RE: The Battle for the [Verifiable Credentials] Brand from steve.e.magennis@gmail.com on 2023-01-24 (public-credentials@w3.org from January 2023)

From: <steve.e.magennis@gmail.com>
Date: Mon, 23 Jan 2023 16:14:45 -0800
To: "'Manu Sporny'" <msporny@digitalbazaar.com>, "'W3C Credentials CG'" <public-credentials@w3.org>
Message-ID: <029d01d92f88$dd3a6630$97af3290$@gmail.com>
> If people want a "big tent" term, we should follow the "Canadian National Technical Specification for Digital Credentials and Digital Trust Services" lead and call them "digital credentials".


I'm honestly a bit on the fence with the 'big tent' vs 'brand name' conversation. An unsigned pdf could be considered a 'digital credential' if the term is taken literally but I don't think that is what anyone wants it to mean. An mDL could also be called a digital credential but it comes with both security and trust features that an unsigned pdf doesn't have as well as specific attributes that make it decidedly not a VC. 

I would love to see a 'big tent' term that encompasses at least:
* Issuer / holder / verifier model
* Ability to confirm payload integrity
* Ability to confidently identify the identities of the parties involved in credential activity

This would at least get everyone in the same ballpark when talking about this stew of crypto, protocols, and encoding but not be so generic that an SMS message qualifies. I would agree then that 'small tent' terms or 'brand name' terms become something that differentiates rather than confuses the larger concept and potentially reduces the pressure to dilute what a VC or mDL or BioSecureSelectiveNonChain Credential is.

-S


-----Original Message-----
From: Manu Sporny <msporny@digitalbazaar.com> 
Sent: Monday, January 23, 2023 2:52 PM
To: W3C Credentials CG <public-credentials@w3.org>
Subject: Re: The Battle for the [Verifiable Credentials] Brand

On Mon, Jan 23, 2023 at 4:18 PM steve capell <steve.capell@gmail.com> wrote:
> I'd expect that uptake will sort out competition. Simplicity usually wins the day.

It's dangerous to bet on that, isn't it? The best/simplest technology is not guaranteed to win in the long run. There are many aspects to a technology succeeding, and we can't discount education and marketing as some of those factors... especially when there is an active marketing counter-campaign going on right now to dilute the term "verifiable credential" to mean something it isn't.

This is related to the VCWG megathread around gutting the Verifiable Credentials data model in the name of "building a bigger tent":
https://github.com/w3c/vc-data-model/issues/947

If people want a "big tent" term, we should follow the "Canadian National Technical Specification for Digital Credentials and Digital Trust Services" lead and call them "digital credentials". It's one of the things, among many, that the Canadian federal team got right.

Through our customer engagements, we have noticed a significant uptick in vendors attempting to confuse organizations by insisting that they've been doing "verifiable credentials" for years and then citing a bunch of technologies (such as bare JWTs) that are clearly not verifiable credentials, but are instead their own proprietary solutions or different standards (or pre-standards) such as mDL or mDoc. There is nothing wrong with using the term JWT/mDL/mDoc, or Verifiable Credential... but there is a big problem with calling an mDL a Verifiable Credential (or a Verifiable Credential an mDL) -- two observably different technologies. They're both types of "digital credentials"... but calling one the other is, at best, misguided, or at worst, disingenuous.

... or in other words, diluting the "Verifiable Credentials" name to mean "any digital credential technology" in an attempt to possibly 1) ride on the coattails of what this community has been doing for 7+ years while not supporting the features that make Verifiable Credentials useful, or 2) confuse the customer into adopting a proprietary solution, or 3) sell an alternate stack that has little to no demonstrable cross-vendor interoperability.

>  I note the "grand unified theory of trust" presentation that puts a lot of weight behind KERI. It could well be that I've simply not understood it properly but it seems to me that KERI adds a lot of complexity for very little value.

I have the same set of confusions around the KERI stack, for more or less the same reasons that you highlight, but have chosen to "let the market sort it out" rather than try and argue the points from an academic standpoint.

-- manu

--
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
News: Digital Bazaar Announces New Case Studies (2021) https://www.digitalbazaar.com/
Received on Tuesday, 24 January 2023 00:15:01 UTC