Governance enables ecosystems for sharing data — it’s the secret sauce driving value, and the permutations are limitless.
To stay updated on all things governance, sign up for the Indicio Governance Newsletter.
By Trevor Butterworth
One way to understand governance as a component of decentralized identity is to look at identity verification and data sharing as an “ecosystem.”
An ecosystem is any use case where you have:
- One or more parties issuing verifiable credentials for digital identity to people, organizations, or devices.
- People, organizations, or devices who then hold the credentials to prove their identity and share data within the credential to other parties.
- People, organizations, or devices, that need to prove the identity of those presenting verifiable credentials, and the data within their credentials to accomplish some goal.
In an ecosystem, participants are interested in the same kind of data to solve the same kind of problems. This could be who is allowed to access a facility, an operational system, a software application.
Governance makes this happen.
The governance authority establishes who can issue credentials. If there is only one issuer, say in the case of a company issuing employee credentials, the company is the governance authority.
The authority establishes:
- who can be issued a credential.
- who else can issue credentials
- What information is going to be issued in a credential.
- How that information is to be interpreted — if x, then y
- How that information can be shared in ways to comply with data privacy regulations.
While there are other technical aspects to governance (choosing credential formats, DID methods, protocols, cryptographic key management etc), the key governance actions can be reduced to two workflows:
- Which credentials can I trust?
- What data needs to be presented and authenticated and how does it need to be presented?
These questions are solved by machine-readable governance. The governance authority publishes a file in a format that can be read by the software required and held by each participant in the ecosystem.
Once you have an ecosystem for a specific use case, you can extend the governance to other use cases, depending on how robustly you have authenticated the person, organization or device that you issued the credential to.
Governance would enable a credential issued to an employee to access a hospital to also access a specific database or device. Governance could allow this credential to be used as a proof of identity for specific organizations that provide employee benefits. So you’ve gone, just through a simple addition of code, from opening a door to opening an insurance policy.
Two different hospital systems could agree and use machine readable governance to authorize doctors in one system to work in another.
The fact that these rules can be rendered in a machine-readable format makes implementation and updating fast and simple. You can rapidly reconfigure your ecosystem to manage new data and requirements.
And once you are able to use verifiable identity and data, the permutations are limitless. Governance makes all these permutations work and enables expansion and scale.
It turns trust into an actionable, valuable commodity.