Remaking Credentials
As we move from a world of discrete paper repositories to a world of interconnected digital systems, we need official records that are natively digital to reap the full benefits of electronic exchange.
When desktop computers came into the workplace 25 years ago, the problem of paper remained. How could print layouts be shared and displayed across a variety of electronic machines and operating systems? The most prominent solution that emerged was Adobe’s Portable Document Format (PDF), a proprietary solution released in the 1990’s as a way to share documents that included text formatting and in-line images. Even though more features were added over time, in essence, PDFs operated as a paper analogue for computers.
As the adoption of PDFs became more widespread, this format was adopted by some organizations as an alternative to paper for embodying and conferring official records to recipients. Since PDFs are not hard to alter/edit, they needed to be “sealed.” So, digital signatures from the issuing institution were added, which rely on a centralized party, like Adobe, to verify the entity behind the signature. While this method gained modest traction, it hasn’t created a new normal for the peer-to-peer exchange of official records. In fact, the Apostille (notary) process is still the standard for transmitting official records internationally. Further, plenty of vendors have entire business models to be the trusted middleman for sending or verifying records.
The end result of PDFs has been a failure for trusted records. Desktop computers may be able to display them, but little else. People must still pay money and wait a long time to have their records sent. Relying parties must spend time and money to make sure these records are legitimate. Basically, these PDFs are no more functional than paper — they are very large files (slow), not enriched with metadata, and not easily machine readable. All of this prevents the transformational benefits and efficiencies of a truly electronic exchange.
PDFs + Blockchain?
With the rise of decentralized systems, blockchains have become famous for enabling a new level of security and peer-to-peer exchange for digital assets. Not to miss a marketing opportunity, some software vendors have added blockchain timestamping to their PDF credential service. This is a process by which a document is registered on a blockchain, at a specific point in time, to prove that a certain version existed. The question here is what added value does timestamping actually provide in this scenario? Very little.
Blockchains were made to enable decentralized systems where digital assets are cryptographically owned by recipients and function peer-to-peer without relying upon any vendor or third party. So, unless a software provider has gone to lengths that make both of those goals real, no fundamental benefit is being realized from using a blockchain. The vendor still provides all of the assurances, and the blockchain is simply providing redundancy. Further, proprietary approaches that aren’t open-source, or based on open data standards, are doomed to a short lifespan.
Even when a PDF has been digitally signed and blockchain timestamped, it doesn’t suddenly become useful as a software object, beyond the mere ability to view it. Official records as stand-alone objects are completely uninspiring. We need to do better and we have the technology to do so.
Official records can be made as software to interrelate with other systems in reliable and dynamic ways. This is how we reach the automation, speed, analysis, and discovery that everyone desires. PDFs were a capstone for the age of paper. They are not the way to enter a truly digital age.
Natively Digital Credentials
JSON is the default choice for transmitting data on the Internet and within web applications. While originally named for moving JavaScript objects, it is now used as the standard format for any popular programming language. The most common use cases are for web APIs that send data between 3rd party systems, or to communicate within a system between a server and a user’s browser.
As the de facto standard for transmitting data, JSON must be the starting point for any type of official credential that seeks to take full advantage of the web and electronic exchange. This is why JSON was the starting point for Blockcerts, the open standard for blockchain-based credentials, launched with MIT in 2016. The primary question was how to fully equip a JSON file with the properties needed to operate as a modern credential. In addition to being instantly verifiable using a blockchain as a global notary, a few design principles were always priorities:
- Open source
- Reliance on open standards
- Recipient ownership
- Minimize resource requirements (computation, cost, etc.)
- Must be viable without any proprietary product
- Blockchain-agnostic
These minimal requirements resulted in a solution now regarded as the most secure, interoperable, and standards-based way to issue and verify natively digital records. Committed to eventual alignment with the W3C’s Verifiable Credentials Specification, these JSON files are digitally signed by an issuer and anchored to a blockchain for later verification. Even the visual presentation layer has been cryptographically sealed, so parties looking at the credential know all of the machine readable data is fully integrated with what they are seeing on screen.
Further, each credential has an embedded cryptographic key unique to a recipient, allowing the recipient to prove ownership of the credential.
The potential for computer systems to organize, filter, combine, and understand digital credentials is limitless — for systems of both issuers and verifiers. Imagine having an HR system that automatically verified, organized, and used machine learning to help derive insight about a pool of applicants.
In Summary
While PDF documents are digital, they carry all the same limitations of paper. They are inert and heavy files whose value are confined within their own display, which is of little value in a world connected by computer systems.
It’s not hard to see how the PDF-or-JSON difference might get lost when they look very similar on screen. However, the difference is profound. Understanding that chasm starts with appreciating the full range of function inherent in software objects, their readiness for other systems and processes beyond mere display. Each digital credential has the capacity to interlock with different networks and economies like machine parts, maximizing the value of those credentials in different ways for everyone involved.