Co-authored by Fraser Edwards and Teresa Chan
Throughout this blog, we will make frequent reference to an excellent piece by Antti Kettunen: The adoption challenges of wallets & decentralized ecosystems.
Identity and data is currently experiencing a paradigm shift, especially with respect to control and ownership. From eIDAS 2.0 using verifiable credentials & SSI to regulator challenges to Meta’s pay or consent approach, consumers are demanding and being empowered to control and own more of their own data. Market forces such as the ease with which fraudsters can generate fraudulent images and media with AI, mean data must have veracity and verifiable lineage to be trustworthy.
However, SSI fundamentally breaks most of the commercial models mentioned in the previous blog / chapter. Like any other technology though, it requires a successful and sustainable commercial model to achieve and drive adoption. In this blog, we will talk through the fundamental shift in monetising data in this new paradigm, the market forces this creates and the new business opportunities previously not possible.
The Value of Data
“Data is the new oil” ~Clive Humby
Data has long been spoken of as the new oil, or the new money. Ultimately the monetary value of a given piece of data is ascertained by the market based on the business value (or otherwise) that can be derived from it. An easy example are weather forecasts, allowing a variety of services and business value to be built such as optimising travelling routes for commuters, e.g. delay departing for 20 minutes to avoid rain. Although the sum remains undisclosed, Apple bought mobile application Dark Sky which targeted exactly this use-case.
The monetary value of data is typically a function of:
- What insight can be derived from said data (either standalone or in conjunction with other data)
- How much effort has been expended to derive the data?
- Is it accurate?
- Is it precise?
- Is it current?
- Is it in a usable format?
- Is it from a trustworthy source?
- Is the data reusable?
Naturally, this value varies wildly. A single data point for the temperature in a given location in the past, may have little value, whereas a full passport from a respected sovereign government is extremely valuable in terms of the countries it provides access to but also all the services it allows the holder and subject to access. Furthermore, there is substantial embodied cost in a passport due to the time, materials and energy invested in creating a secure document issued to the correct individual. UK passports, for instance, are charged from £57.5 to £112, depending on the age and application method.
These examples highlight the stark contrast between high-cost, high-value credentials and low-cost, low-value data or credentials.
Charging for Data
Currently, the value of data in credential systems is tied to API costs, which are incurred each time data is accessed. These costs reflect a “once-only” model, where retrieval by a company comes with an associated fee.
This model, however, does not work for credentials where credentials are issued to individuals, may be reused ad infinitum, and the value is still mainly received by the ultimate recipient. As Antti lays out:
“Producers (e.g. credential issuers) do not by design have any access or knowledge of who will use the data later on. Moreover, all possibilities to correlate and connect that information by sharing information on the background is difficult and even forbidden on regulatory level in EU.”
API costs will likely shift to focus solely on the issuance of credentials. This means that while issuing credentials will be high volume and hence need to remain low-cost, the credential itself may carry an inherent, one-time cost that reflects its long-term value.
By separating API costs from the value of the credential, the system can prioritise efficient and cost-effective issuance while still recognizing the embodied value of the credential itself. This shift will lead to a more sustainable and scalable approach to managing and verifying credentials.
Paying to Access -> Paying to Verify
Historically, the acquisition of data operated on a simple premise: paying at the point of access / paying to access. Whether it was purchasing an API which provides data access like the CoinMarketCap or CoinGecko price feeds, or obtaining a dataset for marketing purposes, transactions revolved around paying for access to data.
API-based information exchange has also been one of the best methods to guarantee that exchanged data is trustworthy. By integrating directly with what is perceived / agreed to be an authentic data source, you can assume the data itself is authentic. The challenge is that as soon as you take the data outside of the original context, it loses its verifiability. “Predominant identity stacks, like OpenIDConnect, are based on the notion of ephemeral secure context, which is why they always require authentication at the time of login & data exchange.” commented Antti Kettunen, Author of Identifinity.net, Task Force Lead at Trust Over IP Foundation, Lead Consultant in SSI & Digital Trust at Tietoevry.
This model thrived because both parties found value in the exchange: the accessor gained insights from the data, while the provider received monetary compensation.
However, as mentioned above, the emergence of the Verifiable Credential data exchange model / self-sovereign identity (SSI) disrupts this approach. In SSI, the verifier or receiver seeks value from trusted data, while the holder asserts their right to control and ownership (whilst also seeking their own value be that monetary, rewards or simply improved user experience).
This discrepancy has led to a predominance of public or government-led data initiatives, where the cost of issuance is absorbed as part of providing a public service. However, this model does not seamlessly translate to corporate entities driven by profit motives.
While SaaS and APIs continue to facilitate data issuance, the party benefiting from the data no longer bears the cost. This begs the question: how do we align the value chain between verifier/receiver and issuer to incentivise issuer participation as otherwise the issuer has no incentive unless forced by regulation to adopt this?
Considering the healthcare industry, the proliferation of health data, including information from professional health systems and wearable devices, has created vast potential for optimising treatments through precision medicine. However, realising this potential requires collaboration among hospitals, academia, and industry resulting in the “valley of death” where there is a break between biomedical researchers and patients who need their discoveries. Yet, sharing data among these stakeholders is often hindered by reluctance, despite patients being the rightful owners of their health data. This example illustrates that aligning the value chain between all parties is imperative.
Antti makes the same case using receipts as the example use-case:
“Employees as the buyers in this use case, would receive positive benefits, and the employer likely a lot of benefits through automation and cost benefits. Conversely, the merchant does not really receive new benefits from participating in the ecosystem, as they would not benefit from issuance of the vReceipt to another wallet. Instead the merchant would need to include a new step to the checkout process to accommodate the identity wallet and credential exchange. This leads to only costs, and no benefits, leaving the merchant to negative impact, while other parties have a positive net impact.”
This is why the challenge of “verifier pays issuer” emerged as a significant barrier to commercialising SSI. Some ecosystems or consortia have looked to solve this by building holistic ecosystems from inception, i.e. where a company incurs a cost to issue credentials, they are compensated by value they derive from credentials they themselves receive from other companies. This approach borrows from the concepts of bartering and obligation clearing. In Antti’s example, he proposed that the merchant could benefit through:
- “Payment type agnostic buyer identification
- Customer identification (e.g. loyalty)
- Product delivery address (online delivery)
- Age verification
- Receipt delivery information
- Payment request”
However, there is a significant risk that this approach compounds the cold start problem inherent in systems which rely on network effects as an entire closed loop in terms of value must be recruited, at a minimum, before the ecosystem can begin; what Antti calls the “ecosystem value chain”. Furthermore, even where a group which resembles a closed loop is found, if one company still bears the brunt of the investment without sufficient recompense, they may be unwilling to participate.
In the context of this challenge, it’s crucial to understand some of the fundamental functions of money. Money addresses the inequivalence and lack of liquidity between bartered goods, e.g. the coincidence of wants. This underscores the need for a more streamlined and efficient method of value exchange within the SSI ecosystem. Without a clear mechanism for compensating issuers, the system risks stagnation and limited commercial adoption beyond that mandated by state bodies.
Instead, through a “verifier-pays-issuer” model, the issuer of trusted data or credentials can be rewarded directly for the value of said data, all whilst making use of ideas such as collaborative finance to reduce payment graphs and make the overall system more capital efficient.
Instead, value is embedded directly into the data itself. The value is intricately linked to various factors mentioned above such as data accuracy, precision, timeliness, usability, source trustworthiness, and reusability. Through a “verifier pays issuer” model, prices can be set based on these attributes, ensuring fairness and encouraging issuer participation all whilst reusability is guaranteed.
By allowing issuers to establish prices reflecting the value of data attributes and overall utility, the system promotes participation while maintaining fairness. Furthermore, where there are multiple providers of equivalent credentials, market forces should help reduce costs for verifiers / receivers over time.
Incentives are Crucial in Cold-Start Problems
Verifiers and holders have always had strong incentives to participate in SSI ecosystems:
Actor | Benefits | Example |
---|---|---|
Verifier / receiver | Reduced cost of verified data | Reusable KYC records versus using an external provider to check document pictures and selfies |
Improved quality and veracity of data and hence reduced fraud risk | Addresses can be entered from credentials issued by trusted sources rather than entered (and typoed) | |
Compliance with regulation | Per eIDAS 2.0, large online service providers will be required to accept verifiable credentials presented by their users or those signing up. | |
Holder | Improved ownership and control over their data | A user can manage and share their personal information with multiple service providers without relying on third-party intermediaries, ensuring their data is only accessed with their explicit consent. |
Improved user experience | A frequent traveller quickly and seamlessly checks into hotels and board flights without having to repeatedly manually enter personal information. | |
Enhanced privacy | Legal firms supporting clients with visa applications may no longer need to hold dossiers of data on their clients for those applications, instead being able to rely on easy, secure and reliable access to either the client’s data store or the individual repositories. This reduces their need to replicate and store the data themselves. | |
Rewards through loyalty, discounts or outright payments | A customer earns loyalty points and discounts from a retailer by sharing verified purchase history. |
Actor | Requires value chain join? | Benefits | Example |
---|---|---|---|
Issuer | No | Improved relationship with the customer due to releasing data to the subject / holder | Banks allow their customer to use their transaction data, e.g. Open Banking / PSDII in the UK, for other services to improve their financial outcomes. |
No | Enhanced reputation | Credit bureaus improve their data quality on individuals through trusted data such that their services to clients are more reliable, e.g. no more inaccurate addresses for individuals. | |
Yes | Revenue as credentials are paid for | The passport office earns revenue whenever a passport is requested. | |
Yes | Recurring revenue whenever credentials are re-used | University registry offices earn revenue whenever one of their degrees is checked by a company as part of onboarding them. | |
Yes | Cost savings | Construction site managers can reduce time spent checking contractor documents each day / week / month and hence those contractors can spend more time working, improving their ability to deliver projects on time / to cost. This also reduces the time per day / week / month required per day by the employee to check said documents. |
Crucially, when all parties have an incentive to expand the ecosystem, we can achieve strong network effects:
A Virtuous Flywheel Envisioned
Incentives for all parties should result in a virtuous flywheel for self-sovereign identity growth.
Issuing organisations are now motivated to provide trusted data back to identity subjects to generate new revenue. With the increased circulation of credentials, organisations will find it easier, more efficient, and more natural to accept them for acquiring trusted data, all with the consent of the identity subject
The lower cost structures for creating trusted data will result in more affordable prices for consuming verified identity data compared to current, sometimes prohibitively expensive methods. Lower prices for accessing trusted data will create a richer ecosystem of organisations and services that embrace credentials and SSI. This results in a better user experience, offering individuals and companies a more private and secure interaction compared to current data usage practices.
Incentives for all parties involved, that scale according to network effects will cause all said parties to recruit more members to the network, e.g. issuers will recruit more receiving organisations, receivers will recruit more issuing organisations, both profiles will recruit more consumers.
Example: Know Your Customer
Many online platforms and businesses find it financially burdensome to cover the expenses associated with customer verification, resulting in inadequate identity assurance. As a direct result digital spaces are susceptible to exploitation by bots, scammers, and malicious actors, with minimal consequences. To illustrate, present approximate costs of identity checks are as follows:
- Basic Know Your Customer (KYC) check: $2 – $5
- Criminal record check: ~$50 – $100
- Company background (GLEIF-accredited LEI): >$50/year
The value proposition of utilising a robust infrastructure for verifiable credentials lies in its ability to significantly reduce identity verification time and costs, potentially lowering them from approximately $2-5 per verification to around $0.10. This enhanced efficiency and cost reduction make customer identity checks feasible in sectors where they were previously deemed too expensive.
Such a solution addresses a significant challenge faced by various industries in verifying customers on their platforms. It offers a cost-effective, reusable, and future-proof approach that aligns with forthcoming regulations, making it an attractive option for businesses seeking to streamline their identity verification processes.
Furthermore, as KYC has become commoditised, price points have reduced. This has been great for verifiers who have been able to reduce their costs over time. However, for issuing organisations, they are staring directly at reduced revenues based if volumes hold steady, with their cost bases not reducing. Allowing for the re-use of KYC records with the ability to charge upon their re-use allows for issuers to increase their revenue whilst maintaining the same cost per individual, with re-usable KYC credentials able to be used by industries where costs and user-friction were previously too high. As an example, a merchant or online retailer could accept a reusable KYC credential to automatically complete address and customer information with verified information to prevent fraudulent use of stolen credit card details and hence suffering chargebacks.
Maintaining Privacy whilst Enabling Payments
One of the major benefits in theory of credentials and SSI is improved privacy for individuals. Through techniques such as selective disclosure and zero-knowledge proofs, companies can ask for and receive only the data they absolutely require, honouring one of the tenets of GDPR: data minimisation. Furthermore, pairwise connections between individuals and companies, rather than relying on federated systems such as Google or Facebook based Single Sign on (SSO), can minimise the leakage of an individual’s activity data where it is analysed and monetised opaquely.
It is for this same reason that SoulBound Tokens (SBTs) and Non-fungible Tokens (NFTs) should not be used for identity data. Writing personal data to a public ledger inherently makes this information both public, permanent, and hence permanently public. This means that individuals can no longer exercise control such as selective disclosure as they have already revealed the information publicly. As an example, a university degree stored on a ledger could reveal: race, gender and likely class status depending on where the degree has been issued from, allowing anyone to surveil and categorise that individual without their awareness. Another example are ledger Name Services, e.g. ENS. If a user binds their real name or even a pseudonym that has leaked information such as country or address, anyone can assess that user’s tax liability from their on-ledger behaviour.
Therefore, if we assume that users can maximise their privacy through the use of credentials and SSI, payments for credentials should not leak information and hence degrade that privacy. For example, one of the guiding principles of credentials and SSI is that organisations who issue credentials to individuals should not know where those credentials are being used. For a tangible example, a government who has issued a passport should not know where, how or why that passport has been used.
If verifier-pays-issuer flows are not implemented correctly and safely it would be possible for issuers to track individual’s behaviour, breaking this guiding principle. For example, if an issuer of data or credential set unique prices per credential or attribute per user, whenever they were paid this amount from a given recipient company they would know that specific individual had interacted with that company, providing them with information they should not know. At a bare minimum, individuals should benefit from herd privacy with respect to payments, where they are indistinguishable from any other.
Whilst this blog and section will not go into further detail, the principle remains that the addition of payments for credentials into ecosystems should not degrade the privacy of the members within said ecosystems.
Beyond Transactional Payments
At the simplest level, we can imagine a singular Trust triangle:
- One issuing organisation
- One individual / holder / subject
- One receiving organisation
For the sake of simplicity in this example, we will ignore the concerns raised in the previous section.
An organisation issues a credential to the individual who then shares that credential with another organisation, who then pays the first organisation. This represents a single transactional payment for a credential.
Naturally, we can significantly extend this model to move beyond transactional payments to models such as: tiered models based on volumes, subscription models or models where costs are mutualised based on proportional usage.
- Tiered Models based on Volumes:
- Description: Organisations pay fees based on the volume of credentials issued or verified.
- Benefits: Cost efficiency for high-volume users and scalable pricing.
- Subscription Models:
- Description: Organisations pay a recurring fee for a set number of credentials or verification services.
- Benefits: Predictable revenue streams and easier budgeting for organisations.
- Mutualised Cost Models:
- Description: Costs are shared among participants based on their proportional usage of the system.
- Benefits: Fair distribution of costs and incentivizes efficient use.
Enabling more complex and flexible models allows ecosystems to tailor their models to the needs of their industries, use cases or preferences, similar to those that exist in existing identity or data ecosystems using traditional technology.
This logic can be implemented either manually or programmatically, possibly via smart contracts based upon ledgers / blockchains. Smart contracts can automate the execution of payments and compliance checks, ensuring transparency and reducing the administrative burden. However, the implementation of such systems requires careful planning to ensure security, scalability, and interoperability with existing systems.
Conclusion
As explored throughout this blog, SSI disrupts traditional commercial models by prioritising individual control or ownership of data. The shift from a dominant “pay to access” approach to include “pay to verify” underpins this new paradigm, enabling a more sustainable approach to data management and verification. In this model, consumers are paying for access to verified data directly from individuals, rather than simply paying for access itself.
The challenge lies in creating viable commercial models that incentivise issuers to participate while maintaining fairness and privacy. The “verifier pays issuer” model addresses this by rejoining the value chain originally broken by SSI. This avoids compounding the cold-start problem inherent in building ecosystems as well as requiring a coincidence of wants between the participants.
Instead, this allows issuers to set prices based on the perceived or estimated value of data attributes, which the open market is then free to provide feedback upon. This model not only encourages the release of trusted data but also facilitates its reuse, reducing costs and enhancing user experience.
We further highlighted that the need for privacy-preserving mechanisms in payment flows is paramount. Ensuring that the addition of payments for credentials does not degrade privacy is crucial for maintaining trust and adherence to principles like data minimization. Techniques such as selective disclosure and zero-knowledge proofs can help achieve this balance.
Finally, we explored shifting beyond transaction models to more complex models such as Tiered or Subscription-based models which better match the commercial requirements of ecosystems.
As we continue to create a rich ecosystem of services and applications, the principles and models discussed here will be instrumental in shaping a future where data is managed more securely, efficiently, and equitably.
Glossary
- Bartering: an act of trading goods or services between two or more parties without the use of money or a monetary medium
- Selective disclosure: a crucial element of Self-Sovereign Identity (SSI) because it allows individuals to share only the essential personal information required for a transaction or interaction
- Valley of death: Describes a disconnect between biomedical researchers and the patients who need their discoveries.
- Zero-knowledge proofs: one party proves to another party that some given statement is true, while avoiding conveying to the verifier any information beyond the mere fact of that statement’s truth
- Herd privacy: The ability of an individual or thing to maintain a degree of privacy due to being one of many, i.e. one individual or thing in a large, indistinguishable group.
- Data minimisation: limit the collection of personal information to what is directly relevant and necessary to accomplish a specified purpose
References
- Antti Kettunen (2024) The adoption challenges of wallets & decentralized ecosystems https://identifinity.net/the-adoption-challenges-of-wallets-decentralized-ecosystems-58b81924dec6
- TechCrunch (2024) Meta’s ‘consent or pay’ data grab in Europe faces new complaints https://techcrunch.com/2024/02/28/meta-consent-or-pay-consumer-gdpr-complaints/
- David Birch (2014) Identity is the new money https://dgwbirch.com/identity-is-the-new-money/
- EU Commission (2024) eIDAS Regulation https://digital-strategy.ec.europa.eu/en/policies/eidas-regulation
- BBC (2020) Apple buys weather app Dark Sky https://www.bbc.co.uk/news/technology-52115095
- Tim Hulsen (2020) Sharing Is Caring-Data Sharing Initiatives in Healthcare https://pubmed.ncbi.nlm.nih.gov/32349396/