Web3 for sensitive data, enterprise, government, private, and permissioned use

Abstract

Web3 represents an evolution of the centralized and siloed topology of Web2 by focusing on more connected, decentralized, and open technology to democratize data and services between databases, tools, devices, people, teams and organizations to provide secure single sources of truth on decentralized trust layers. However, sensitive data, such as intellectual property, classified information, personal data, or medical records, cannot be distributed to those without explicit access. A standard solution is to encrypt the data before uploading and then distribute the decryption key to select persons. This solution does not sufficiently protect against data leakage. In addition, legal, contractual, and GDPR requirements are not met in current Web3 systems. This study suggests critical requirements for any Web3 system that targets sensitive data, private and permissioned needs, and enterprise and governmental applications. A preliminary framework is then introduced for building compliant Web3 systems to the suggested requirements. The study proposes changes to the Inter Planetary File System (IPFS) protocol, with the main change being that each request checks against a ledger if the requestor has access to the data. Two novel Ethereum smart contracts, Enterprise Architecture and Smart Legal Contract, are presented to meet the suggested requirements.