W3C home > Mailing lists > Public > public-credentials@w3.org > January 2023

Re: The Battle for the [Verifiable Credentials] Brand

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Mon, 23 Jan 2023 17:52:29 -0500
Message-ID: <CAMBN2CRSB_vNooxipzmD6Ckiu6L0iu4NNh-DB+-nwR6Fht5PFg@mail.gmail.com>
To: W3C Credentials CG <public-credentials@w3.org>
On Mon, Jan 23, 2023 at 4:18 PM steve capell <steve.capell@gmail.com> wrote:
> I'd expect that uptake will sort out competition. Simplicity usually wins the day.

It's dangerous to bet on that, isn't it? The best/simplest technology
is not guaranteed to win in the long run. There are many aspects to a
technology succeeding, and we can't discount education and marketing
as some of those factors... especially when there is an active
marketing counter-campaign going on right now to dilute the term
"verifiable credential" to mean something it isn't.

This is related to the VCWG megathread around gutting the Verifiable
Credentials data model in the name of "building a bigger tent":

If people want a "big tent" term, we should follow the "Canadian
National Technical Specification for Digital Credentials and Digital
Trust Services" lead and call them "digital credentials". It's one of
the things, among many, that the Canadian federal team got right.

Through our customer engagements, we have noticed a significant uptick
in vendors attempting to confuse organizations by insisting that
they've been doing "verifiable credentials" for years and then citing
a bunch of technologies (such as bare JWTs) that are clearly not
verifiable credentials, but are instead their own proprietary
solutions or different standards (or pre-standards) such as mDL or
mDoc. There is nothing wrong with using the term JWT/mDL/mDoc, or
Verifiable Credential... but there is a big problem with calling an
mDL a Verifiable Credential (or a Verifiable Credential an mDL) -- two
observably different technologies. They're both types of "digital
credentials"... but calling one the other is, at best, misguided, or
at worst, disingenuous.

... or in other words, diluting the "Verifiable Credentials" name to
mean "any digital credential technology" in an attempt to possibly 1)
ride on the coattails of what this community has been doing for 7+
years while not supporting the features that make Verifiable
Credentials useful, or 2) confuse the customer into adopting a
proprietary solution, or 3) sell an alternate stack that has little to
no demonstrable cross-vendor interoperability.

>  I note the "grand unified theory of trust" presentation that puts a lot of weight behind KERI. It could well be that I've simply not understood it properly but it seems to me that KERI adds a lot of complexity for very little value.

I have the same set of confusions around the KERI stack, for more or
less the same reasons that you highlight, but have chosen to "let the
market sort it out" rather than try and argue the points from an
academic standpoint.

-- manu

Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
News: Digital Bazaar Announces New Case Studies (2021)
Received on Monday, 23 January 2023 22:53:19 UTC

This archive was generated by hypermail 2.4.0 : Monday, 23 January 2023 22:53:20 UTC