BBS+ signature styles are not going to be ready for deployment anytime soon. This is precisely why you should build today and in a way that allows you to add them later.
Sam Curren, Senior Architect
New technology is inevitable: some of it will be evolutionary, some of it will be revolutionary; some of it will eat your business, and some of it might change the world and make life better.
How do you know when to wait and when to jump?
This is the dilemma for many people looking at decentralized identity right now. Is it ready to be implemented, are there “off-the-shelf” products I can use—or will it all be so much better next week or in a month or in a year?
The dilemma seems to divide the decentralized identity community. Standards groups and initiatives advocate for the best possible solution, in the hope that it will eventually exist, while companies building solutions—like Indicio—say “build now because what we have works and works well and can be added to later. The ‘better’ may never come but the good—especially if open source—will continually get better and be relatively easy to upgrade.”
But we believe our position is not just a matter of business logic: There’s a massive downside to letting failing technology—our current centralized and federated ways of managing identity—continue to fail businesses and consumers, citizens and governments.
This downside is vastly greater than any of the differences between decentralized identity technologies that can be used today, those in development, and those hypothesized as being available sometime in the future.
Don’t turn BBS+ into a minus
This issue is not abstract. Right now, there is much discussion around JSON-LD BBS+ being “the” standard for managing verifiable credential key signatures in decentralized identity systems. The Good Health Pass, for example, recommends BBS+ for Covid digital credentials.
BBS+ is good and Indicio is excited about adding it to its options for customers building decentralized solutions. But we can’t do so because BBS+ is still under development and it’s unclear when the final version will be available. Meanwhile, we have JSON-ZKP-CL Signatures that provide the ingredient BBS+ is working to add: privacy preserving predicate (zero-knowledge) proofs and blinded identity binding.
Predicate proofs mean that you are able to generate a proof of something—such as age—without having to disclose the actual information, and they are a boon to preserving privacy.
When thinking about BBS+, it is important to remember that credential format is just one part of a larger system that must be developed. Governance, Issuance and Verification agents, Holder apps, and more all need to be implemented; user experience must be developed; business relationships created: Decentralized identity is an ecosystem of infrastructure, software and governance working together as a product. All of these things can be deployed using existing production-ready credential formats. And the gains made now will translate into the future adoption of BBS+.
The bigger point is this: Decentralized identity is at a breakthrough point. Governments in Canada and Germany have decided that verifiable credentials are the way forward; pilots and consumer products are being unveiled on a weekly basis. This is not the moment to say, “let’s wait;” this is the moment to say “let’s scale.”
At Indicio, we’ve shown how to make decentralized ecosystems work to solve real problems for lots of customers. In building, we’ve advanced the tech. In advancing the tech, we’ve built more solutions. This is the virtuous cycle of innovation and scale that we’re creating. We will add BBS+ into our products when it is available. But until then, we’re going to build solutions that BBS+ can be added to—and we think you should too.