3… 5… next. — Say what?!

Image by Alexandr Ivanov, Pixabay

Personally, I have grown tired of the abundant use of the word trust in blockchain and SSI-related articles, explainers and ads. Not only does it feel heavily overused, the way I have come to understand SSI-related tech is that it’s less about enhanced trust and more about verifiability. The opposite of blind trust really.

Maybe this is a question of perspective. Here’s my take: I don’t need to trust you because I can look up the evidence of your claims. You claim to have a trading licence? — Show me! Of course, in relying on your digital proof I need to trust a whole lot of things, especially as a tech-naive user, such as the coders who have built the SSI(-ish) solution, the credibility of the credential issuer or some other third party involved in the business process. But what’s new? As soon as I switch on my laptop or smartphone, I put trust into the machine and its wonderous ways. Once I am at peace with this dependence, I can mentally isolate the thing that I don’t need to trust. — You. The person or organisation asserting something that I want or need to rely on.

So, why do I bother with SSI & friends?

I stumbled into this space a bit over half a year ago by joining a company providing web3 enterprise identity solutions. Since then, it’s been a case of soaking up what I can about the topic. It feels as if I am moving at snail pace though. Web5 has just sprung out of nowhere. I cannot tell whether this is the best thing since sliced bread or just a marketing stunt or somewhere in-between. Its appearance has certainly made a splash in the scene. Let’s see if it lives up to the promise. From the perspective of a total noob, it sounds like more of the same, just done with a different tech stack. Now, before you throw virtual foul eggs and tomatoes at me, hear me out.

I’ve only begun to explore the space. About seven months ago this piece of news would have meant nothing to me; might have even passed me by. Now at least, I’ve taken note. But remember, this is predominantly the kind of people we are all building solutions for in the SSI & friends space. From people who don’t even know what those 3 letters stand for to semi-informed folk who have read an article or two about verifiable credentials and another one or two on blockchain. This heterogenous population we tend to call end users. So, who is the web3, web5, webN marketing hype for then? Bedazzled businesspeople suffering a bout of FOMO? Software engineers seeking a meaningful or fun professional challenge? Investors looking to sink their money into the next unicorn hopeful? To outsiders it’s either as good as invisible or just another tech fad. What they care about is that someone solves their problems in the online world ideally with maximum digital convenience. How much do they care about the promises of SSI? Do they fully understand the responsibility that comes with it? Do we — the solution designers and builders?

I loved the framing by Susan Morrow, “One of the current issues in the identity industry is the conflation of consumer identity with citizen identity.” This concern only touches on private persons moving through the digital world. What about organisations? What happens when both — real people and non-human legal entities — interact in vastly different contexts?

Do we understand the scope of our technical constructs? I almost said “technical solutions”. But can we always claim to be building a solution to a real-world problem, or do we simply indulge in a techy wet dream? Is self-sovereign personal data management a solution to someone who has no idea how to handle it; or have we just added yet another burden to their life? How can we educate people about the benefits and risk management? With power comes responsibility. SSI promises to give people power over their personal data management. Are they ready to accept this responsibility? Of course, there are services, like custodial wallet providers, who can ease the burden. I gather that at least some SSI hardliners are not terribly fond of such a cop-out. How are you still self-sovereign when you literally hand over key aspects of your independence to a third party?

So, what about the other side — the people or organisations seeking assurance over your claims? Do they understand when and when not to request which data? How self-sovereign will you be when you’re not given a choice over when to present what to gain access to a product or service? Will the digital ease of verification entice constant demand for it? Will it become a box-ticking exercise “just to be safe” with minimal reflection on its purpose? How and by who will boundaries be defined?

There’s another disconcerting trend I’ve noticed in (social) media. Web3+ has a few stars in the arena. Somehow discussions of technological ideas and creations also drag these names in and judge the person or utter assumptions about these people’s assumptions and world views. This happens a lot in the entertainment and political world, of course. Can we afford identity politics creeping into STEM? Has this ever been any good?

The more I learn, the more questions I have. Paradise for the scientist in me. Headache for the product manager.

I am outside my comfort zone by giving you the frank opinion of a fairly naive and neutral observer here. This can be a touchy subject because people seem rather single-minded and emotionally involved in emerging tech solutions these days (or maybe this has always been the case and I’ve just never noticed). I’m not here to call anyone’s baby ugly. I see great potential in web3 … 5 … whatever you want to call it. What has become abundantly clear already at this early stage of my foray into the digital ID space is that conversations and implementations must not be solely about tech. Deep thought must be invested into the context in which the technological solution will exist — risks, boundaries and knock-on effects. It is exceedingly naive to say, “People will just have to learn to manage their keys.”. Besides, the weak spots are not just ‘those people’ — the end users. This maturing space abounds with deficiencies. Yet, we are talking about digital identity. If use cases are not scoped well and users not educated sufficiently, one mistake can upend your best friend’s life, cause your favourite take-away to go bankrupt or enable counterfeit drugs being stocked on your pharmacy’s shelf. Technological advances must allow people (users and tech experts alike) as well as legislation to catch up.

Further reading

• http://www.lifewithalacrity.com/2016/04/the-path-to-self-soverereign-identity.html [accessed 19/6/22]
• https://jolocom.io/blog/a-brief-history-of-ssi-where-does-it-come-from-a-timeline/ [accessed 19/6/22]
• https://www2.deloitte.com/us/en/insights/industry/public-sector/future-of-agile-identity-solutions.html [accessed 26/6/22]
• https://sovrin.org/principles-of-ssi/ [accessed 19/6/22]
• https://freecontent.manning.com/the-basic-building-blocks-of-ssi/ [accessed 19/6/22]
• https://medium.com/coinmonks/what-is-self-sovereign-identity-a8087b2bf0ea [accessed 19/6/22]
• https://consensys.net/blog/blockchain-explained/what-is-web3-here-are-some-ways-to-explain-it-to-a-friend/ [accessed 19/6/22]
• https://blog.cheqd.io/understanding-the-ssi-stack-through-5-trends-and-challenges-b15e911b4989 [accessed 19/6/22]
• https://medium.com/spherity/the-economic-value-of-decentralized-identity-part-3-395d9837c022 [accessed 19/6/22]
• https://www.blockchaincommons.com/articles/Principal-Authority/ [accessed 19/6/22]
• https://developer.tbd.website/projects/web5/ [accessed 19/6/22]
• https://blog.mollywhite.net/is-acceptably-non-dystopian-self-sovereign-identity-even-possible/ [accessed 19/6/22]
• https://cybernews.com/editorial/web-5-all-jack-should-know-about-digital-identity-but-is-too-afraid-to-ask/ [accessed 19/6/22]
• https://cointelegraph.com/news/struggle-for-web3-s-soul-the-future-of-blockchain-based-identity [accessed 19/6/22]

Originally published at https://www.blue-steens.com on June 26, 2022.