- From: =Drummond Reed <drummond.reed@evernym.com>
- Date: Mon, 15 Apr 2019 17:27:32 -0700
- To: David Chadwick <D.W.Chadwick@kent.ac.uk>
- Cc: Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CAAjunnY3rukLp0vtKBY01X+cj7916=BqddaKzTVnyXcZ9emEvw@mail.gmail.com>
David is correct that with decentralized identity and verifiable credentials, verifiers are making two levels of trust decisions: 1. The DID method 2. The VC issuer. Trust in the DID method only matters insofar as the verifier believes that the DID & DID document is actually controlled by and authoritative for the VC issuer. The vast majority of the trust reliance is on the VC issuer. To the extent that a large number of verifiers default to trusting Google and Facebook as "mega VC issuers", as David calls them, they indeed could end out with the majority of "trust market power". But since anyone can issue VCs—by design—it doesn't seem that's a problem we can solve with the technical specifications alone. As David says, that's a matter of many others who are source of trust in the economy today asserting themselves in decentralized identity infrastructure. On Mon, Apr 15, 2019 at 3:03 PM David Chadwick <D.W.Chadwick@kent.ac.uk> wrote: > > > On 15/04/2019 18:53, =Drummond Reed wrote: > > With DIDs and SSI, we are moving from an IDP model to a digital > > credential model. > > whilst the above is hopefully true > > > Now the root of trust is not an IDP, it is the network > > in which a DID is rooted > > I dont believe the above is. Users of SSI will still need a trusted > issuer, one that the verifier trusts. And if verifiers decide to migrate > towards a mega issuer such as google, then google and facebook could > still corner the VC issuing market. Especially if today's existing > trusted issuers in the physical world don't get their act together and > start to issue VCs in the virtual world. > > David > >
Received on Tuesday, 16 April 2019 00:28:09 UTC