and replacing longstanding ECM platforms is not easy. With its history in document and process management, Sphereon provides the opportunity for a less demanding transformation via blockchain.


The Company

Sphereon is a fascinating firm that we have taken note of from day one. Founded in 2015 by Maarten Boender, its people have a long and impressive history in the world of document and process management, and the company was one of the first to recognize the value of blockchain and content working together. From first building connectors to blockchains for well-known ECM repositories such as Alfresco and SharePoint, the firm is pivoting and expanding further into the world of secure and verifiable exchange of data and documents using Verifiable Credentials. Their work builds on their original thesis that blockchain at its core is all about the concept of decentralized trust. The focus of this report is Sphereon’s work on Verifiable Credentials.

The Technology

As the name suggests, Verifiable Credentials (VC) is Sphereon’s solution to providing a digitally signed (verified) data object. This data object could come in many forms, from a university-issued degree certificate to a government-issued ID or work permit. Such objects need to be tamper-proof, secure, consistent, and of course, verifiable.

Sphereon VC is built on open standards from W3C and the Decentralized Identity Foundation (DIF). A VC is basically a self-sovereign data file that has been digitally signed by the creator. The issuer shares this data file with the party the data or document is about – the holder, or owner (see Figure 1).

What this means in practice is that a credential can be stored anywhere but anchored on a distributed ledger (blockchain) through a hash and signature. Further, rules and restrictions can be applied to the credential, such as adding an expiration date, etc. The credentials, which consist of the credential data, associated metadata, a unique identifier, and the issuing party’s signature, are held and accessed via a digital wallet or other secure storage space.

The holder has control of the use of the credential, who sees it, and what elements of it they can share. The party they share the VC with – typically an organization that needs to process the data or document – can independently verify the authenticity and integrity of the data or document through the issuer’s digital signature.

Sphereon VC is not the only blockchain credential system on the market. But what sets Sphereon apart is its history in document and process management alongside its expertise in building and managing APIs and embracing open standards; hence, the focus here on ensuring interoperability. In part, this interoperability comes through using the newly released W3C decentralized identifiers (DID). DIDs are persistent identifiers that do not provide any information regarding the owner; instead, they describe how to engage with the owner – for example, a specific cryptographic key and set of events to follow. DIDs build on the concept of self-sovereignty, whereby the owner can update and track their identity document without the need for any centralized or third-party authority.

So how does this all work? Fundamentally, there obviously needs to be a blockchain; this could be anything from Hyperledger or Ethereum to LTO Network or Accumulate. There are over 100 implementations that support DIDs.
Sphereon VC offers a series of APIs to provide access to issue, register, sign, verify, and/or
revoke a credential. The end users access the system through a mobile wallet, which provides the means to view the credential and, just as importantly, to create and manage new credentials across any blockchain or distributed ledger system. This is complex and even more complicated to build, but its use in the real world is relatively simple and effective. Sphereon also offers several standard plug-ins, including for SharePoint and Alfresco. Note that DIDs can be associated with pretty much anything; each is self-signed, protects privacy, and automatically verifies its provenance and validity.

On top of this, you may build a digital asset modelling language (DAML) framework workflow, typically used to create smart contract workflows anchored on blockchains, to provide a means of automating any business logic or rules. This enables automatic processing and proof of the process.

Again, the key to understanding Sphereon is that it is a company focused and grounded in the document and process management world. Their use of VCs and DIDs for secure and verifiable data exchange needs to be seen in that context. For example, files stored in an Alfresco or Microsoft SharePoint repository can, using Sphereon, be anchored on a blockchain to lock and notarize them. By using a DAML smart contract, those anchored files can have things like retention and disposition rules applied to them and triggered automatically. With the addition of Verified Credentials, the files can have a secure life outside of the repository and move from the ECM system that is the system of trust, through traditional document management mechanisms, to an independent, distributed life and shared trust through using cryptology and blockchain.

This technology has numerous potential use cases; most obviously, it can be used for know-your-customer/anti-money-laundering (KYC/AML) checks: only one trusted party has to perform these, and others can reuse the issued credential. Other use cases include employee onboarding or issuing many types of verifiable certificates. But what interests us are the use cases yet to be explored or yet to emerge. For even though organizations are implementing enterprise blockchains to reduce, automate, or eliminate paper and file-based processes, the traditional world of technology vendors that focus on paper and file-based processes has been understandably slow to embrace this. Tools like VC open the doors for developers, systems integrators, and, potentially, technology vendors to embrace those opportunities.

Figure 1
Sphereon Verifiable Credentials

Our Opinion

Though Sphereon has been building connectors to blockchain for ECM systems for some time now, its Verified Credentials and Smart Contract capabilities are still relatively new. Hence, it is no surprise that there is still much work to do in productizing and marketing this technology. Even so, for savvy developers and systems integrators, there is much to explore here. We think that technology vendors in the ECM and process automation sector should take a good look at Sphereon and consider how they can extend and modernize their products, or they risk being left behind.

Advice to Buyers

Organizations across the board are exploring and implementing blockchain technologies to reduce or even eliminate the need for files and documents. But ripping and replacing ECM platforms that have been in place for decades is no easy undertaking, and such a move comes with a high degree of risk. Sphereon provides an opportunity to integrate and extend those existing mission critical platforms, making the work of transformation via blockchain much less demanding.


SOAR Analysis

Strengths

  • First to market
  • Deep experience in document and process management

Aspirations

  • Revolutionize document and process management
  • Be the enabler of interparty digital trust

Opportunities

  • Partner with major systems integrators
  • Partner with major tech vendors

Results

  • Partnerships and connectors with leading ECM systems
  • Technology already tested and deployed in major organizations