Machine-readable governance is the key to making decentralized identity accountable, effective, and trustworthy.
Much is talked, much is written about governance in decentralized identity. “Trust frameworks,” “trust marks,” “transitive trust” all form part of a lexicon that can be confusing to those looking to enter the field, develop a product or service, or find a simple solution to a problem. In part, this is because the word “governance” is used to cover a lot of ground, from corporate structure and network policy, to responsibilities, values, policies, and legal agreements. Corporate and technical governance can overlap to the point where it’s easy to end up thinking that governance is a problem that needs to be solved before we can use the technology.
There are many reasons why this isn’t true. From a design perspective, it’s impossible to lay out all the rules of an information ecosystem in advance, and unwise to try and do so, given that an ecosystem must be able to grow organically to become an ecosystem. The architecture of decentralized identity has clear and simple constants defining its essence: privacy by design, security by design, permanent and portable identity for everyone and everything. The key to sustainable innovation is to combine these constants with flexible parameters. This allows a simple set of rules to generate an infinite number of variations. If all these varieties are interoperable, we end up with a network of networks.
All of this is not to understate the value of paperwork—and the need for common agreement around issues like interoperability. Mars will need a constitution—and a great one. But we must get there first.
Machine-readable governance enabled by Agents
The thing is, we have a way to enable clear, flexible, governance right now through Agents and machine-readable governance. Agents are the software that allow data to be shared and authenticated by consent between parties, and this makes them the most important governance entities in decentralized identity. That’s because they are programmable with governance rules that define how digital information can be accepted, exchanged, verified, updated, and revoked. They enable people and organizations to trust an exchanged credential.
When Indicio deployed its decentralized ecosystem for a pilot on digital COVID credentials in Aruba (the ecosystem is now called Cardea and is a project of Linux Foundation Public Health), Agents containing machine readable governance made the whole system work:
- Tourists downloaded a “digital wallet” agent to accept a COVID test credential
- The COVID testing lab used an agent to issue a test credential
- The government used an agent to verify the test credential and then issue a proof-of-test credential to the tourist.
- Hospitality businesses across the island used downloadable verifier agents to scan and verify the government issued credential when the tourists showed up
Machine-readable governance allowed the government to implement its COVID test policies quickly within an architecture for privacy-preserving technology. People knew what was needed. People knew that changes could be quickly dialed into the governance if information changed. And above all, people knew who to trust. Instead of starting with top-down rules, the combination of Agents and machine-readable governance enabled bottom up governance to get the job done.
Start local, scale global
This is a critically important point. While decentralized identity is a new and unfamiliar concept to many people, most have an intuitive grasp of decentralized governance. In politics, it is synonymous with the view that local knowledge will drive better governance for the governed than a decision taken far away; in the European Union, this is the principle of subsidiarity: Power should be exercised as close to the citizen as possible.
When it comes to decentralized identity, this is why figuring out what works at the local or hyperlocal level becomes a powerful source of trust. Because specific, local knowledge is essential to building transparent, competent, and reliable solutions—the three distinguishing features of trustworthiness, according to philosopher Onora O’Neill—the technology is more likely to be trusted and adopted when it can incorporate specific, local knowledge.
When we have learned what works to solve a myriad of local problems, we can then scale up to governance at a global level. The governance frameworks created as we deploy these solutions are not going to be mutually exclusive; but the search for one framework to rule them all now is likely to be fruitless at best and a hindrance at worst.
Instead, we need to focus on maximal privacy through minimal rules, and let the interplay of agents and machine-readable governance handle all the pre-existing, national, international, sector-specific, and institutional governance frameworks that will need to be accommodated as decentralized identity expands across the globe.
If you want to know how Indicio can deploy machine readable governance to solve your identity and authentication needs, contact us.