Internet Identity Workshop (IIW) is a wonderful melting-pot of eclectic, innovative minds coming together to hash out challenges and discuss developments in the digital identity ecosystem.
At cheqd, we showed our faces for the second time at an IIW, at the 33rd instalment, and tried to dive right into the heart of the community discussions (watch our sessions on YouTube).
Our key takeaways are as follows:
1. INTEROPERABILITY IS PARAMOUNT, AS ALWAYS
Interoperability is a vicious cycle, especially with rapidly developing innovations and standards. Whilst probably shown 100s times during the course of the 3 day event, including in our presentation on the 7 Deadly Sins of Commercialising SSI, this comic strip picture remains pertinent.
When it comes to interoperability, however, it is important to discuss what we actually mean by it. Jolocom recently published a blog post on interoperability and presented it during IIW, which lays out 4 different types of interoperability:
- The structural level addresses the exchange of data;
- The syntax level addresses the extraction of the data;
- The semantic level addresses the interpretation of the data; and
- The organizational level is dealing with the processes.
When looking at SSI and the different levels at which we want to achieve interoperability, all four of these different types must be considered.
And this is difficult because interoperability can only be achieved by:
- Using the same software;
- Building software on unified standards and protocols; or
- Developing “Middleware” acting as a translator between different systems.
As such, companies working towards these three different types of interoperability have competing interests and goals.
However, there has been some tangible progression in the direction of unified standards and protocols over the last year.
2. KILLER WHALE JELLO SALAD — PROGRESSION
One of the largest takeaways from the previous IIW 31 was the idea of a ‘Killer Whale Jello Salad’, or in other terms, a unified Verifiable Credential exchange protocol. With the ultimate goal being interoperable wallets with portable credentials for issuance and presentation.
This has since materialised in the form of WACI PEx, a set of golden standards for Verifiable Credential exchange that the industry has begun to converge around — the spec is currently a v.01 spec in DRAFT.
The spec was demoed by Brian Richter who has built a nearly complete implementation; and the spec is showing promising signs of being an “interoperability nexus”.
Next, the industry needs to use the momentum from the first version of WACI PEx, and look at using a similar approach for Issuance — and begin to address some of the open questions around key rotation and revocation.
3. BBS+ AS A GREAT CONVERGENCE POINT
The way that Verifiable Credential proofs are carried out has previously polarised the ecosystem. Indy Credentials with proofs based on Camenisch-Lysyanskaya signatures (ZKP-CL) were previously viewed as the best way to carry out meaningful zero-knowledge proof functionality. However, such Indy Credentials developed on a different path to the W3C Verifiable Credential Data Model, creating a non-interoperability barrier between ZKP-CL Credentials and other JSON or JSON-LD based Credentials.
BBS+ proofs provide a strong middle ground of privacy-preserving capabilities and semantic interoperability. As such, this IIW has seen an increase in innovations, converging around BBS+ as a sticking point — which is a great step for the community.
4. KERI & ACDC AS ESTABLISHED HEAVYWEIGHTS
GLEIF’s presentation on ACDC (Authentic Chained Data Containers) and how a root-of-trust is provided through chained self-certifying credentials turned heads (as much as this is possible on a Zoom conference), so big shout out to Sam Smith and all the work going into this project!
Through a decentralised and self-certifying credential chain, a root of trust can be established without reliance on a siloed database. Instead, credentials can exist in hierarchical tiers on KERI and funnel down like a system of roots connecting to one overall tree.
This has the potential to solve a large problem in SSI around centralised trust registries, as well as minimising the GLEIF’s application of KERI and ACDC is big, and it’s coming quickly. So the SSI industry as a whole needs to take note.
5. COMMERCIALISING SSI SPLITS OPINION
6. IS GOVERNANCE COOL NOW?
A personal takeaway for myself. Having worked for the last few months developing cheqd’s Governance Framework, I thought I would arrange a small session to discuss the Future of Governance and to present some of the ideas around my framework.
This session discussed different approaches to governance at different levels of the SSI stack, from Layer 1 decentralised governance and reputation, to Layer 4 ecosystem governance and ethics.
Little did I think that 80 people would join, the chat would become its own mini-conference and my ideas would actually attract huge engagement. So perhaps, just maybe, governance is cool now. And I will take it!
7. ADOPTION COULD GO MANY WAYS
Throughout the IIW, there was discussion about which direction SSI adoption would take. On one side, there was discussion regarding whether individuals could use SSI to create a new economy without relying on the old guard, reverberating around terms such as ‘metaverse’ and ‘Web 3.0’. This posited that SSI adoption would be driven somewhat as a cultural revolution with the public, NGOs and protest groups leading the charge.
On the other side, there was discussion about refactoring existing businesses to adopt SSI and plugging into existing, more traditional identity management systems and developments in OpenID Connect. This viewpoint saw SSI as a commercial technology (feeding into the commercialising SSI discussion above) and hence adopted by companies based on the opportunities they see available.
One fascinating point of debate is where the value in trusted / authentic data and self-sovereign identity comes from. Is it from the trusted imbued and recognised by individuals or organisations (even though those organisations are made up of individuals)? Whilst the session itself didn’t reach a conclusion, the topic took a deep philosophical direction which made for an interesting break to the more technical sessions of IIW, although just as challenging.
8. SSI INNOVATION IS BACK
COVID19 had a horrific impact across the entire world which has been written about at length. One area of impact, which understandably has not seen a huge amount of awareness given the tragedies that took place globally, is the pause in SSI development.
The entire community naturally focused on tackling the disruption that Covid brought whilst maintaining individual control and privacy. These efforts were necessary and admirable but had the side-effect of stalling the progress being made to move the entire SSI space forwards. As we are beginning to live with Covid, it is fantastic to see a resurgence in development and innovation. From BBS+ to KERI and hopefully, including ourselves, we’re thrilled to see the entire space begin to move forwards at pace!
To conclude, we saw this IIW having a lot of points of convergence, rather than creating more points of friction. Which is something really positive for the ecosystem and identity community. So bring on the next one!
Catch up with our IIW discussions — watch the Seven Deadly Sins of Commercialising SSI below.