< All posts

Credential Issuing Systems: Five Questions to Ask

A guide to help navigate solutions claiming to provide blockchain-based identity records. Don’t be fooled by fakes.

Now that the Blockchain and Self-Sovereign Identity have become popular concepts, both startups and legacy vendors are claiming to provide some flavor of blockchain solution that issues digital records to people in a verifiable format. It can be confusing for organizations to separate the facts from the hype and to understand vast differences between various solutions. These might be technical solutions like new “tokens,” or something seemingly familiar like traditional systems that somehow have a little blockchain sprinkled on top.

The only way to stay oriented within this evolving landscape is to understand a few core values and then have a list of questions that your institution can ask any vendor.

Core Values

Self-Sovereign identity is based on the belief that people have the right to own and use their identity records in manner that is private and that has no dependency upon outside agents in order to transmit or verify records. This requires both recipient ownership and vendor independence. Once these two principles are fully understood, they uncover a world of practical considerations for any new credential issuing system. Before we get to these questions, let me briefly comment on two problematic approaches.

Tokens: A Diversion

The challenge with new token-based solutions for identity records is that they usually violate vendor independence. Most tokens are centrally created and managed by a single vendor, even if this is masked by a foundation. Beyond being unnecessary, this creates a single point of failure which threatens the usefulness of these records long term. Initial Coin Offerings (ICOs) can also create strange financial incentives that threaten the health of a network and ultimately threaten the verifiability of any records which are part of that system. I don’t mean to condemn any and all ICOs providing decentralized services, but in the case of identity records, it is a suspicious move given that public blockchains already provide the security and infrastructure needed for a truly decentralized verification network.

Time Stamping: Not Enough

The problem with vendors who use the blockchain for simple time-stamping is that they don’t provide recipient ownership or vendor independence. People cannot demonstrate that the time-stamped records were actually issued to them because the documents do not bear both the digital signatures of the issuer and the recipient. In other words, these vendors are using “blockchain” as a marketing gimmick, where the technology isn’t being used in a way that provides any added value beyond traditional digital document security, which has already been broken.

When the blockchain is properly used as a decentralized verification network, it offers the ability to unlock the power of digital records by making them trustworthy and instantly verifiable anywhere in the world. Improperly used, the blockchain becomes an unnecessarily cumbersome technical layer. So let’s ask the right questions.

5 Questions for Credential Issuing Systems

Many systems claim to issue self-sovereign identity records utilizing “blockchain technology” in some way. Use these questions to clarify their offering.

1. How do recipient keys or Decentralized Identifiers (DIDs) get generated, retrieved, and built into the credential about to be issued?If this isn’t happening at all, the system is not providing recipient ownership. For instance, an academic transcript issued to “John Smith” could be used by any John Smith. That isn’t good enough. The real John must be able to demonstrate that the transcript was originally issued to him.
2. If the vendor goes down or goes out of business completely, will the records still verify? If not, these records don’t provide the longevity required of important identity records. Vendors go down, get acquired, or go out of business all of the time. Records intended to last a lifetime, like birth certificates, need to last beyond the lifetime of any specific vendor.
3. Does the issuing system allow records to verify even if we (the issuing institution) cease to exist? If not, then the blockchain is not being used properly. One of the main benefits of blockchain technology is increased durability and convenience. If a solution remains centralized, no new benefits are actually gained.
4. Does your system allow us to anchor records to any blockchain? If not, the system is likely using a proprietary, non-standard approach, and/or network, that violates the principle of independence. Public blockchains have proven they can scale and survive security threats. And their openness (open-source, open-access, borderless, neutral) goes a long way to preventing censorship down the line. Anchoring important records to brand new networks is simply an unnecessary risk.
5. Does your system use the Blockcerts Open Standard? This is a shortcut for answering all of the prior questions. Blockcerts is a community project, incubated at MIT, and not owned by any vendor. It will survive even as vendors come and go.

Good Examples

Learning Machine and uPort are two examples of software providers that have held true to the underlying principles of individual privacy, ownership, and empowerment. Both support natively digital records in a format that are standards compliant and truly owned by the individual.

Unfortunately, many do not live up to these high standards. I hope to see more institutional issuers and vendors pursue the true promise of blockchain-based records because the future it unlocks provides the convenience and ownership we all want: records that can be used directly in the world when needed, and instantly trusted by anyone, even across borders. The potential for time and cost savings across sectors is enormous, not to mention the simple satisfaction of possessing one’s own important documents. At Learning Machine, we are doing our part by providing elegant software for institutions to easily create and issue these digital identity records with a beautiful product that is easy to use.

Contact us today to learn more.