There are three slightly divergent issues brought up in this discussion
that I'd like to make clear my thoughts on:
* There is nothing that stops an organization from reproducing a
certificate authority style models or other centralized models using
self-sovereign technologies. However, I will fight against that style being
mandated in open standards in any form — I didn't object strongly enough
against the risks of X.509, certificate authority models, and
browser control of root certificates when I co-authored SSL/TLS, and I
don't want us to make that same mistake again.
* Many of these scenarios do not adequately allow parties at the edges to
choose who they trust. Again, in the DID/VC architecture all parties are
peers and can offer any role. I'm fine someone chooses to only trust
parties trusted by someone else, but again, it should not be mandated. I
worry that some solutions offered will not allow the edges to choose. I
also worry that many of the scenarios shared so far do not adequately
separate identity assurance, claim verification, authorization, etc.
* Be aware that the future will be moving toward multisignature scenarios.
I may use a 3 of 5 collaborative control set under my personal authority to
demonstrate control of my self-sovereign DID, and I may also have a 4 of 9
set of keys give people that are authorized to revoke my control or 5 of 9
that have authority to give it to a new party (ideally me in case of a
catastrophe, buy maybe my heirs.) Many of these scenarios may be better
addressed by multisig threshold scenarios as well. For instance, presenting
an aggregation signature of 3 of 5 verifiable claims from different issuers
could be used to authorize something greater, without having to "phone
home" to the issuers for the greater authority.
— Christopher Allen