The term ownership means the act, state, or right of possessing something. For digital records, this requires control of private keys, for both issuers and recipients.
Many credential issuing products have features for designing records, customizing them with recipient information, and hosting them on a custom domain. However, not many systems facilitate gathering cryptographic keys from recipients. Why is this important? Because controlling keys is the heart of ownership, and the missing piece for most traditional solutions.
Legacy systems for issuing credentials typically provide access to a hosted link or private dashboard for seeing records of accomplishment. They might even send an image file that can be posted online. While all of these features are nice, they are essentially vendor controlled gardens and none of them bother with recipient keys. Without control of private keys, a record issued to “John Smith” could be claimed by any John Smith, which isn’t good enough.
Owning a digital record requires two things:
- The ability to use records without depending upon any 3rd party (issuer or vendor)
- Control of a private key that corresponds to the public key used within the digital record
While independence is fairly well understood, control of keys is a dimension that is often unappreciated. Cryptographic keys are simply long strings of numbers and characters that are unique, and generated in pairs. A public key is intended be shared and is mathematically connected to the private key, which only the owner possesses. It is only by virtue of possessing that private key that someone can demonstrate ownership of a record if challenged.
Getting prospective recipients to generate cryptographic keys and send you the public key sounds like a daunting task. Luckily, this is exactly what the Blockcerts mobile wallet does—it generates keys and makes the private key accessible via a convenient passphrase. And when your institution invites them to receive records, clicking a button will send you their public key. Easy.
Once keys are retrieved from prospective recipients, each recipient’s public key is written into their digital record. Finally, this record is digitally signed with the issuing institution’s public key. The result is a document containing the keys of both parties, and sent to the recipient. This heredity is important, because it answers the question about who issued the record and to whom it belongs.
If you are an institution looking for a credential issuing system, don’t settle for anything less than the full promise of ownership. While many companies are jumping on the blockchain bandwagon, know that the promise of blockchain technology is meaningless unless it enables recipient ownership and independent verification. Everything less is simply a marketing gimmick.
We’ll be writing more about ownership in the coming months as an ongoing theme that is getting enriched by new data standards at the W3C and Rebooting Web of Trust.