Decentralized identity technology is increasingly being adopted to quickly and securely share data in the private and public sectors. With widespread interest in the technology’s ability to create verifiable data and streamline processes, the question of how you create a solution has never been more important.
By Tim Spring
More people are interested in verifiable credentials and decentralized ecosystems than ever— which is awesome to see! But as new people enter this space the amount of information and the options available can be complicated and overwhelming. For those seeking to learn about the technology, the fundamental concepts, and how it works, Indicio recommends this quick, but comprehensive, Beginner’s Guide. But once you have decided that a decentralized solution is what you want for your organization, there are several things to consider when it comes to actually making a purchase.
Vendor / Platform lock-in
Being locked into one vendor or platform can have downstream consequences: surprise costs, slow responses to adding new competitive features, and the risk that should something happen to the vendor, your platform suddenly becomes unsupported. In today’s business world, vendor lock-in is often seen as unavoidable for some things; for example, many companies are reliant on Microsoft for their entire office suite and the licenses they can provide. But it simply doesn’t need to be like this for your decentralized identity solution — and shouldn’t be. The space is new and growing so fast that it doesn’t make sense to tie your hands to a proprietary solution from a particular provider.
Instead, do as we do: Indicio builds on open-source technologies whenever possible. For example the Indicio Proven™ line of products are built on the open-source Hypereledger Indy and Aries codebases. Open source gives you freedom: freedom to build what you need to succeed, freedom to add what you need when you need it to meet opportunities, and most importantly — freedom to walk away.
Open source codebases incubate innovation and resilience: the more people using the code, the more it is tested, the better it becomes, and the quicker it evolves. However, do note that open source comes in two flavors: free and supported. Many companies opt for a supported solution (e.g., the Red Hat model), which saves their developer teams from having to climb the learning curve of unfamiliar codebases and frees them to focus on business solutions. Indicio provides supported open-source product solutions, both pre-designed and customized, so that you get to implementation as quickly as possible and have all the technical support you need to grow.
Do they sell all the pieces you need?
There are four major pieces of technology that form a working decentralized ecosystem for the secure exchange of verifiable credentials.
Issuer agent— for creating and issuing a credential
Mobile wallet — for holding and presenting a credential
Mediator — coordinates messages between wallets on mobile devices and verifiers / issuers
Verifier agent — for verifying the credential
Not all vendors sell these as a package. Some only have one or some of the parts to create the functionality you want. It is important to understand exactly what it is that you’re getting. Just being able to download a mobile wallet will not give you the ability to create your own credentials.
Indicio offers each of these components separately if you want, (learn more about our mobile wallet Holdr+, or play with one of our mediators), but if you are seeking to implement a complete ecosystem, it is better to buy a complete ecosystem. That way, you get everything “in the box,” so to speak, and you know that everything will work together smoothly. This was the impetus for Indicio to create Proven as a complete, off-the-shelf ecosystem.
The world will never operate completely on one system. The more credential formats your decentralized solution supports, the more people will be able to use and benefit from it. Building this kind of support into solutions takes time and money, so not all vendors provide it or plan to do so, and instead pick a format in hope that it will become the format that catches on and everyone uses.
To give you an idea of how this can go wrong, building special integrations for Internet Explorer would have looked like the smart move in 2009 when it had 65% of internet browser market share, but today, even after a rebrand to Edge, it is now hovering at just over 5%, and only 5% of customers being able to use your integration would be severely limiting to your business.
Indicio is committed to building as much interoperability into our solutions as possible, commonly using a variety of verifiable credential formats including Anoncreds, SD JWTs, JSON-LD, JSON-LD BBS+, Open Badges 3.0, W3C, and Mobile Drivers Licence. Our team has years of experience implementing successful solutions, and we can advise you on the credential types that best meet your use case’s requirements, or help build a custom solution using an additional credential type your organization needs.
You’ll need to host your verifiable credential solution on a blockchain-based distributed ledger network — or have someone else take responsibility for writing credential data to the ledger. Either way, you’ll want to make sure that the network supporting your solution meets your needs.
A distributed ledger network, typically, consists of several networks: one for developing and testing a solution, one for demonstrating a solution, and a main or production network to support your finished product. There may also be a temp network for stress testing, which gives you the freedom to push your solution to breaking point and easily reset, something better done before going to market.
In all cases, there are several important questions: how much does it cost to use each of these networks (singly or bundled), including how much does it cost to write credentials to the main or production network and, if necessary, revoke them? How much will it cost to scale your solution, and whether “all-you-can-write” packages can simplify payments and deliver significant cost savings in the medium and long term.
Second, what kind of technical support or support packages are provided? If you are new to verifiable credential technology, is there full customer onboarding and operational support for each network? What kind of engineering support is there for solutions that are mission-critical?
You’ll also want to assess the network’s performance by asking for uptime metrics and ask how the network is monitored to ensure that any problems can be quickly addressed. (For example Indicio’s network has a 99.97% uptime)
In terms of resilience, you’ll need to know how many nodes support the network and how extensive their geographic distribution, as some customers, particularly governments, have regulations on where nodes can be hosted.
What rules will be in place for your decentralized ecosystem? Who will implement these rules and how will they be integrated into the system? While your solution might function from a technical standpoint, its usability in the field depends on governance. When considering a solution or provider, examine how rules such as trust lists for approved credential issuers are implemented. How are credentials verified in near-offline or offline conditions? Governance in decentralized identity often seems complex. It doesn’t need to be.
Indicio developed machine-readable governance to deliver this simplicity. This enables governance rules to be published in a machine-readable format (currently in development as a specification at the Decentralized Identity Foundation), propagated to all participants in a decentralized identity ecosystem, and cached in their software. This enables the governance authority responsible for the use case to quickly implement system-wide rules and rule changes, manage trust lists and provide offline verification. Indicio developed a Governance Editor to simplify creating the governance files. You can try it out here.
We hope this article gives you a decent starting place when evaluating your options for a decentralized solution. You can never ask too many questions, especially when building something to last. If you have an idea for a decentralized identity ecosystem the Indicio team is ready to answer any questions or help you get started, you can reach out here.