Re: Materials from 2019-04-11 combined DID Spec and DID Resolution Spec meeting

David is correct that with decentralized identity and verifiable
credentials, verifiers are making two levels of trust decisions:

   1. The DID method
   2. The VC issuer.

Trust in the DID method only matters insofar as the verifier believes that
the DID & DID document is actually controlled by and authoritative for the
VC issuer. The vast majority of the trust reliance is on the VC issuer.

To the extent that a large number of verifiers default to trusting Google
and Facebook as "mega VC issuers", as David calls them, they indeed could
end out with the majority of "trust market power". But since anyone can
issue VCs—by design—it doesn't seem that's a problem we can solve with the
technical specifications alone. As David says, that's a matter of many
others who are source of trust in the economy today asserting themselves
in decentralized identity infrastructure.

On Mon, Apr 15, 2019 at 3:03 PM David Chadwick <>

> On 15/04/2019 18:53, =Drummond Reed wrote:
> > With DIDs and SSI, we are moving from an IDP model to a digital
> > credential model.
> whilst the above is hopefully true
> > Now the root of trust is not an IDP, it is the network
> > in which a DID is rooted
> I dont believe the above is. Users of SSI will still need a trusted
> issuer, one that the verifier trusts. And if verifiers decide to migrate
> towards a mega issuer such as google, then google and facebook could
> still corner the VC issuing market. Especially if today's existing
> trusted issuers in the physical world don't get their act together and
> start to issue VCs in the virtual world.
> David

Received on Tuesday, 16 April 2019 00:28:09 UTC