Accelerate Your Digital Transformation: 7Block Labs’ Integration Services

These days, with everything moving so quickly, companies really have to embrace the digital age to stay in the game. That's where 7Block Labs steps in! They provide awesome integration services that can really amp up your digital transformation journey.

Why Integration is Key

Bringing your systems and processes together isn’t just about getting a tech upgrade; it can really turn the game around for you. Let me share a few reasons why:

• Streamlined Processes: Wave goodbye to those tedious manual tasks and embrace a smoother, more efficient way of getting things done!
• Easier Data Access: Always have the info you need, right when you need it!
• Boosted Teamwork: Tear down those walls between departments and watch your teams collaborate in ways you never thought possible!

Our Integration Services

At 7Block Labs, we provide a range of integration services that are specifically designed to meet your individual needs. Here’s what we’ve got for you:

1. API Development: Looking to link up different applications? Our custom APIs make that process super smooth! 2. Cloud Integration: Seamlessly connect your on-premises systems with your cloud solutions--no hassle involved! 3. Data Migration: Switching to a new system? No worries--we’ve got your back! We’ll make sure your data moves over seamlessly and stays safe throughout the whole process. 4. Process Automation: We’re here to help you take care of those boring, repetitive tasks. That way, your team can spend their time on the things that truly matter! 5. System Integration: No matter if it’s ERP, CRM, or any other systems, we’ve got the know-how to help everything sync up smoothly.

Our Approach

Here at 7Block Labs, we're all about teamwork and collaboration. So, here's the lowdown on how we roll:

• Discovery Phase: We really take the time to dig into your existing systems and get a feel for what you need.
• Tailored Solutions: Forget those one-size-fits-all answers! We create a solution that fits your business perfectly, just like a glove.
• Implementation: Our team’s got your back! We’ll make sure everything is up and running without a hitch, so you won’t have to worry about any interruptions.
• Ongoing Support: We’ve got your back throughout this journey! We're here to offer help and make any tweaks along the way whenever you need them.

Ready to Transform?

Thinking about diving into digital transformation? We’d love to talk! Hit us up at 7Block Labs, and let’s see how our integration services can really take your business to the next level.

Why wait for the future? Start shaping it today with 7Block Labs!

The specific integration headache you’re probably feeling

Hey there! So, it looks like your ERP, CRM, and IdP tools--like SAP S/4HANA, Salesforce, and Okta--aren't really getting along with your on-chain systems. That's a bummer! Setting up a “bridge” or custom middleware can sometimes feel like asking for a security review nightmare, right? It’s like you’re just waiting for something to go wrong.
So, when you're working with Okta, it's important to keep in mind that their integrations blend SAML and OIDC for single sign-on (SSO) and use SCIM for handling lifecycle provisioning. If you happen to get any of this modeling wrong, you could really run into some headaches later on. Trust me, you don’t want to deal with issues like trouble with RBAC propagation or failing those account de-provisioning tests when you're in the user acceptance testing phase. It's definitely something to watch out for! (help.okta.com).

Hey there! So, it looks like SAP events are available, but it seems like your teams aren’t fully tapping into the BTP Event Mesh roles, service descriptors, and topic rules across different environments. There's definitely some room to make better use of those tools! Instead, you’re left trying to poll APIs and you’re falling short on those nearly real-time service level agreements. (help.sap.com).

The whole signing and custody thing is kind of a jumble right now. Your infrastructure teams are checking out options like HSM/KMS or confidential compute, but on the flip side, the app teams are just after a straightforward signer. It's like two different worlds colliding! AWS Nitro Enclaves might just be the solution you’re looking for! They come packed with some pretty awesome features like attestation, strong isolation, and seamless integration with KMS. Honestly, a lot of organizations aren't really doing a great job when it comes to enforcing the right enclave-bound policies or keeping those parent instance privileges separate. (aws.amazon.com).

• And then there's this whole thing called compliance friction. So, here's the deal: Procurement is looking for SOC 2 Type II mappings that line up with the trust service criteria. At the same time, InfoSec is really advocating for us to align with the controls from ISO/IEC 27001:2022.
  In the meantime, your dev teams are moving at lightning speed, way faster than your evidence repository can handle. (aicpa-cima.com).
• Oh, and let’s chat about cost predictability for a second! Ever since Ethereum rolled out its Dencun hard fork (you know, EIP-4844), the costs for L2 DA have seriously plummeted. It’s pretty impressive! But here's the thing--nobody's really put together a solid TCO model or set up SLAs for your dApps and rollup integrations. (blog.ethereum.org).

The Risks If You Don’t Fix It

• Missed deadlines: Every little detail with IdP/ERP redlines, like mapping SAML assertions, defining SCIM scopes, or putting together Named Credentials in Salesforce, just adds to the hold-ups. It can really start to feel like we’re stuck in a never-ending cycle of delays. Before you know it, your launch dates get pushed back by several months!
  Also, those global rollouts can really stumble when the authentication and token setups specific to each environment aren't sorted out the right way. It’s like trying to run a race without tying your shoelaces! If you're curious and want to dive deeper, you can find more details right here!
• Governance failures: If there’s no verified signer, you’re likely to run into audit issues, and trust me, that’s definitely something you want to steer clear of. Hey there! If you're not using Clef or hooking up with a Vault/KMS, you might want to rethink things. Without those tools, you could really struggle to gather the key-management evidence and keep up with change-control checks. Just a heads up! If you’re looking for more details, you can check it out here.
• Vendor risk: Cross-chain hacks are definitely still on everyone's radar at the board meetings. If you choose to create your own bridging solution, just know that you'll be taking on the whole threat model yourself. Plus, you'll have to deal with those RCSA reviews, which can be a bit of a hassle.
  Why not think about using mature cross-chain protocols? They offer DON-backed security, which can really boost your risk management strategy. It’s definitely something to consider adding into the mix! Find out more here.
• Privacy pushback: The teams in different areas are super focused on cutting down on data usage and being picky about what information they share. If you decide to skip using verifiable credentials (VC 2.0), it could really impact your experience. So, here’s the thing: if you're not careful with your data collection, you could end up gathering way too much personal info. And trust me, that could lead to some major headaches during those EU or PIPL reviews. Keep it on your radar! Check out the details here. It's worth a read!
• Budget Credibility: So, here’s the deal--since L2 fees are changing thanks to EIP-4844, if you don’t update your ROI model, you can count on Finance coming in hot to trim future phases.
  If you want a quick rundown of what's changed, take a look at this link here. It’s pretty informative!

7Block Labs’ “Integration, Hardened” Methodology

We're excited to announce a new 90-day pilot program that's super easy for procurement teams! This initiative will help link your Web2 systems with compliant on-chain workflows. We can't wait for you to try it out! We're all about putting "control coverage first" and then looking at performance. It’s kind of our go-to strategy!

1) Map Controls and Interfaces (2-3 weeks)

• Control Mapping: Let's make sure our data flows and components line up with the SOC 2 Trust Services Criteria and the latest ISO/IEC 27001:2022 Annex A control set. It’s all about keeping everything organized and compliant! Let's put together a gap analysis and figure out any additional controls we might need to have in place. No need to stress! From day one, we’ll make sure all the evidence is sorted and ready to go for your audit binder. Take a look at it here: (aicpa-cima.com).
• Identity and Provisioning Architecture: This refers to the system design and setup that helps manage and control user identities and access rights. It's all about making sure that the right people have the right access to the right resources, ensuring everything runs smoothly and securely. We're going to set up Single Sign-On (SSO) using SAML or OIDC through Okta, and we'll handle the lifecycle management with SCIM. We'll definitely keep the "admin-only" apps separate, and we’ll put some limits on SCIM to make sure we avoid any lockouts. If you're looking for more info, check this out: help.okta.com. It’s got all the details you need!

So, when it comes to Salesforce, we’re going to set up Named Credentials and External Credentials. This way, we can keep the authentication process seamless across different environments (you know, the 2GP stuff). Plus, we'll be tokenizing everything through the Connect API to make sure it's all secure and efficient! You can find more details over at this link: (developer.salesforce.com). Check it out!

• Event Backbones: We're going to manage SAP Event Mesh by creating role collections and service descriptors, along with setting up some topic rules.
  We’re really focused on standardizing our namespaces to make sure our publish/subscribe practices follow the least privilege principle. Dive deeper here: (help.sap.com).
• Signer Boundary: To keep things secure, we're going to use AWS Nitro Enclaves, plus KMS condition keys linked to PCRs. It’s a solid combo to ensure everything stays protected. So, we’ll be taking care of decryption and signing right inside the enclaves only. If you're already on Vault Enterprise, we can totally add Vault Transit with HSM-managed keys if you want. It's totally optional! Take a look at this link: AWS Documentation. You’ll find some great info there!

On top of that, we're going to involve some outside signers, like Clef, for the EVM. This way, we can keep the key material separate from the validator nodes and make sure those prompts are super easy to audit. If you want to dive deeper into it, check out this link for all the details: geth.ethereum.org. Happy exploring!

2) Design Solidity/ZK with Upgradability and Privacy (2-3 Weeks)

So, if you're looking to design your smart contracts with an eye on upgradability and privacy, here’s a quick outline to help you out:

Smart Contract Patterns:

• UUPS Proxies: Don't forget to take a look at the ERC‑1967 slots; they can really help keep the proxy overhead to a minimum. Make sure to include the upgrade logic in your implementation, and remember to throw in some initializer guards! These little guys are super helpful for avoiding those annoying "uninitialized implementation" bugs that can pop up. Trust me, you'll be glad you did! If you want to dive deeper into the details, just check out the OpenZeppelin Docs. They’ve got everything you need!
• Diamonds: So, if you're getting into EIP‑2535, keep in mind that when you're dealing with module granularity and the growth of ABI, you'll definitely want to make use of “facets.” "Don’t forget to show off those loupe functions and make sure to emit DiamondCut. It’s super important for keeping tabs on the change history!" If you're really interested and want to explore more, check out EIPs Ethereum. It’s a great resource for getting into the details!

Gas Optimization and Modern EVM:

• Transient Storage: Take advantage of EIP-1153 for managing reentrancy locks or setting flags during transactions. It’ll save you the headache of constantly battling SSTORE/SLOAD churn. If you're looking to optimize those tight loops, trying out MCOPY (EIP-5656) with calldata slicing could be a game changer! It can really help you streamline everything and make your code run a lot smoother. If you want to dive deeper into this optimization, check it out over at EIPs Ethereum. There's a lot of great info there!

Zero-Knowledge:

• Circom 2 + snarkjs: If you’re diving into SNARK circuits, you definitely want to check out Circom 2 and snarkjs together. They're a killer combo! Hey, don’t forget to think about connecting with Noir or RISC Zero paths if your computation really clicks with zkVM. It could be a great fit! This means that Rust code can turn into verifiable receipts, and they’ve got some cool GPU acceleration options laid out in their documentation. If you're looking for more info, be sure to swing by the Circom Docs. They’ve got plenty of great resources waiting for you!
• **VC 2. This update introduces selective disclosure for attestations at the vendor or SKU level. This is a game-changer for sharing quality certificates or sustainability claims because you can do it without putting any Personally Identifiable Information (PII) at risk. Pretty handy, right? For all the latest info, check out W3C and get the lowdown!

3) Integrate Cross-Chain and ERP/CRM Events (3-4 Weeks)

• Interoperability: If you're looking to nail cross-chain messaging and settlement, we suggest giving CCIP a try, especially with the added features of rate limits and programmable token transfers. They really help streamline the whole process! Let’s avoid cobbling together our own bridges or relying on isolated liquidity solutions. If you want all the details, just check it out here!
• ERP/CRM Event Flow: So, our S/4HANA system is all set up to send out business events using Event Mesh. We’re going to take things like GR/IR, delivery, and quality inspection events and turn them into calls that can be used on the blockchain. You can use either ERC-1155 batch tokens or claims with VC 2 for this. You've got zero anchors, all safely locked away either inside an enclave or protected by Clef. If you're looking to explore this further, just click here. Happy browsing! For Salesforce, we're going to use Named Credentials along with Apex and Flow for our HTTP callouts. We’ll bundle everything up using 2GP to keep things tidy. This way, we can ensure that both our UAT and Production environments stay steady when it comes to managing token distribution. If you want to dig deeper into this topic, you can check out more details here.
• Identity/Access: Sure! We're going to get Okta configured for single sign-on (SSO) using SAML or OIDC, and we'll also take care of provisioning with SCIM. Also, we can totally map SCIM groups to chain roles or off-chain policies, which will then be integrated into your relayer. If you’re looking for more info, feel free to check out the details right over here. It should help you out!

4) Validate, Evidence, and Operate (Weeks 8-12)

• Security Testing: We’re gearing up to do some fuzz and invariant tests with Foundry, which should be interesting! We’ll also dig into static analysis using the Slither class. Plus, we won’t overlook scenario tests focused on EIP‑1153 flows and making sure we’ve got Diamonds loupe coverage. It's going to be a thorough check!
• Compliance Bundle: This is all about collecting SOC 2 evidence. We’re talking things like change management, access reviews, and those logs from incident response drills. Also, we'll be checking out the ISO 27001 statement of applicability. Just a quick reminder to keep an eye on those signers’ attestation artifacts, like the Nitro PCRs. They’re important! If you want to dive deeper into this topic, you can check it out here.
• FinOps: We're diving into the fee model for each chain after Dencun. Get ready to check out a KPI dashboard that shows trends for blob base fees and gas budgets for every workflow. It’s going to make it super easy to keep track of everything! We’ll even highlight a “before and after” cost comparison for L2 interactions! Hey, you might want to take a look at this blog post. It's got some interesting details you won't want to miss!

Actionable architecture patterns we implement

• Private signers with verification. We’re using AWS Nitro Enclaves to securely store our keys. Plus, we’ve configured KMS policies that rely on measurements from the enclaves. To boost our security, we use Vault Transit for envelope encryption or HSM-backed keys whenever it's needed. The coolest thing? Our keys always stay in a secure place you can trust, and auditors get official documents to confirm everything’s legit. Check it out here.
• CCIP: The Cross-Chain Backbone. With CCIP, we can manage all sorts of messaging and make token transfers super programmable! We've rolled out some new features to boost our security, like rate limiting and time-locked upgrades. These changes should really help keep things safe and sound! This means you won’t have to deal with any custom bridge code, which makes those vendor risk reviews super easy! Learn more here.
• Event-driven ERP
  We set up our namespace and the publish/subscribe rules using the service descriptors available in SAP Event Mesh. We make sure these rules are spread across our dev, stage, and production environments, following the least privilege principle. It's all about keeping things secure and only giving access to what’s absolutely necessary. So, what’s the result? You get real-time synchronization, and the best part is, there’s no annoying polling involved! Dive deeper here.
• Enterprise SSO and provisioning. This is all about simplifying access for users across the board. With Single Sign-On (SSO), folks can log in once and access multiple applications without the hassle of juggling different passwords. Plus, provisioning ensures that new users get set up quickly and easily, making the whole onboarding process a breeze! We count on Okta for handling our SAML and OIDC authentication, and we use SCIM to keep our identities in check. On top of that, we've put together a few test suites to make sure we're all set when it comes to SCIM de-provisioning and handling any role drift. Get the details here.
• Salesforce packaging
  We're all about using Named Credentials together with External Credentials in our approach. We handle all our packaging through 2GP, and when it comes to installation, we make sure to fill in the tokens using the Connect API. Not only does this help us get through change-control, but it also ensures we steer clear of any hard-coded secrets. If you’re looking for more details, you can check it out here. There’s a lot of helpful info waiting for you!
• Solidity Upgradability and Auditability. To keep our upgrades nice and streamlined, we use UUPS. Whenever we're looking to speed things up with feature development, we can always rely on Diamonds with facets. We always keep our storage layouts updated and make sure to log any upgrades. This way, you'll have a clear record of all the changes that have happened over time. Check it out here.
• ZK Privacy and Selective Disclosure: So, when we talk about zero-knowledge (ZK) privacy, we're diving into this cool tech that lets you prove you know something without actually revealing what that something is. It’s like saying, “I know the answer” without actually telling anyone what the answer is. Selective disclosure takes that a step further, allowing you to share specific pieces of information while keeping other details under wraps. It's all about giving you control over what you want to share and what you want to keep to yourself. We're using Circom circuits for our proofs, which lets us verify suppliers while keeping their identities under wraps. It's a pretty cool way to ensure privacy! We're also bringing VC 2 into the mix! You’ve got a score of 0 for those standards-based verifiable attestations. Curious to dive deeper? Just click here to explore!

Flow

1. So, when SAP S/4HANA processes a Goods Receipt, it triggers an event through Event Mesh, specifically one that’s scoped for managing roles for our consumer. (help.sap.com). 2. So, the consumer takes that event and links it up to an ERC-1155 batch mint on a Layer 2. So, this is where the signer works inside the Nitro Enclave. There's actually a policy set up that makes sure only approved code gets to call KMS unwrap. Pretty cool, right? (docs.aws.amazon.com). 3. To make sure we're on the right side of regulations like RoHS and REACH, we stick with a VC 2. You’ve got this zero-credential batch token that lets verifiers check if something’s legit without having to sift through any personal info. Pretty handy, right? (w3.org). 4. When it comes to cross-plant transfers, we rely on these cool CCIP programmable token transfers. They let us update custody and instructions all in one go, no matter if we’re moving things from L2 to a private EVM. It really streamlines the whole process! (docs.chain.link).

Why It Matters

This setup really helps you maintain "audit-ready" traceability, keeps a close eye on who can sign what, and also slashes those per-event costs following EIP-4844. Our FinOps sheet is super useful for figuring out blob fees and setting up alert thresholds, just in case we see any unexpected spikes. (blog.ethereum.org).

Flow

1. It all starts with a Salesforce Flow, which makes an HTTP callout using a Named Credential to send over a warranty claim hash. If you want to dive deeper into that topic, just click here. It’ll take you directly to the info you need! Next, the customer sends over a Circom proof to show that their product is still under warranty, and they manage to keep their address completely confidential while doing so. So, the verifier contract jumps in to take a look at the proof and VC 2. 0 status bits. Learn more here.
2. If things start to get a little messy, like when you need multi-chain arbitration for logistics on layer 3 or finance on layer 2, CCIP has your back. It smoothly handles everything by sending out the right messages and funds where they need to go. If you're looking for more details, you can check it out here.

Why it matters

• Since we're all about protecting your privacy, we end up dealing with a lot less personally identifiable information (PII). On top of that, with the cross-chain flow, we’ve got this great advantage of cutting out the need for manual reconciliation. This means faster settlement times for everyone involved! How awesome is that?

Best Emerging Practices We Apply (So You Don’t Have to Learn the Hard Way)

• Keeping your Gas and EVM in check after Dencun. Hey, just a quick reminder to utilize EIP‑1153's transient storage for your reentrancy locks and state flags. It’s crucial to keep the revert-scope in mind while you’re at it! Hey, just a quick reminder! Make sure to keep an eye on those blob base fees. And don’t forget to add some back-pressure to those write-heavy flows. It’ll help keep everything running smoothly! Check it out here.
• Upgrades that have a clear blast radius. Hey, just a quick tip for working with UUPS: don't forget to set up those initialize and upgrade guards! They're super important. If you’re working with Diamonds, make sure to keep the loupe visible and use DiamondCut. This way, you’ll have a solid, unchangeable record of any changes you make to the facets. It’s a smart way to keep everything transparent! If you want to get into the nitty-gritty, just check it out here. Happy exploring!
• Splitting up responsibilities for signers. You might want to think about using Clef as an external signer or maybe linking your keys to Nitro Enclave. It's a good way to boost your security! Hey, just a quick reminder to switch up those attestations regularly and make sure to jot down the PCR measurements along with any change tickets. It’ll save you some hassle down the line! If you want to find out more, just click here. There’s plenty of info waiting for you!
• Standards-first interoperability If you’re looking into cross-chain messaging or settlement, go with CCIP instead of trying to build your own custom bridges. It'll save you a lot of hassle! If you're planning to allow-list some assets, it’s definitely a smart move to team this up with a compliance rules engine. Find out more here.
• Vendors you can trust.
• Go ahead and start using VC 2! You’ve got everything you need for supplier credentials--like the status lists and JOSE/COSE binding--so you can easily tackle those privacy by design reviews. This should really help simplify things and reduce all the back-and-forth with KYC/AML data transfers. Check it out here.
• ERP event discipline Think of Event Mesh service descriptors as if they were code. Hey, don’t forget to go over those role collections and namespaces each time there's a new release! It’s a great way to prevent privilege creep from sneaking in. Trust me, it makes a big difference! If you’re looking for more info, check this out here. It’s got some great insights!

How We Connect This to Procurement and ROI (GTM Metrics You Can Stand By)

Deployment Milestones Your PMO Can Keep an Eye On

• Week 2: Let's make sure we get that integration spec approved! Don't forget, it needs to cover the mappings for SOC 2 and ISO 27001, plus we should have a solid plan for signer attestations in place. (Check it out).
• Week 6: Wrap up the whole sandbox process from start to finish--so that’s moving through the IdP, then onto the ERP/CRM, getting the signer involved, and finishing up with L2. Don't forget to add in some synthetic load testing and keep an eye on that blob fee telemetry too! (More info here).
• Week 10: It's finally time for User Acceptance Testing (UAT)! We're diving into this with a regression pack and testing out those upgrade paths using the UUPS or Diamond loupe tests. It should be an interesting week!

Quantified KPIs

• Compliance: Keep an eye on how many controls you can actually back up with evidence. Ideally, you should shoot for hitting at least the SOC 2 standards for Security and Availability. Hey, just a quick reminder to keep an eye on your signer attestation renewal deadline--it's usually every quarter. Don’t let it slip your mind! (Learn more).
• Cost: Let's find out what the average cost is for each business event on L2. You're shooting for an impressive 70-95% cut compared to the old pre-Dencun calldata benchmarks. Don’t forget to break this down to show the total cost of ownership (TCO) for each SKU or order. (Details here).
• Throughput: Make sure to track how long it takes for events to get finalized (look at those P50 and P95 numbers), and don’t forget to keep an eye on how often CCIP messages succeed. Also, be on the lookout for any rate-limit alerts! (See the docs).
• Security: Keep an eye on how long it takes to revoke access using SCIM. Try to keep those signer policy violations at zero! (Check this out).

Procurement Accelerators We Offer

Hey there! We’ve put together a super handy RFP technical appendix that’s all set for you. It features architecture diagrams, a data flow chart, a summary of the DPIA, and a rundown of our control coverage. Everything you need is right here!

• Oh, and make sure you grab our evidence pack! It’s got all the important stuff inside, like SOC 2/ISO 27001 control mappings, change logs for contracts that can be upgraded, signer attestation artifacts, and even a segregation of duties matrix. You won’t want to miss it!

What You Get from 7Block Labs

You've got a pretty solid foundation to work with here! It offers various identity options such as SAML, OIDC, and SCIM, which is super handy. Plus, there’s event management through SAP Event Mesh--great for keeping track of things. If you're into cross-chain capabilities, CCIP has got you covered. And when it comes to signing solutions, you can choose between Nitro Enclaves and Clef. On top of all that, there are smart contract patterns like UUPS and Diamonds, all designed to help you save on fees after EIP-4844. Pretty neat, right?

Here’s a straightforward and easy way to demonstrate your return on investment (ROI) that will really click with your executives:

• "Here's the SOC 2 Type II evidence from our first sprint." ”.
• "The signer attestation is connected to the KMS policy." ”.
• "A budget for FinOps that keeps an eye on blobs, complete with alerts." ”.
• "So, we're talking about selective disclosure here with VC."

0. ”.

Where Our Delivery Fits Into Your Roadmap

• Got a greenfield dApp? We’re here to help you take your prototype and elevate it into a full-blown product. Let’s make your vision a reality! We’ll make sure it fits right in with your ERP, CRM, and IdP systems using our dApp development solutions and smart contract development. You won’t have to worry about a thing!
• For enterprise platforms: Looking to level up your current systems? No worries, we’ve got your back with our awesome blockchain integration services! We're all about making things run like a well-oiled machine, which is why we offer custom blockchain development services along with security audit services. You can count on us to keep everything secure and efficient!
• For all your multi-chain needs: We've got you covered with our expertise in cross-chain solutions development. Plus, if you're looking to link different blockchain networks, we can help with blockchain bridge development. Whether you're just starting out or looking to expand, we’ve got the tools to make it happen!
• For tokenized workflows: We’re here to help you craft smart strategies for managing your assets and credentials! Check out our services on asset tokenization and developing an asset management platform. Let’s get started on turning your ideas into reality!
• For productized Web3 initiatives: We offer a full range of Web3 development services that are tailor-made to seamlessly integrate into your procurement process. This way, you can smoothly transition into the Web3 space without any hiccups.

Implementation Notes (Deep-Tech Specifics We’ll Handle)

• Handling Solidity storage layouts, which involves working with EIP-1967 slots and figuring out storage gaps. We'll definitely be doing some thorough testing to make sure we catch any storage collisions that might pop up during upgrades.
• We’re looking into using EIP-1153 to handle transient storage locking, especially in parts of the code that are sensitive to reentrancy. If we can manage with intra-frame communication, we'll just rely on memory instead. (eips.ethereum.org). I’m working on setting up a Circom proving pipeline CI. The plan is to make sure we have witness generation under control and that it's consistent every time. I also want to keep an eye on constraint count budgets and profile how much gas is being used for the proof verifiers. It’s a bit of a challenge, but I’m excited to see how it all comes together!
• We're excited to announce the launch of VC 2! We're working with 0 issuance by using JOSE/COSE cryptosuites, and we're also incorporating Status List bitstrings for revocation. We'll definitely keep the concerns of issuers, holders, and verifiers in their own separate boxes.
  (w3.org). We're rolling out CCIP for programmable token transfers! What this means is that we're going to combine state change instructions with our asset movements. It's a pretty cool way to streamline everything. Also, we've got some rate-limit policies set up to make sure we can keep things under control and prevent any potential issues from spreading too far. (docs.chain.link).
• We’re working on setting up SAP Event Mesh JSON service descriptors as code. This includes putting some guardrails in place for the topic rules when it comes to publish/subscribe. We're going to run some API-level tests for the roles to make sure everything's working just right. (help.sap.com).
• We’ve set up Packaging Named Credentials and token populations in Salesforce using the Connect API. This makes it super easy to deploy things repeatedly across various organizations. (developer.salesforce.com).
• Saving signer attestations using Nitro PCRs and checking them out via the Clef UI. Let’s set up a regular schedule for rotating things and keeping hold of important info. (docs.aws.amazon.com).

If you need it yesterday: the 90-day pilot plan

• Days 1-10: Start by diving into control mapping. Then, go ahead and sketch out your Identity Provider (IdP) and signer reference. Don’t forget to set up a plan for the Event Mesh namespace while you’re at it! Hey, just a quick reminder to get that procurement deck sorted out. Remember, we need to cover those SOC 2 and ISO 27001 mappings! Thanks! Check it out here.
• Days 11-40: Get ready to dive in! It's time to tackle the main processes: connecting the Identity Provider to the ERP/CRM, getting that signer in place, and then moving on to Layer 2. Also, don’t forget to roll out CCIP and set up those dashboards to keep an eye on blob fees and signer attestations. Let’s make it happen! If you're looking for more details, you can check it out here.
• Days 41-70: Things are about to get a little more interesting as we dive into ZK/VC 2! You’re all set to dive into some zero integration stuff, right? We'll kick things off with a handy playbook to help you upgrade to UUPS and Diamonds. And don’t worry, we’ll wrap things up with a complete end-to-end user acceptance testing for SAP and Salesforce. Let’s make sure everything runs smoothly! Dive deeper here.

Days 71-90: Alright, we’re in the home stretch! Let’s make sure your setup is rock solid. Spend some time putting together that compliance evidence pack you’ve been working on. Also, get ready to create a report for the board that outlines ROI and TCO - don’t forget to factor in those costs after Dencun. You’ve got this! Check it out here.

Book a 90-Day Pilot Strategy Call

Excited to dive into your journey? Let’s team up for a 90-Day Pilot Strategy Call! It’s a great chance to chat about your goals and craft a solid plan to make sure you’re set up for success.

It’s super simple! Just follow these easy steps, and you’ll be all set in no time:

1. Pick a date: Check out our calendar and find a time that suits you best! 2. Let’s get this form done: Share a few details with us so we can really maximize our time during the call. 3. Get pumped: Bring along your thoughts, any burning questions, and anything else you’re itching to chat about!

We're super excited to chat and kick things off! If you've got any questions before we connect, don’t hesitate to reach out.

Notes on Sources and Recency

So, ever since the whole Dencun update, there have been some pretty noticeable cuts in fees for Layer 2 solutions. This is mainly thanks to the new blob model they introduced (EIP-4844). So, it looks like the Ethereum Foundation, along with a few independent studies, has found that fees on the main Layer 2s have gone down quite a lot lately. Take a look at this: blog.ethereum.org. You won't want to miss it!

When you're diving into enterprise procurement, you definitely want to keep the SOC 2 Trust Services Criteria and ISO/IEC 27001:2022 controls in your back pocket. They're pretty much your key compliance benchmarks. They've definitely raised the bar for what’s expected. If you want to dive deeper into the topic, just check this out: (aicpa-cima.com). You’ll find all the details you need!

We're bringing together some really cool, standards-based tools like SAP Event Mesh, Okta SCIM/SSO, AWS Nitro Enclaves, Clef external signer, and VC 2. 0. If you're looking for more info on those tools mentioned above, check out this link: help.sap.com. It's super helpful!