While getting back to the basics of the blockchain architecture some rather philosophical thoughts just popped up into my mind, the enterprise software landscape is build around centralized platforms, potentially build in a distributed manner but vendor locked-in, and opaque systems that businesses have accepted as "just how things work." But ...
What if these systems were built on fundamentally different way? On Web3 principles? How would they look like??
This article series explores this question through a proof-of-concept: a blockchain-based booking system that aims to validate whether Web3 principles can address real enterprise challenges while meeting strict regulatory requirements like GDPR.
Web3.0: Is that still a thing?
Though the cryptocurrencies continue steady striving the term Web3.0 doesn't feel to follow the same path. Looking by the main articles on the topic most of them used to date back 2 to 3 years, we could naturally argue that the boom of AI and the shallow specialists writing about it everywhere, have left the internet a bit more "poor" in terms of variety of content, still the way I see it, the web3.0 term sounded more as a philosophical aspirational goal, which is likely not to achieve its full idealized potential.
Letting the philosophical discussion aside and going into the interesting engineering part, at its essence, Web3.0 proposes five architectural principles: decentralization (distributed control instead of central authority), user ownership (individuals own their data and digital assets), transparency (verifiable systems and open rules), trustless architecture (smart contracts execute automatically without intermediaries), and composability (interoperable systems that work together through open standards).
These aren't just blockchain buzzwords. They represent a fundamentally different way to architect systems—one that addresses real enterprise pain points like vendor lock-in, opaque pricing, high intermediary costs, and data privacy concerns.
With that in mind I want to propose the following exercise:
Can we extract its valuable principles and apply them pragmatically to solve real business problems?
The Booking Platform POC: Validating Web3 Principles
To explore whether these principles work in practice, we need a concrete example. I will call it: blockchain-based booking system.
Why a Booking Platform?
Booking systems are ideal for this exploration because they:
- Have clear business logic - Rules for availability, pricing, and reservations are well-defined
- Involve multiple parties - Customers, resource owners, and potentially intermediaries
- Require trust - Bookings must be honored; payments must be released
- Handle sensitive data - Personal information, payment details, booking history
- Face real regulations - GDPR compliance is mandatory in many markets
If we can build a booking system that embraces Web3 principles while meeting regulatory requirements, we can much more confidently assert that the concept works for enterprise applications.
The Specific Web3 Principles We're Testing
This POC validates five key principles:
1. Decentralization
- No central platform controls bookings
- Smart contracts manage state, not a company
- Anyone can verify the system's integrity
2. User Ownership
- Customers control their booking data
- Data can be deleted on demand (GDPR "right to be forgotten")
- Booking records are portable across platforms
3. Transparency
- Booking logic visible in open-source smart contracts
- All transactions auditable on the blockchain
- Pricing rules are transparent and verifiable
4. Trustless Execution
- Smart contracts automatically enforce booking rules
- Payments released when conditions are met
- No intermediary needed to arbitrate
5. Privacy-Preserving Design
- Personal data never touches the blockchain
- Cryptographic hashing enables verification without exposure
- GDPR compliance through architectural design
What Are We Building?
Below is the system architecture diagram showing how we're implementing these Web3 principles in practice:
The User Interface Layer serves as the entry point to the system, providing a command-line interface (CLI) built with Node.js and TypeScript. This layer represents the client, it could be any other kind of client, web page in the browser, mobile application, internet of things (IoT), you name it. But for this use-case to make things simpler, we go with a simple CLI application.
The Application Layer acts as the intelligent middleware that orchestrates all system operations. Let's think of it as a backend services which houses five critical services: the Blockchain Service interfaces with Ethereum using Ethers.js to handle all blockchain transactions; the Encryption Service to generate unique key pairs for each booking and performs AES-256-GCM encryption on personal data; the Storage Service which manages the lifecycle of encrypted data stored off-chain; the Wallet Manager securely handles user cryptographic identities and signing operations; and the Config Manager maintains network settings and system configuration. This layer is responsible for the critical separation between what goes on-chain (only hashes) and what stays off-chain (encrypted personal data). More on that later :)
The Blockchain Layer represents the immutable, transparent core of the system running on Ethereum. At its heart are smart contracts written in Solidity that contain all booking business logic—resource management, availability checking, and booking state transitions. These contracts interact with the broader Ethereum network through a JSON-RPC Provider that connects to Ethereum nodes. Crucially, this layer stores only cryptographic hashes and public booking metadata (dates, prices, status) while keeping zero personal information. The blockchain serves as the source of truth for booking existence and availability, providing transparency and preventing double-booking through distributed consensus.
The Off-Chain Storage Layer is the privacy-preserving counterpart to the blockchain, designed specifically to handle sensitive personal data in a GDPR-compliant manner. It consists of an Encrypted Data Store (PostgreSQL, MongoDB, or any other storing mechanism) that holds encrypted personal information, a separate Key Vault that stores encryption keys in isolation from the data they protect, and a Privacy API that manages GDPR operations like data export and the "right to be forgotten." The architectural decision to separate encrypted data from encryption keys is critical—when a user requests deletion, removing the keys makes the encrypted data mathematically irretrievable, achieving GDPR compliance while leaving blockchain hashes untouched.
The Storage component represents two distinct persistence mechanisms: Local Storage for user-side data like wallet keystores and configuration files, and On-Chain Storage within the blockchain itself that holds only hashes and non-sensitive booking metadata. This dual storage approach reinforces the system's privacy-first design—sensitive data never crosses into blockchain storage, while blockchain benefits (immutability, transparency, auditability) are preserved through cryptographic hashes that prove data existence without revealing its contents. The integration between these storage types is mediated entirely through the Application Layer, which ensures proper encryption, hashing, and separation of concerns throughout the data lifecycle.
Ethereum as the Blockchain Platform
Ethereum for those who still may be in doubt of what exactly it is, is a decentralized computing platform that runs on a global network of computers instead of a central server. This means that no single company controls the system, a capability we are really looking for this exercise, and applications built on Ethereum — called decentralized apps (dApps) — continue to run as long as the network exists.
For a booking platform, Ethereum and dApps bring interesting possibilities. Instead of depending on one central business to record reservations, availability and payments, the blockchain can ensure the records are shared, trusted, and consistent across all participants — hotels, partners, and users. Smart contracts could automatically handle payments, deposits, cancellations, loyalty points, insurance, or secondary resale of bookings without intermediaries. And since the system is open and auditable, fraud and double-booking become much harder.
Coming Up Next
This article aimed to establish the why Web3 principles matter and what we're building. The next articles will dive into how, exploring the implementation in details, having a bit of fun in the way while playing with: Ethereum blockchain platform, Solidity code, business logic on-chain, and how to build contracts that enforce rules transparently while respecting privacy.
View the Architecture
If you got interested and want to dive into all details just goal ahead in the following link to the public repo, which though still a WIP, already have an extensive system architecture in place:
Or view the complete codebase on GitHub
A piece o merchandising
Lastly a small pause for sharing you some very exciting new, at least for myself :), recently I've just released my first book:
Micro Frontends Architecture for Scalable Applications
Which bring lots of architectural insights about the frontend development, and more specifically about the micro-frontends, go a head have a look and let me know your thoughts.
Did you find not connected to web3.0, blockchains and this article at all? Yeah, indeed is not, but why would we put boxes around what we can work/learn if we can explore them all ...
Thanks for reading and let me know your thoughts/feedbacks/comments and or any other thing you may find relevant to share!
Top comments (4)
It’s refreshing to see Web3 principles being applied to real enterprise challenges instead of just theory. The focus on privacy-preserving design and decentralization feels spot on.
We’ve been exploring similar ideas around making AI and blockchain work together, where consensus and computation actually serve as part of the business logic itself. Seeing this kind of practical architecture gives a lot of confidence in how Web3 can evolve beyond crypto into real, verifiable systems.
"AI and blockchain work together ..." sounds a great match, and a very exciting engineering and architectural exercise to see the non-deterministic nature of AI within decentralised algorithms. Would love to get your insight in the topic once available ... :)
That’s exactly the kind of thinking Web3 needs - moving from theory to real enterprise use cases. The idea of a blockchain-based booking platform perfectly shows how decentralization, transparency, and privacy can coexist within strict regulations like GDPR. Projects like Whitebit and OKX, which already implement Wallet-as-a-Service and On/Off-Ramp infrastructure, are great examples of how Web3 principles can power compliant, scalable systems. It’s exciting to imagine how exchanges, dApps, and enterprises could integrate similar frameworks - bridging trustless architecture with real business logic. In the end, that’s where Web3 stops being a concept and starts being useful.
Indeed .. And we as community start seeing the real benefits.