International Journal of Interactive Mobile Technologies (iJIM) – eISSN: 1865-7923 – Vol. 15, No. 14, 2021 Paper—Innovative Delegation Application in Thai National Digital Identity Platform Innovative Delegation Application in Thai National Digital Identity Platform https://doi.org/10.3991/ijim.v15i14.22055 Pensri Arunwatanamongkol (), Natawut Nupairoj, Uthai Tanlamai Chulalongkorn University, Bangkok, Thailand pensri@gmail.com Abstract—The national digital identity platform is a robust scheme that en- ables individuals and entities to prove who they are to digitally access critical information or services. However, current digital identity systems do not suffi- ciently consider delegation between entities from the viewpoint of dynamic au- thorizers and permissions. This study aims to understand the pain points and expectations of end-users and service providers in the Thai national digital iden- tity platform, to design a dynamic delegation model and develop an innovative delegation application to test user acceptance. The research utilizes semi- structured interviews with 3 digital identity experts, two focus groups, one with 6 service providers, and the other one with 6 end-users. Based on results from the data analysis and conceptual prototype design, validated by experts, the proposed prototype is practical and suitable for developing a digital delegation mobile web application that is convenient, safe, secure, and reliable utilizing blockchain technology under the Thai national digital identity platform. The technology acceptance model was used to test the application acceptance with 42 participants. The result reveals that both person and businesses intend to adopt the digital delegation mobile web application. Use cases of the applica- tion include users give their power to trusted entities and Government Agency to provide services to the citizens via the authorized delegatee. Keywords—Digital delegation application, Digital identity delegation, Thai National Digital Identity 1 Introduction Digital identity, Digital ID, is becoming extensively more critical to provide indi- viduals and entities with the ability to prove who they are to access services and bene- fits. Therefore, many countries are moving toward setting up a National Digital Iden- tity platform to facilitate digital society. The platform can afford trust and confidence to the user community to access sensitive information or services [1-4]. The Global Digital Report 2019 [5] found 92 million mobile subscribers in Thailand, 133% pene- tration, and 55 million active mobile internet users. The report ranked Thailand the world leader in mobile banking users, 74%. The Thai national digital identity platform (NDID) was established under the cooperation among all related parties in both the iJIM ‒ Vol. 15, No. 14, 2021 17 https://doi.org/10.3991/ijim.v15i14.22055 mailto:pensri@gmail.com Paper—Innovative Delegation Application in Thai National Digital Identity Platform public and business sectors. This becomes the country’s digitization infrastructure platform that uses banks as the digital identity providers. The banks provide identity authentication and authorization via interactive mobile applications [4]. However, the solutions adopted to date by Thai National Digital Identity platforms lack an im- portant type of user interaction, delegation [6]. The delegation within the digital plat- form will allow the easier process, greater convenience, and reduce time consumption at a lower cost, unlike in the physical world where papers, photocopies, and printed documents are needed, which can cause handling difficulties [7], especially during lockdowns caused by the Covid-19 pandemic. To ensure secured and robust transactions, the Thai NDID uses blockchain as an underlying technology. However, the existing delegation processes are done manually with very little security involved. Thus, the digital delegation model on top of the Thai NDID platform should address security, the most critical issue in its design. The complexity of design should also handle the dynamic rights and representativeness of the organization so that users can process digital delegation seamlessly. Even though there have been many studies on digital delegation, very few of them have focused on dynamic delegation by getting real-time information of the business through the plat- form. Whether manual or without blockchain, most of the existing delegation models are untrustworthy because they cannot validate the person or transaction safely or conveniently. The present research aims to close this gap by proposing a generic dy- namic delegation model. The model will retrieve up-to-date business information and authorizers, together with their rights from the registrar, allowing both juristic and individual users to do the digital delegation conveniently and interactively through mobile devices. Therefore, two main research questions are: 1. Utilizing the blockchain technology to gain trust and acceptance from users, what features and functionalities should be in a dynamic digital delegation model that can be securely implemented on the NDID platform? 2. Whether users accept the mobile application developed from the proposed dynamic digital delegation model? Many existing digital delegation frameworks are static. They cannot retrieve cor- rect and up-to-date business’s authorizers nor their rights from the business regis- trar[7-12]. Neither can they accommodate the time difference from one stage of dele- gation to another. Also, the security in those frameworks is questionable. Therefore, the novelty of the present research is to offer a generic model that can facilitate asyn- chronous dynamic digital delegations. The current framework is integrated with the National Digital Identity platform and employs highly secure blockchain technology to design the digital delegation model. The following section will describe and review research on digital identity delega- tion and compare existing delegation models’ features. A brief explanation of the New Product Development (NPD) framework is also given as the basis for building the proposed model. Section 3 presents the innovative digital delegation application in the national digital ID platform and the discussion and conclusion in Section 4. 18 http://www.i-jim.org https://link.springer.com/article/10.1007/s10207-017-0385-x#Sec10 Paper—Innovative Delegation Application in Thai National Digital Identity Platform 2 Digital Identity Delegation 2.1 Digital identity Today, many important services involved in education, finances, government, and healthcare are offered via a digital platform [13-15] accessible anywhere and anytime on mobile devices. Digital identity has thus been extensively studied as it is a neces- sary infrastructure to provide individuals and entities with the ability to identify who they are to access information or services digitally. Therefore, many economies turn to a national digital identity platform to gain users’ trust, acceptance, and adoption for critical transactions such as receiving government benefits, recording educational achievements, accessing healthcare information, and using financial services [15-18]. Digital identity platforms typically comprise four main roles: 1. User or Entity, an individual or a legal entity who wants to apply for access to a service that requires proving their identity. 2. Identity Provider (IDP), a trusted entity responsible for user enrollment, identity proof, and linking user authenticator(s) with user credentials such as a document or data issued to the entity by a government agency or authoritative source. 3. Authoritative Source, a registrar, government agency, or trusted organization re- sponsible for issuing documents or data to an individual or registered entity. 4. Relying Party (RP), a service provider who relies on the IDP to identify a potential customer’s verification before providing access or service. With these four prominent roles, two separate components deal with digital identity usage. The first is user enrollment and identity proof; the latter is authentication and life cycle management [19]. Even though the digital identity platform’s main process- es are the same, the architecture and technology used to deploy each national digital identity platform are different from one economy to another, depending on its choice of digital identity model. As robustness and future-proofing technology are two of the fundamental principles for developing national digital identity, an emerging technolo- gy called blockchain has been extensive study acting as a core component of the plat- form. In 2008, Satoshi Nakamoto described how blockchain technology, a peer-to-peer distributed ledger, can be used to implement a digital currency system, bitcoin [20], with capacities to maintain the order of transactions and avoid the double-spending problems. Furthermore, the distributed nature of blockchain avoids the single point of failure issue, thus, offering high integrity for transactions and data against intentional and unintentional corruption [21-23]. With these characteristics, blockchain is now considered an emerging technology best suited for a core component on distributed- based digital identity platforms [4, 24, 25]. The Thai NDID, a federated and distributed identity platform, is utilizing a private blockchain called Tendermint to record public data such as a hash of authentication requests from RP, responses from IDP, and consents from users. Sensitive data are iJIM ‒ Vol. 15, No. 14, 2021 19 Paper—Innovative Delegation Application in Thai National Digital Identity Platform transmitted via a secure point-to-point communication channel between nodes and recorded at the local storage of each node [4], as shown in Figure 1. Fig. 1. Thai National Digital Identity Platform Design Using Tendermint 2.2 Delegation models Delegation is the process by which an entity (delegator) in a distributed environ- ment authorizes another entity (delegatee) to carry out some functions on the former’s behalf. Unlike in the physical world where papers, photocopies, and printed docu- ments are needed, which can cause handling difficulties, the digital delegation within the national identity platform offers easier processing, greater convenience, and re- duced time consumption at a lower cost [7]. The delegation has been arisen on the digital platforms to handle authorization and security since the computer systems were introduced. Previous studies examined role- based access control (RBAC) [26, 27] that afford access according to user roles and permissions. Attribute-based access control (ABAC) was studied to learn RBAC disadvantages causing the inability to change a user’s permission upon time con- straints and the complexity of the initial setup of roles and permissions structure [28- 30]. Focusing on delegation models, this study uses some key features and characteris- tics specified by Ali [31] with three augmented features: business registrar, dynamic delegation, and delegation management mentioned below, to compare the existing models [7-12]. Business registrar can provide real-time, up-to-date authorizers and transaction conditions of the business for the delegation authorization process [32]. Delegation forms include support models. This research will add a focus on the business entity. Therefore, the forms can be person to person, person to business, business to person, and business to business. Delegation management gives details of where the delegation or/and revocation are managed. Trusted delegation authorities or managers responsible for delegation re- quests and authorizations, revocations, and tracking. Delegation authority was intro- duced by Gomi [9, 10], while the delegation token revocation authority was presented by Sanchez [7]. 20 http://www.i-jim.org Paper—Innovative Delegation Application in Thai National Digital Identity Platform Table 1. Summary of features and characteristics of delegation models [7] [8] [9] [10] [11] [12] Business Registrar No No No No No No Delegation Form P to P P to P P to P P to P P to P P to P B to P Dynamic Delegation Yes No Yes No Yes Yes Delegation Management DTRA IDP Self SP IDP DA Self SP Self SP Multiple Delegation N.S. Yes No Yes Yes N.S. Multistep Yes Yes No Yes Yes Yes Revocation Forced Forced and Auto No No Forced No P=Person, B=Business, DA=Delegation Authority, DTRA=Delegation Token Revocation Authority, SP=Service Provider, N.S.=Not Specify Dynamic delegation means that the permission or business entity authorizers can be specified during a delegation request, unlike static delegation, where fixed permis- sions are predefined [9, 10, 31, 33]. The model can utilize retrieved up-to-date infor- mation of the business’s authorizers and rights and with the business registrar in the platform. Multiple is used to describe whether a delegation can be delegated to multiple del- egates. Multistep tells that a delegatee can further delegate power to other entities by the depth of the delegation. Revocation is the action to take away delegated rights from a delegatee using one of two methods, forced revocation by delegator/delegatee or auto revocation by time/rule-based. Table 1 gives a summary of the above features and characteristics for the record. It shows that there is no key delegation model specified supporting the business regis- trar. Due to the dynamic change of organization structure, an organization’s representa- tives might be altered after the delegation is completed. Furthermore, the delegation model should be able to handle this change so the original delegators, during the time of delegation, can still be recorded and tracked even after they are no longer with the organization. In addition, revocation should be provided as a new team tool to stop the unwanted delegation. Moreover, the delegation in the digital identity platform should be a user-self process to allow delegator and delegatee to start, manage, and revoke the delegation by themselves [9, 10]. Although many studies have been done on ac- cess control, not all of them support the dynamic permission assignment. None pro- vide the delegation process for business entities with the dynamic rights of the entity’s authorizers. 2.3 New product development process Numerous studies on the new product development process presented the im- portance of the voice of customers in the success of a new product or service design and development. Cooper revealed the effective NDP process, including idea genera- iJIM ‒ Vol. 15, No. 14, 2021 21 Paper—Innovative Delegation Application in Thai National Digital Identity Platform tion, idea screening, concept testing, business and market analysis, product develop- ment, market testing, and commercialization [34]. In a digital world, the time to launch new products or services is critical to businesses. Next-generation versions of Stage-Gate new product development process, which are more flexible and adaptable, were introduced [35]. This work used the NPD process proposed by Cooper [35] to develop the innovative delegation application with 4 steps. Step 1 conducted a semi- structured interview to understand the pain points and expectations of end-users and service providers in the Thai national identity platform. Step 2 was to use the ideation and feasibility concept to design the delegation model. Step 3 was the development of a prototype. Finally, Step 4 was to do the test run. 3 Innovative Delegation Application 3.1 Methodology This research uses mixed methods to collect data; 1) Qualitative method where da- ta were collected via semi-structured in-depth interviews with three experts in the Thai national digital identity platform. The purposive sampling also included one focus group with service providers and another focus group with end-users of the NDID platform. 2) Quantitative method employed the survey method. The question- naires were distributed to the target sampling frame, specifically the users and service providers from the banking, financial, and insurance industries sectors. They were the initial members of the Thai NDID platform at the time of this study. The research processes used to find the answers to the research questions are orga- nized in the following steps: Step 1 Semi-structured interview: The interviews were conducted face-to-face using an interview form with three experts from the Thai national digital identity organization. A face-to-face focus group was also carried out with six service provid- ers of the NDID platform. Then after the Covid-19 lockdown, six end-users agreed to participate in the online focus group. Based on previous literature reviews, keywords and relevant phrases were identified and used to analyze the contents of all interviews and focus group data. The transcribed data were coded, mapped, and analyzed to identify user needs, system benefits/limitations, and factors affecting intention to use digital delegation. Step 2 Delegation model design: The conceptual delegation model employed the synthesized results from Step 1 and existing literature. Two experts then validated the model. Finally, the adjusted model was used as the basis for prototype development in Step 3. Step 3 Prototype development: A delegation mobile web application was devel- oped utilizing the Tendermint blockchain as a prototype in the Thai NDID platform. Step 4 Technology acceptance test: Many studies examine users’ attitudes on mobile technology through the adoption of applications such as e-learning systems [36] and mobile commerce [37]. The Technology Acceptance Model (TAM) [38], a powerful technology acceptance test tool, was performed for the prototype usage 22 http://www.i-jim.org Paper—Innovative Delegation Application in Thai National Digital Identity Platform based on perceived usefulness, perceived ease of use, and intention to use. The ques- tionnaire was designed and constructed following the literature review and was tested and revised. Descriptive statistics were used to analyze data from this quantitative method of data collection, such as Mean, Mode, Median, and Standard Deviation. 3.2 Findings from semi-structure interview A transcription technique was used to convert audio from interviews and focus groups to text. This text was coded, mapped, and analyzed to highlight important messages. The results of the findings are grouped as pain points of service providers, pain points of end-users, and benefits of NDID platform. Pain points of service providers for current delegation process: • Concern a document can be trusted without proof of reliability or certainty the document has been photocopied with permission of delegator or authorizer • Inability to verify the juristic authorizers and power of them • Inability to verify the signature of each authorizer on a document is signed by the authorized person • Providers need to bear the cost to store the document for 10 years Pain points of end users for current delegation process: • Need to prepare a document which is inconvenient and resource-consuming • Delegators have no option than to trust delegatee when providing their information and documents • No privacy control over a given document • Inability to check if delegatee makes copy of document without approval • Inability to track delegation or delegation execution NDID platform benefits: • Communication between nodes is private while transaction logs are hashed in the blockchain • IDP provides identity authentication and verification with a timestamp recognized as a reliable tool with IAL and AAL specified by relying party or type of transac- tion • Distributed technology with multiple node members for each role to ensure no single point of failure and expandable roles Besides, the experts and service providers strongly believed that the digital delega- tion model should include the business registrar in the platform. Thus, the authorita- tive source can receive the up-to-date juristic Profile, including the juristic’s authoriz- ers and their power. The findings also reveal the main factors affecting intention to use the digital delegation process: System convenience, reliability, correctness, pre- served privacy, accuracy, and completeness. iJIM ‒ Vol. 15, No. 14, 2021 23 Paper—Innovative Delegation Application in Thai National Digital Identity Platform 3.3 Results from delegation model design The article employed the NPD process, proposed by Cooper [35], to develop the innovative delegation application. Based on the results from previous sections, the conceptual dynamic delegation model was designed to address the pain points of both service providers and end-users. Table 2 summarizes the innovative delegation appli- cation’s desirable functionalities. Mobile application technology was used to implement the delegation application to give convenience to the users as the inconvenience was the main pain point for them to seek digital delegation. Table 2. Summary of factors and functionalities of the innovative delegation application Factors Desired Functionalities Convenience Digital delegation with anywhere and anytime accessibility utilizing interactive mobile web application technology Reliability Identity authentication and verification of delegator, authorizer, and delegatee done through the NDID platform reliable with time stamps Correctness Juristic profiles with list of authorizers, powers, and rights received via the business registrar for correctness of information and delegation process. Privacy and Trust Delegations accessible only by the delegator, delegatee, and related relying party. Accuracy Delegation details kept at Delegation Manager and hash of approval transactions writ- ten in blockchain so relying party can verify Completeness Complete delegation solution with create, approve, view, track, invoke, and revoke functions to cover entire process of conventional document delegation Besides the Entity/User, RP, IDP, and AS roles described in section 2.1, other basic roles and entities used for the proposed digital delegation model in this paper are described below: • Juristic Admin: A juristic person enrolled into the platform as a juristic user by an authorized representative to handle juristic digital identity actions at an IDP or oth- er choice. • Delegator: An individual or entity who wants to authorize another entity to conduct some functions or access other services. • Delegatee: An individual or entity who receives authorization to act on a delega- tor’s behalf. • Delegation Manager (DM): A trusted entity responsible for creating, recording, and revoking a delegation. • Registrar (a kind of AS): A trusted entity responsible for issuing a document or data to a registered entity. • Director: An individual who is a representative director, authorizer, or committee member of the juristic person, as prescribed by law, regulations or constitutive act while decisions as to the affairs of the juristic person are made by a majority of representatives. • Juristic Profile: Information of a juristic person, i.e., data that has been recorded and maintained by the registrar such as registration date, registration numbers or juristic ID, name of the juristic person, list of directors/committee members, de- 24 http://www.i-jim.org Paper—Innovative Delegation Application in Thai National Digital Identity Platform scriptions of powers granted, the status of the juristic person, address of the head office, and objectives of the juristic person. To cope with the functionalities proposed, the detailed design of the dynamic dele- gation model is as follows: Flow and data management: The proposed delegation process separates the pro- cesses into two parts according to user journeys. Figure 2 shows both parts starting with first, Delegation Request and Authorization at DM in steps 1-6 and second, the Delegation Execution at RP in steps 7-9. The main characteristic of asynchronous delegation is the Delegation Request and Authorization. Involved parties can process the authorization at a different time on their mobile device with no order restriction. In the same way as Austria’s eID system [32], the proposed model integrates the business registrar as an important role to support the juristic Profile. Fig. 2. Delegation Process Model As shown in Figure 3, the model also supports the multi-step delegation to be fur- ther delegated from the first delegatee. In this scenario, the delegator can set the depth of delegation. For example, 0 depth means no further delegation is allowed; likewise, the delegation that has greater than 0 depth can be further delegated, and the depth will be deducted by one up until depth is equal to zero. The delegator and delegatee can be either a natural person, juristic person, or machine. With the juristic person, the DM will request juristic information from the registrar. The authorizers will be ex- tracted from the gained information as well as any conditions concerning permission and power. The authorization request will then be sent to the corresponding represent- atives according to the delegation request. iJIM ‒ Vol. 15, No. 14, 2021 25 Paper—Innovative Delegation Application in Thai National Digital Identity Platform Fig. 3. Delegation Chain The Delegation Request and Authorization, as displayed in Figure 4, require the following flow: 1. A juristic user initiates a delegation request through DM with their juristic ID, del- egation type of transaction, delegation conditions such as the delegation effective start date and end date, delegatee ID, and depth for the multi-step delegation. 2. DM then sends a request through the platform for juristic user authentication and consent to get a juristic profile from the registrar. 3. Once the authentication is successful, juristic profile information is sent directly from the registrar to DM through the secured point-to-point communication chan- nel. 4. DM will process the information from the juristic Profile and action by sending au- thorization requests to juristic directors authorized to bind the juristic person ac- cording to the transaction type through their IDP. 5. If conditions are met, for example, to get two authorizations from three directors, a consent request is sent to the delegatee. 6. If the delegatee accepts to be a delegatee of the delegation, the delegation details, conditions, and received juristic Profile are recorded at the local DM storage while the hash of the delegation is written on the blockchain. Therefore, the delegation information is stored privately and securely. The delegatee can use the delegation ID as a reference to request a service at the RP during the execution. Since a juristic person’s board of directors, committee members, and their respec- tive rights may change from time to time, the juristic Profile at the registrar shall re- flect such changes immediately. Therefore, the model suggests a process to fetch the up-to-date juristic Profile from the registrar during the Delegation Request and Au- thorization and records it as part of the DM’s delegation information for further refer- ences by the approved delegation at a specific time and will remain valid until it is revoked. 26 http://www.i-jim.org Paper—Innovative Delegation Application in Thai National Digital Identity Platform Fig. 4. Flow of the Delegation Request and Authorization Apart from a delegation request, a delegation can be revoked by a juristic user via DM as shown in Figure 5, which will be recognized as part of delegation manage- ment. Following the same flow, a delegatee can request a revocation with added privacy. The delegation shown to the delegatee will include only the juristic name and ID without approved directors’ names and IDs. Fig. 5. Delegation Revocation Flow The delegatee can use a delegation ID as a reference to request service at the RP during delegation execution, following the flow shown in Figure 6. iJIM ‒ Vol. 15, No. 14, 2021 27 Paper—Innovative Delegation Application in Thai National Digital Identity Platform Fig. 6. Delegation Execution Flow Completeness of the digital delegation model: To prove the digital delegation model’s completeness, Finite-state machines or Automata theoretic was utilized. This is a powerful testing tool for checking the correctness of the control structure at the design level of software systems [39]. The state diagrams of the delegation request and authorization and the delegation execution are shown in Figures 7 and 8, which conclude that the document delegation process is a subset of the proposed digital delegation process. The distributed digital identity platform facilitates multiple nodes of each role, which lets the DM have multiple nodes. Therefore, the design has no single point of failure. If any specific node is down or compromised, the effect can be limited for delegation requests and executions to that single node. However, delegation services can still be requested and executed at the remaining DM nodes. Fig. 7. State diagram of delegation request and authorization 28 http://www.i-jim.org Paper—Innovative Delegation Application in Thai National Digital Identity Platform Fig. 8. State diagram of delegation execution Ability to work securely with the NDID platform: The Thai NDID platform has been developed using Tendermint blockchain technology. The dynamic delegation process can be securely built onto the digital identity platform utilizing: • Public and private key encryption and data hashing to store and exchange data safely between DM, IDP, Business Registrar, and RP nodes; • Distributed ledgers to keep public delegation information that removes the single point of failure and provide transactions transparency among nodes (members); • Communication between nodes is based on peer-to-peer network architecture with decentralized characteristics; • Cryptographic techniques, Merkle trees, hash functions, public and private keys to make it difficult to alter the delegation data stored in the blocks; • Smart contract to verify the distributed ledger and validate transactions. The researcher utilized the STRIDE [40], threat modeling, and security properties to analyze the existing document delegation and the proposed digital delegation mod- el. Table 3 shows that the proposed dynamic delegation is a better model in terms of threat and security properties, except that the digital delegation platform may be vul- nerable to denial of service. Therefore, DM should follow standard practices to pre- vent and protect the system. Also, the model supports multiple DMs so that users shall not be limited to a single point of failure. iJIM ‒ Vol. 15, No. 14, 2021 29 Paper—Innovative Delegation Application in Thai National Digital Identity Platform Table 3. Threats and security properties of present and proposed digital delegation Threat Security Property Present Delegation Dynamic Digital Delegation Spoofing identity Authentication Verify the delegator, authorizers, and delegatee via a document with no proof of unauthorized or spoofing Digital identity authentication and verification are done via IDP through the NDID platform Tampering with data Integrity No clear method to check for data modification or addition on the docu- ment Verify by checking transactions’ hash, which was recorded in a blockchain Repudiation Non- repudiation Delegator, delegatee or authorizers may claim or deny that they didn’t sign or authorize the delegation The stamps of approval and consent were recorded in the blockchain with undeniable responsibility. Information Disclosure Confidentiality Delegation information may be inten- tionally given to the unauthorized person and unintentionally disclosed in case of the document is dropped or lost Delegation information is accessible by an authorized person/entity via authentication only Denial of Service Availability Users prepare delegation document by themselves so there is no denial of service The digital delegation platform may be vulnerable by denial of service which DM should follow common practices to prevent and protect the system Elevation of Privilege Authorization Delegatee may copy the delegation document for unauthorized transac- tions Delegation can be set to a fixed amount of usage and cannot be used for an unauthorized transaction Fig. 9. Delegation request and authorization main screens 3.4 Results from prototype development A web-based delegation application was deployed utilizing Tendermint blockchain as a prototype in the Thai NDID platform with various functions shown in Figure 9- 11: delegation request, list, revoke, and invoke. The prototype development is a pro- cess under the NPD process [35]. The prototype was used as a tool for the technology acceptance test to answer the second research question. 30 http://www.i-jim.org Paper—Innovative Delegation Application in Thai National Digital Identity Platform Fig. 10. Delegation management and revocation screens Fig. 11. Delegation execution screens 3.5 Findings from the technology acceptance test The technology acceptance model [38] was applied to test the acceptance rate of the innovative delegation application. The quantitative approach survey was conduct- ed in December 2020. A total of 42 participants, 32 end-users, and 10 service provid- ers returned the online questionnaire. All were users and members of the Thai NDID platform. In this study, 71.43% were men and 28.57% women; their positions varied from business owners, executive directors, and managers to engineers and others. The distribution of participants’ ages ranged from 25-30 years to older than 55. The type of organization of respondents returning the most questionnaires was business at 50%, followed by government agencies at 21.43%, banks and financial companies at 16.67%, securities at 2.38%, insurers at 7.14%, and 2.38% of other types, respective- ly. Table 2 shows the demographic data and organizations of the participants. iJIM ‒ Vol. 15, No. 14, 2021 31 Paper—Innovative Delegation Application in Thai National Digital Identity Platform Table 4. Demographic data and organization of the participants Variable End User (n=32) Provider (n=10) Total (n=42) n % n % n % Sex Male Female 22 10 68.75 31.25 8 2 80.00 20.00 30 12 71.43 28.57 Age (years old) < 25 25 - 35 36 - 45 46 - 55 > 55 0 5 16 10 1 0.00 15.625 50.00 31.25 3.125 0 2 6 2 0 0.00 20.00 60.00 20.00 0.00 0 7 22 12 1 0.00 16.67 52.38 28.57 2.38 Position (multiple answer) Business owner Executive Director Manager Engineer/Officer Others 6 8 10 8 5 18.75 25.00 31.25 18.75 15.63 0 0 9 1 0 0.00 0.00 90.00 10.00 0.00 6 8 19 9 5 19.05 21.43 45.24 14.29 11.90 Type of organization Bank and financial Securities Insurance Government Business Others 1 0 2 9 19 1 3.125 0.00 6.25 28.125 59.375 3.125 6 1 1 0 2 0 60.00 10.00 10.00 0.00 20.00 0.00 7 1 3 9 21 1 16.67 2.38 7.14 21.43 50.00 2.38 Table 5. Perceived usefulness test results Perceived Usefulness End User (n=32) Provider (n=10) Total (n=42) M SD M SD M SD Delegation request, authorize, and execute can be done completely and successfully 4.47 0.76 4.30 0.67 4.43 0.74 Correctly verify and authenticate delegator and delegatee as well as authorize person according to their powers obtained from the business registrar 4.50 0.76 4.30 0.67 4.45 0.74 Able to validate the integrity of the delegation infor- mation 4.56 0.76 4.40 0.52 4.52 0.71 Trustworthy as the system can prevent identity spoofing 4.44 0.84 4.40 0.70 4.43 0.80 Delegation information is kept securely and accessible by authorized person/entity via authentication only 4.47 0.72 4.50 0.53 4.48 0.67 Reduced time to prepare and process delegation 4.81 0.47 4.50 0.71 4.74 0.54 Appropriate to use 4.50 0.72 4.20 0.79 4.43 0.74 Overall satisfaction for the usefulness 4.66 0.60 4.10 0.74 4.52 0.67 Total 4.55 0.70 4.34 0.67 4.50 0.70 Fourteen items in the questionnaire were developed to assess the perceived useful- ness and perceived ease of use. A 5-point Likert-type scale (from 1 = not at all to 5 = very much) was used for all measures. Detailed descriptions are shown in Tables 5 and 6. Regarding perceived usefulness, the result points out that “Reduced time to prepare and process delegation” received the total highest mean score at 4.74, with the aver- 32 http://www.i-jim.org Paper—Innovative Delegation Application in Thai National Digital Identity Platform age mean score of all eight items at 4.50 and 0.70 standard deviations. In terms of perceived ease of use, while the average mean scores for the total 6 items was 4.41 with 0.72 standard deviations, the “Convenience to process delegation request, au- thorize, and execute” got the total highest mean score at 4.55. In contrast, the end-user group had a higher score, mean 4.63, than the service provider group, mean 4.30. Table 6. Perceived ease of use test results Perceived ease of use End User (n=32) Provider (n=10) Total (n=42) M SD M SD M SD Clear steps and easy to use 4.09 0.78 3.70 0.82 4.00 0.80 Convenience to process delegation request, author- ize, and execute 4.63 0.71 4.30 0.82 4.55 0.74 Responsive and timely process 4.59 0.61 4.20 1.14 4.50 0.77 Able to work smoothly within the NDID platform 4.53 0.67 4.30 0.67 4.48 0.67 Easy access and process at anytime and anywhere 4.59 0.56 4.30 0.67 4.52 0.59 Overall satisfaction for the ease of use 4.53 0.67 4.10 0.99 4.43 0.77 Total 4.49 0.67 4.15 0.85 4.41 0.72 For the intention to use, the results show that 88.10% of the participants stated their intention to use the innovative delegation application, and 11.90% of participants were not sure whether they would use it while no participant selected no use. For frequency of usage, 43.75% of end-users stated that they might use the digital delega- tion once a month while 60% of the service providers considered using it more than four times per month, as shown in Table 7. Table 7. Intention to use Intention to use End User (n=32) Provider (n=10) Total (n=42) n % n % n % Will use the innovative delegation application Yes Not sure No 30 2 0 93.75 6.25 0.00 7 3 0 70.00 30.00 0.00 37 5 0 88.10 11.90 0.00 Number of times to use per month < 1 1 2 3 ≥ 4 8 14 3 3 4 25.00 43.75 9.375 9.375 12.50 4 0 0 0 6 40.00 0.00 0.00 0.00 60.00 12 14 3 3 10 28.57 33.34 7.14 7.14 23.81 iJIM ‒ Vol. 15, No. 14, 2021 33 Paper—Innovative Delegation Application in Thai National Digital Identity Platform Table 8. Summary of features and characteristics of the proposed delegation model Proposed Delegation Model Business Registrar Yes Delegation Form P to P, P to B, B to B, and B to P Dynamic Delegation Yes Delegation Management DM Multiple Delegation Yes Multistep Yes Revocation Forced and Auto 4 Conclusion and Discussion This work’s main contribution is a generic delegation model incorporates the blockchain and smart contract frameworks to handle dynamic permission delegation utilizing real-time, up-to-date business authorizers and rights information from the business registrar via the delegation manager which can be used to develop an innova- tive delegation application through interactive mobile application that extends the primary usage of identity proofing and authorization on a National Digital Identity platform. This paper also explores some extensions to include delegation management of multiple delegations, multistep delegation, revocation, and tracking delegation through the delegation manager, not previously provided in the Thai NDID platform. The technology acceptance model was used to test the innovative delegation appli- cation’s acceptance via questionnaires with 42 participants, 32 end-users and 10 ser- vice providers. While both groups indicate the same attitude toward satisfaction of perceived usefulness, perceived ease of use, and intention to use, the result reveals that the end-user group gives higher mean scores for most items. This demonstrates that both person and the juristic person intend to adopt the innovative delegation ap- plication. However, there are some concerns about the platform’s popularity, the ac- ceptability of the government agencies as service providers, and the system’s security. Use cases of the innovative delegation application include users give their power to a trusted entity and service providers, including Government Agencies that provides services to the citizens via the authorized delegatee through their mobile devices. Two possible customers of the dynamic digital delegation application are 1) end-users use the delegation service to get public services from the government agencies, and 2) company use the delegation service for their transaction with the banks, insurance company, or securities. This article’s contribution is a generic dynamic delegation model that can be ap- plied to any distributed digital identity platform using blockchain technology. It en- hances knowledge of adopting national digital identity in response to accuracy, relia- bility, and trustworthiness, which are the pain points of the current delegation process. Compared to previous models [7-12], the delegation model designed in this research covers all features and characteristics listed in Table 8. The model supports dynamic delegation of all delegation forms between individual and business with the business 34 http://www.i-jim.org Paper—Innovative Delegation Application in Thai National Digital Identity Platform registrar through the delegation manager that can handle multiple, multistep and revo- cation of delegations. The innovative delegation application in this study makes the NDID platform more meaningful and valuable. However, the delegation model addresses only the digital delegation process before a service request is made at the service provider/relying party. Therefore, future research may extend the model to handle other dynamic digi- tal delegations; for example, after a service request is initiated at a service provider prior, a power of attorney is needed. With a small sample size and limited industries-- financial, securities, and insurance industries--the users’ acceptance part of the study is limited. Future research should extend to larger samples in different sectors. Also, to increase convenience during the juristic entity enrollment process, some predefined types of transactions should be allowed by the registrars that cannot provide struc- tured juristic person information. 5 References [1] Wolfond, G., A Blockchain Ecosystem for Digital Identity: Improving Service Delivery in Canada's Public and Private Sectors. Technology Innovation Management Review, 2017. 7(10): p. 35-40. https://doi.org/10.22215/timreview/1112 [2] Carreto, C., M.A. Diaz, and B. Carvajal, Developing an implementation model and Archi- tecture Standard Digital ID, in 2016 IEEE International Autumn Meeting on Power, Elec- tronics and Computing (ROPEC). 2016, IEEE: Ixtapa, Mexico. https://doi.org/10.1109/ ROPEC.2016.7830641 [3] Sin, K.Q. Giving every citizen a unique digital identity. 2018 [cited 2018 1 October 2018]; Available from: https://www.tech.gov.sg/TechNews/DigitalGov/2018/09/Giving-every- citizen-a-unique-digital-identity. [4] National Digital ID Platform Technical Working Group, Digital ID Platform White Paper Draft v.0.1. 2017. [5] Hootsuite, Global digital 2019 reports. 2019, Hootsuite. [6] Arunwatanamongkol, P., N. Nupairoj, and U. Tanlamai, Delegation Process in Thai Na- tional Digital Identity Platform: A Conceptual Framework, in 22nd International Confer- ence on IT Applications and Management. 2019, Korea Database Strategy Society: Seoul, Korea. p. 143-150. [7] Sanchez, S., et al., Solving identity delegation problem in the e-government environment. International Journal of Information Security, 2011. 10: p. 351-372. https://doi.org/10.1007/s10207-011-0140-7 [8] Ahmad, A., et al., Extending social networks with delegation. Computers & Security, 2017. 70: p. 546-564. https://doi.org/10.1016/j.cose.2017.07.010 [9] Gomi, H. Dynamic Identity Delegation Using Access Tokens in Federated Environments. in 2011 IEEE International Conference on Web Services. 2011. https://doi.org/10.1109/I CWS.2011.30 [10] Gomi, H., et al. A Delegation Framework for Federated Identity Management. in Proceed- ings of the 2005 workshop on Digital identity management. 2005. New York, NY, USA: ACM. https://doi.org/10.1145/1102486.1102502 [11] Zhang, L., G.-J. Ahn, and B.-T. Chu, A rule-based framework for role-based delegation and revocation. ACM Trans. Inf. Syst. Secur., 2003. 6(3): p. 404-441. https://doi.org/10.11 45/937527.937530 iJIM ‒ Vol. 15, No. 14, 2021 35 https://doi.org/10.22215/timreview/1112 https://doi.org/10.1109/ROPEC.2016.7830641 https://doi.org/10.1109/ROPEC.2016.7830641 https://www.tech.gov.sg/TechNews/DigitalGov/2018/09/Giving-every-citizen-a-unique-digital-identity https://www.tech.gov.sg/TechNews/DigitalGov/2018/09/Giving-every-citizen-a-unique-digital-identity https://doi.org/10.1007/s10207-011-0140-7 https://doi.org/10.1016/j.cose.2017.07.010 https://doi.org/10.1109/ICWS.2011.30 https://doi.org/10.1109/ICWS.2011.30 https://doi.org/10.1145/1102486.1102502 https://doi.org/10.1145/937527.937530 https://doi.org/10.1145/937527.937530 Paper—Innovative Delegation Application in Thai National Digital Identity Platform [12] Li, N., B.N. Grosof, and J. Feigenbaum, Delegation Logic: A Logic-based Approach to Distributed Authorization. ACM Transactions on Information and System Security, 2003. 6(1): p. 128-171. https://doi.org/10.1145/605434.605438 [13] Ciesielkiewicz, M., C. Bonilla, and C. Olave López de Ayala, Putting ePortfolios into Practice: Willingness of School Principals to Use the ePortfolio as a Hiring Tool in Poland and Spain. 2020, 2020. 14(14): p. 12. https://doi.org/10.3991/ijim.v14i14.15075 [14] Sung-hyun, Y. and L. Heui-seok, The Biometric based Mobile ID and Its Application to Electronic Voting. KSII Transactions on Internet & Information Systems, 2013. 7(1): p. 166-183. https://doi.org/10.3837/tiis.2013.01.011 [15] Cimander, R., A. Aarma, and A. Järv, eGovernment Interoperability at Local and Regional Level Good Practice Case: eID in Estonia, e. Unit, D.I.S.a. Media, and E. Commission, Editors. 2006. [16] Babić, S., M. Krešić, and K. Kucel. E-education 2.0: Students' digital identity and online learning activities. in 2014 37th International Convention on Information and Communica- tion Technology, Electronics and Microelectronics (MIPRO). 2014. https://doi.org/10.1109/MIPRO.2014.6859666 [17] Casillas, J., Can banks offer digital keys for health care? World Hospitals And Health Ser- vices: The Official Journal Of The International Hospital Federation, 2013. 49(3): p. 29- 33. [18] Mceachern, A. and D. Cholewa, Digital Health Services and Digital Identity in Alberta. Studies in health technology and informatics, 2017. 234: p. 222-227. [19] Grassi, P.A., M.E. Garcia, and J.L. Fenton, Digital Identity Guidelines, in National Insti- tute of Standards and Technology Special Publication 800-63-3. 2017. https://doi.org/10.6028/NIST.SP.800-63-3 [20] Nakamoto, S. Bitcoin: A peer-to-peer electronic cash system. 2008. [21] Casino, F., T.K. Dasaklis, and C. Patsakis, A systematic literature review of blockchain- based applications: Current status, classification and open issues. Telematics and Informat- ics, 2019. 36: p. 55-81. https://doi.org/10.1016/j.tele.2018.11.006 [22] Yaga, D., et al., Blockchain Technology Overview. 2018, NIST. https://doi.org/10.6028 /NIST.IR.8202 [23] Alsaqqa, S. and S. Almajali, Blockchain Technology Consensus Algorithms and Applica- tions: A Survey. International Journal of Interactive Mobile Technologies (iJIM), 2020. 14. https://doi.org/10.3991/ijim.v14i15.15893 [24] Sullivana, C. and E. Burgerb, E-residency and blockchain. Computer Law & Security Re- view, 2017. 33(4): p. 470-481. https://doi.org/10.1016/j.clsr.2017.03.016 [25] Gao, Z., et al. Blockchain-based Identity Management with Mobile Device. in 1st Work- shop on Cryptocurrencies and Blockchains for Distributed Systems. 2018. Munich, Ger- many: ACM. https://doi.org/10.1145/3211933.3211945 [26] Ferraiolo, D.F. and D.R. Kuhn, Role-Based Access Controls, in 15th National Computer Security Conference. 1992: Baltimore. p. 554 - 563. [27] Sandhu, R.S., et al., Role-Based Access Control Models. IEEE Computer, 1996. 29(2): p. 38-47. https://doi.org/10.1109/2.485845 [28] Yuan, E. and J. Tong. Attributed based access control (ABAC) for Web services. in IEEE International Conference on Web Services (ICWS'05). 2005. https://doi.org/10.1109/ICWS .2005.25 [29] Wang, L., D. Wijesekera, and S. Jajodia, A logic-based framework for attribute based ac- cess control, in Proceedings of 2004 ACM workshop on Formal methods in security engi- neering. 2004, ACM: Washington DC, USA. https://doi.org/10.1145/1029133.1029140 [30] Jin, X., R. Krishnan, and R. Sandhu. A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC. in 26th Annual IFIP WG 11.3 Conference, DBSec 2012. 2012. Paris, France: Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-642- 31540-4_4 36 http://www.i-jim.org https://doi.org/10.1145/605434.605438 https://doi.org/10.3991/ijim.v14i14.15075 https://doi.org/10.3837/tiis.2013.01.011 https://doi.org/10.1109/MIPRO.2014.6859666 https://doi.org/10.6028/NIST.SP.800-63-3 https://doi.org/10.1016/j.tele.2018.11.006 https://doi.org/10.6028/NIST.IR.8202 https://doi.org/10.6028/NIST.IR.8202 https://doi.org/10.3991/ijim.v14i15.15893 https://doi.org/10.1016/j.clsr.2017.03.016 https://doi.org/10.1145/3211933.3211945 https://doi.org/10.1109/2.485845 https://doi.org/10.1109/ICWS.2005.25 https://doi.org/10.1109/ICWS.2005.25 https://doi.org/10.1145/1029133.1029140 https://doi.org/10.1007/978-3-642-31540-4_4 https://doi.org/10.1007/978-3-642-31540-4_4 Paper—Innovative Delegation Application in Thai National Digital Identity Platform [31] Ali, A., U. Habiba, and M.A. Shibli. Taxonomy of Delegation Model. in 2015 12th Inter- national Conference on Information Technology - New Generations. 2015. https://doi.org/10.1109/ITNG.2015.41 [32] Leitold, H. and A. Tauber, A Systematic Approach to Legal Identity Management - Best Practice Austria, in ISSE 2011 Securing Electronic Business Processes: Highlights of the Information Security Solutions Europe 2011 Conference, N. Pohlmann, H. Reimer, and W. Schneider, Editors. 2011, Vieweg+Teubner Verlag: Wiesbaden. p. 224-234. https://doi.org/10.1007/978-3-8348-8652-1_20 [33] Bellare, M., H. Shi, and C. Zhang, Foundations of group signatures: the case of dynamic groups, in Proceedings of the 2005 international conference on Topics in Cryptology. 2005, Springer-Verlag: San Francisco, CA. p. 136-153. https://doi.org/10.1007/978-3-540- 30574-3_11 [34] Cooper, R.G., Stage-gate systems: A new tool for managing new products. Business Hori- zons, 1990. 33(3): p. 44-54. https://doi.org/10.1016/0007-6813(90)90040-I [35] Cooper, R.G., Perspective: The Stage Gate® Idea to Launch Process-Update, What's New, and NexGen Systems. Journal of Product Innovation Management, 2008. 25(3). https://doi.org/10.1111/j.1540-5885.2008.00296.x [36] Ansong-Gyimah, K., Students' Perceptions and Continuous Intention to Use E-Learning Systems: The Case of Google Classroom. 2020, 2020. 15(11): p. 9. https://doi.org/10.3991/ijet.v15i11.12683 [37] Singh, S., I.A. Zolkepli, and C. Wen Kit, New Wave in Mobile Commerce Adoption via Mobile Applications in Malaysian Market: Investigating the Relationship Between Con- sumer Acceptance, Trust, and Self Efficacy. 2018, 2018. 12(7): p. 17. https://doi.org/10.39 91/ijim.v12i7.8964 [38] Davis, F.D., Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Infor- mation Technology. MIS Quarterly, 1989. 13(3): p. 319-340. https://doi.org/10.2307/24 9008 [39] Chow, T.S., Testing Software Design Modeled by Finite-State Machines. IEEE Transac- tions on Software Engineering, 1978. SE-4(3): p. 178-187. https://doi.org/10.1109 /TSE.1978.231496 [40] Howard, M. and S. Lipner, The Security Development Lifecycle. 2006: Microsoft Press. 6 Authors Pensri Arunwatanamongkol is currently a Ph.D. student in the Technopreneur- ship and Innovation Management Program, Graduate School, Chulalongkorn Univer- sity, Bangkok 10330, Thailand. E-mail: pensri@gmail.com Natawut Nupairoj is currently an Assistant Professor in the Department of Com- puter Engineering, Faculty of Engineering, Chulalongkorn University, Bangkok 10330, Thailand. E-mail: natawut.n@chula.ac.th Uthai Tanlamai is currently a Professor in the Department of Accountancy, Facul- ty of Commerce and Accountancy, Chulalongkorn University, Bangkok 10330, Thai- land. E-mail: uthai@cbs.chula.ac.th Article submitted 2021-02-15. Resubmitted 2021-05-11. Final acceptance 2021-05-12. Final version published as submitted by the authors. iJIM ‒ Vol. 15, No. 14, 2021 37 https://doi.org/10.1109/ITNG.2015.41 https://doi.org/10.1007/978-3-8348-8652-1_20 https://doi.org/10.1007/978-3-540-30574-3_11 https://doi.org/10.1007/978-3-540-30574-3_11 https://doi.org/10.1016/0007-6813(90)90040-I https://doi.org/10.1111/j.1540-5885.2008.00296.x https://doi.org/10.3991/ijet.v15i11.12683 https://doi.org/10.3991/ijim.v12i7.8964 https://doi.org/10.3991/ijim.v12i7.8964 https://doi.org/10.2307/249008 https://doi.org/10.2307/249008 https://doi.org/10.1109%0b/TSE.1978.231496 https://doi.org/10.1109%0b/TSE.1978.231496 mailto:pensri@gmail.com mailto:natawut.n@chula.ac.th mailto:uthai@cbs.chula.ac.th