Looking Beyond Tokens — Verified Credentials
Tokens have emerged as one of the central narratives of Web3, with cryptocurrencies, utility or governance tokens, NFTs, and stablecoins being our current staples. However, another key emerging narrative that is relevant for both individuals, as well as businesses, is verified credentials, which are core tenants of decentralized identity.
Identity in Web2
In Web2, identity is a centralized concept. Platforms store their own sets of credentials to identify their users. This is achieved through usernames and passwords, or by using OAuth2 — where you use your login from one of the big tech platforms such as Google, Facebook, Twitter, LinkedIn, etc to sign up for an online service.
Regardless of which approach you use, your credentials are being stored and managed on a centralized service, which you have no choice but to implicitly trust as they are gatekeepers to a number of online services. They could suffer an outage, or worse case, your credentials could be stolen from them, but in Web2 you have limited other choices.
Regardless of which approach you use, your credentials are being stored and managed on a centralized service, which you have no choice but to implicitly trust as they are gatekeepers to a number of online services. They could suffer an outage, or worse case, your credentials could be stolen from them, but in Web2 you have limited other choices.
Identity in Web3: Decentralized Identity
Decentralized identity (DID) removes these platform gatekeepers from the mix, empowering users to control their own identities, where trusted organisations issue claims or facts about their users or customers, which can subsequently be easily verified by other services users may wish to use. These claims are the basis of verified credentials which are going to become an ever-increasing component of Web3.
What are verified credentials in Web3?
On the surface verified credentials (VCs) may appear similar to tokens such as NFTs — VCs are associated with an individual and can be stored digitally just like digital tokens such as NFTs. However, it's important to draw distinctions between the two technologies, as whilst they are distinct from one another, they're likely to be bundled together incorrectly when discussing use cases and applications of them.
Verified credentials vs tokens
A token resides on a blockchain, ownership is public and it can be traded. VCs do not reside on a blockchain, they are private facts that can be disclosed at their owner's discretion and cannot be traded.
A real-world analogy for how these technologies can be used is that an NFT could be your membership to an exclusive club. Whilst this NFT may give you access to this club, you could choose to sell it to someone else, transferring the access with it to the new owner. Contrast this with a VC which could be used to represent a passport or driver's license which is unique to you, and is issued directly to you by the appropriate government organisation.
A real-world analogy for how these technologies can be used is that an NFT could be your membership to an exclusive club. Whilst this NFT may give you access to this club, you could choose to sell it to someone else, transferring the access with it to the new owner. Contrast this with a VC which could be used to represent a passport or driver's license which is unique to you, and is issued directly to you by the appropriate government organisation.
Decentralized identity solutions
The opportunities for companies to become VC issuing organisations are mammoth, and this is one area where we will see huge investment over the coming years. The reason for this is that pillar of Web3 — trust.
Generally speaking, the larger the company, the larger its customer base. Large corporations, whilst inefficient in many respects, have significant influence in their respective industries and are trusted by their customers. They have their fair share of issues, be that regulatory or political, but broadly speaking, customers trust them enough to allow them to carry out their core service on behalf of the customer. That may be the provisioning of healthcare, utilities, financial services, products or other services.
This trust relationship is what can be leveraged by these companies to provide new products and services that cater for decentralized identity systems and initiatives.
Generally speaking, the larger the company, the larger its customer base. Large corporations, whilst inefficient in many respects, have significant influence in their respective industries and are trusted by their customers. They have their fair share of issues, be that regulatory or political, but broadly speaking, customers trust them enough to allow them to carry out their core service on behalf of the customer. That may be the provisioning of healthcare, utilities, financial services, products or other services.
This trust relationship is what can be leveraged by these companies to provide new products and services that cater for decentralized identity systems and initiatives.
Decentralized identity use case: academic credentials
The classically cited example is with proof of academic credentials. Historically, if someone wishes to prove that they have achieved a certain qualification such as a degree this is proven by presenting their actual degree certificate and potentially contacting the issuing institution for secondary verification.
With a decentralized digital identity approach, this proof of qualification could be issued by an academic institution as a VC to a student, where the proof is a cryptographically signed message by the institution associated with the student's own cryptographic key. The student can then present this VC to a prospective employer to prove that they have achieved this academic qualification. This prospective employer would then check the cryptographic signature of the issuer to verify the VC.
With a decentralized digital identity approach, this proof of qualification could be issued by an academic institution as a VC to a student, where the proof is a cryptographically signed message by the institution associated with the student's own cryptographic key. The student can then present this VC to a prospective employer to prove that they have achieved this academic qualification. This prospective employer would then check the cryptographic signature of the issuer to verify the VC.
Decentralized identity use case: utility bills and government agency
From this example, one can easily see how it can apply to broader businesses. Imagine if you wish to prove you are a current customer of a utility provider. The current model is to present a copy of a utility bill which can easily be doctored. Instead, your utility provider could be in the business of issuing VCs for their customers. This could provide cryptographic proof that you are a real customer of theirs. Or perhaps you're a government agency issuing passports or driving licenses. These too could be issued as VCs instead of physical documents which are subject to tampering and forgery.
These examples are just the tip of the iceberg, but they help illustrate how large the opportunity space is for VCs. Like it or not, unlike many other areas of Web3, large corporates and government agencies are very well placed to be the primary issuers of VCs due to their position as providers of trusted services that many citizens rely on in their everyday lives.
These examples are just the tip of the iceberg, but they help illustrate how large the opportunity space is for VCs. Like it or not, unlike many other areas of Web3, large corporates and government agencies are very well placed to be the primary issuers of VCs due to their position as providers of trusted services that many citizens rely on in their everyday lives.
Mainstream adoption of verified credentials
As with other parts of Web3, the user experience associated with these verifications isn't yet standardised, but down the line, it could be similar to when you access a website such as Google or Amazon and look for the padlock in the corner of your browser to trust that it's genuine. When someone wishes to verify a credential, they will have a similar proof point they can use to easily visually verify that the credential was issued by the accredited organisation.
VCs will not be underpinned by the aforementioned public key infrastructure (PKI) which secures much of the web, but the overall perception of trust provided by PKI is a useful reference point for how this can play out, albeit with decentralized technology as its backbone.
Decentralized PKI (DPKI) is already a very real concept which makes use of blockchain technology for publishing public keys, which given blockchains' immutable nature, will be a more robust solution for storing public cryptographic credentials than what we have currently.
VCs will not be underpinned by the aforementioned public key infrastructure (PKI) which secures much of the web, but the overall perception of trust provided by PKI is a useful reference point for how this can play out, albeit with decentralized technology as its backbone.
Decentralized PKI (DPKI) is already a very real concept which makes use of blockchain technology for publishing public keys, which given blockchains' immutable nature, will be a more robust solution for storing public cryptographic credentials than what we have currently.
We've seen cryptocurrencies and NFTs cross the chasm and enter the mainstream culture. Many organisations have scrambled to find opportunities to embrace these technologies. However, decentralized identity technologies such as VCs, while not as exciting for consumers, present a mammoth opportunity for any organisation providing valued products or services.
Some of the more savvy governments and corporates have been exploring DID networks for some time, but for many, it's still not baked into their Web3 strategies. This is a mistake, as the opportunity to be an issuer of VCs is far more relevant to many organisations than other components of Web3 that they may be considering. It’s even friendly from a regulatory perspective due to the control users have over how much of their personal data is disclosed which aligns well with initiatives such as GDPR.
Whilst DID and VCs may not be as popularised as other parts of Web3, they are going to be core tenets of Web3 and especially relevant to corporates. Which is why anyone with even a passing interest in Web3, should start taking them seriously.
Some of the more savvy governments and corporates have been exploring DID networks for some time, but for many, it's still not baked into their Web3 strategies. This is a mistake, as the opportunity to be an issuer of VCs is far more relevant to many organisations than other components of Web3 that they may be considering. It’s even friendly from a regulatory perspective due to the control users have over how much of their personal data is disclosed which aligns well with initiatives such as GDPR.
Whilst DID and VCs may not be as popularised as other parts of Web3, they are going to be core tenets of Web3 and especially relevant to corporates. Which is why anyone with even a passing interest in Web3, should start taking them seriously.
Have any questions or comments? We’d love to hear from you! If you want to find out more about blockchain, its growth, and newest developments, then check our blog or listen to our enlightening Web3 Innovators podcast.