RE: Market Adoption of VCs by Fortune 500s (was: Re: DHS Verifier Confidence/Assurance Level Expectation/Treatment of non-publicly defined Vocabulary/Terminology -- by using @vocab)

I typically don't respond to trolling but since I am both semi-amused and fully caffeinated, I figured I would provide a public response to the question below ... with absolutely no expectation that anyone cares or wants an actual answer :-)

>I thought Anil would be the best person to speak about the level of
>commercial adoption of the DHS VC profile.
> [Kaliya], Your reply misses my point.
> Kim, your reply also misses my point.
>[Manu], Your reply also missed my point.

The question is missing the point.

The assumption that the point of our implementation profile is to enable "commercial adoption" is, at best, incomplete.

In addition, I am also amused by the mention of "DHS / Homeland Security" being active and interested in this work with the intent to raise negative concerns about the choices we are making as being something that is untoward and uninformed ... particularly when folks are either unaware or choose to downplay/ignore the history of public sector support for openly developed, royalty free and free to implement standards.

So, let us start there ....

The two parts of DHS that are directly engaged and interested in the W3C VC/DID ecosystem work are also two parts of the US Government that are as old as America
>> U.S. Citizenship & Immigration and U.S. Customs.

  *   U.S. Citizenship and Immigration Services (USCIS) which will be using these global, openly developed standards (W3C VCs and W3C DIDs) to issue some of the highest value credentials that are issued by the American Federal Government (The US Permanent Resident Card, The US Employment Authorization Document and a variety of citizenship and immigration related credentials) that are used between jurisdictional boundaries and within the US for everything for employment applications to KYC.
  *   U.S. Customs (CBP/Trade) the largest customs organization on the planet and responsible for trade facilitation with the US i.e. If you want to import ANYTHING into the US you need to interact with CBP/Trade, and will be using these same global, openly developed standards (W3C VCs and W3C DIDs) to digitize organizational identity and trade import documents that are legally required to be presented to CBP/Trade before any supply chain can move things into the country.

Both entities are the sole, global authorities for what they do - and both have a global foot print across both the public and private sector. Both Organizations have the remit and the credibility to unilaterally make choices about how they want to pursue this work and make it stick.

We have chosen not to go down that unilateral path.

We made a conscious decision to be part of the VC/DID ecosystem and contribute publicly to the community in building capabilities based on those open standards because we have been conscious of the reality that:

  *   The W3C VC/DID ecosystem changes the locus of control in identity related transactions to the individual away from the traditional gatekeepers; we support this!
  *   There will be both invisible and overt resistance from those who have benefited from the status quo to that change; we will push back against this!
  *   Public sector organizations like us, who are walking down this path, have a responsibility to demonstrate how the technology should be implemented in a manner that is secure, privacy respecting and to put individuals in control of their own data, while not losing sight of the fact that equity and access to services and benefits for those who may not be comfortable with this new technology continues to exist as first class alternatives now and going forward i.e. we need to bake in feedback into our work from those who are ultimately impacted by the work - and not the vendors who build products with incentives that are not aligned with the public interest.

Our W3C VC/DID implementation profile and our incorporation of it into our technical deployment is an explicit, independently verifiable set of choices that demonstrates our commitment to transparency, security, privacy as well as global multi-party and multi-platform interoperability.

We very much welcome and are grateful to be working with like-minded organizations in both the public and private sector who also share our commitment. When those entities are ready, they will certainly speak to their work -- one of the benefits of the public sector is that we are not motivated by being on the bleeding edge or being the first mover or selling products, but instead seek to provide consistent, dependable services that are accessible and usable by all, over the long term.

So, "commercial adoption"? Meh

Ensuring that we meet our Customers where they are ...
ensuring that we support their choices and expectations when it comes to privacy and security ...
without being trapped or co-opted by negative market dynamics and gatekeepers between us and our Customers...

... and ensure that we move with thought, care and transparency in order to not break things that work well? Oh, That Matters To Us!

Best Regards,


Anil John
Technical Director, Silicon Valley Innovation Program
Science and Technology Directorate
US Department of Homeland Security
Washington, DC, USA

Email Response Time - 24 Hours

[A picture containing graphical user interface  Description automatically generated]<>[/Users/holly.johnson/Library/Containers/]

Received on Monday, 30 January 2023 17:00:33 UTC