Decentralized Ecosystem Governance (DEGov) provides businesses, organizations, and governments with a powerful way to ensure accountability, manage complex information flows, and function offline while keeping verification seamless in verifiable credential ecosystems.

By Trevor Butterworth

The value proposition for verifiable credential technology (often called decentralized identity or self-sovereign identity) is cryptographic confidence. We can be sure the information in the credential is the information that was originally issued by the source of the credential: it has not been tampered with or altered in any way and any attempt to do so would be immediately apparent.

This means we can share information seamlessly (without the need to check in with the source of the information or rely on third-party data management); we don’t need complex, direct integrations (the information is stored in the credential only, which is held by the owner of the information); and we can share this information, thanks to features in the technology, in ways that enable consent and are privacy preserving (thereby addressing data privacy compliance).

This capacity to create verifiable data is critical at a time when rampant digital fraud intersects with a rapidly emerging dimension of artificiality to every aspect of human interaction—AI and ChatGPT. We must have a way to trust “who?” and “what?”

If cryptographic confidence provides us with data authenticity and integrity, we still have one crucial element left: how do we trust the issuer of the credential?

Knowing where the credential comes from doesn’t automatically signal that the issuer is an entity we shouldtrust. Not every digital credential is going to come from a nation’s passport office. If we want to use verifiable data to manage digital interaction, there will be many, many issuers multiplied by many, many contexts for interacting, each with a different information flow.

The simple answer to this is to combine cryptographic confidence with “human governance,” in the form of published frameworks that set out who is a legitimate issuer for a given interactive context and what information needs to be presented and verified. But how, exactly, should this trust be facilitated in the technology?

Click on image to enlarge

Indicio Proven DEGov—a decentralized system for directly establishing whom to trust in a credential ecosystem
There are two pathways: one is direct and the other is indirect. The direct solution is to place accountability with the entity that is accountable for how the credential is used. If you want to use a verifiable credential to cross a border, the government presiding over that border should be able to set the rules for that credential’s use. If you want to use a verifiable credential to access your place of work, your employer sets the rules for using that credential to access your workplace or its databases and cloud services. And so on and so forth.

In the non-digital world, there are multiple authorities and bodies that certify memberships and qualifications, rules and permissions that answer everything from whether a doctor can practice in a particular field to whether I can learn to drive.

Indicio has been at the forefront of developing machine-readable governance for managing trust when using verifiable credentials. We believe these entities are best placed to facilitate trust for using credentials to meet their identity and data verification needs; and we developed a “governance editor” and a set of procedures to make it easy for this trust facilitation to be turned into machine-readable code that every participant in a verifiable credential ecosystem has access to and stores on their wallet. We call this DEGov — so you don’t have to say “decentralized ecosystem governance.” DEGov is our implementation of a new, open standard for governance that is being developed by the Decentralized Identity Foundation (DIF) with input from us and many others.

DEGov is powerful because it enables decisions about whom to trust to be made by those who are directly responsible for those rules being followed. In our experience working with government agencies, this is vital; trust cannot be outsourced to a third-party manager.

Equally vital, trust facilitation cannot sleep. Verification must be possible offline. By propagating the rules so that everyone in the entire ecosystem — issuers, holders, and verifiers — has a copy cached in their software, verification is still possible if bandwidth falters or there in an internet outage.

DEGov is also a simple way to write rules for interaction: If the holder of a credential presents X information, then Y happens. These can be scripted to manage precedence in hierarchical governance rules, such as local-state-federal-global. For example, with DEGov, you will be able to coordinate a drone moving through different airspace jurisdictions.

Finally, the rules for interaction should also be capable of being updated quickly. A new issuer may need approval, a credential may need to be revoked, a new requirement may be needed. By using Indicio’s Governance Editor these can all be formulated quickly, published, and pushed out to the entire ecosystem.

Indirect trust facilitation through trust registries
The second path to facilitating trust in issuers is to outsource the process to a third-party, known as a trust registry. We do not recommend this approach for the following reasons:

  • It’s unacceptable to governments where information is sensitive.
  • It requires inserting a new layer of complex bureaucracy into an otherwise seamless process, which needs additional trust measures to ensure it isn’t biased.
  • At best, the cost of this bureaucracy is likely to be passed onto participants in the ecosystem; at worst, this cost risks becoming a toll, where the trust registry extracts a rent on what should be a seamless process.

Our view is why make things more complex and frictional when the system can function simply? DEGov is Occam’s Razor for trust in decentralized identity: it cuts away what is unnecessary and in doing so enables governance to be performed by those best placed to know whom to trust and which rules to apply. This is why Indicio is launching DEGov as part of the standard Proven solutions and as a stand-alone product for others who are building open-standards and open-source based verifiable credential solutions.

To learn more about DEGov or Indicio’s Proven line of solutions for verifiable credentials, visit Indicio.tech.