- From: Christopher Allen <ChristopherA@lifewithalacrity.com>
- Date: Mon, 21 Jul 2025 00:29:17 -0700
- To: Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CACrqygDXW=i7qwKhLE3KY31U+ADw3+Y1CCXPKktXK9np4zpHZQ@mail.gmail.com>
Thank you all for the thoughtful engagement with my "Musings of a Trust Architect" post. With over 58 replies between this thread ( https://lists.w3.org/Archives/Public/public-credentials/2025Jul/0082.html) and Adrian Gropper's "De-platforming humans" sub-thread ( https://lists.w3.org/Archives/Public/public-credentials/2025Jul/0095.html), the depth and variety of perspectives demonstrates why this community remains essential to the future of digital identity infrastructure. I want to highlight additional responses that emerged beyond this list: - Carsten Stöcker's detailed "Cyber Storm Rising: Designing for the Warzone" ( https://medium.com/@cstoecker/cyber-storm-rising-designing-for-the-warzone-ba83440d8cfe ) - Jaromil's analysis on "Privacy in EUDI" ( https://news.dyne.org/privacy-in-eudi/) - Various technical perspectives shared in Signal groups and other forums What strikes me most about our discussion is what we're *not* talking about - alternative models where the fundamental relationships are different. I'm particularly interested in approaches where governments explicitly reject the issuer role. Utah's new SSI law offers a compelling counterexample to prevailing narratives. Their statute (§ 63A-16-1202(1)(b)/(c)) clearly states that *"the state does not establish an individual's identity"* and instead *"the state may, in certain circumstances, recognize and endorse an individual's identity."* For details, see: https://blog.spruceid.com/utahs-digital-id-law-sb260-is-the-new-frontier-for-user-controlled-identity/ This represents a fundamental architectural difference. Rather than government-as-issuer or platform-as-mediator, Utah positions the state as a recognizer of identity claims made by individuals themselves. This aligns more closely with the original vision of self-sovereign identity - where the individual is the root of trust, not merely a recipient of credentials from authorities. The tension between Daniel's human rights framework and Manu's pragmatic incrementalism might find resolution in such alternative models. Kyle's concerns about "hierarchical centralization of issuance" become less pressing when the state explicitly disclaims the issuer role. Carsten's cybersecurity imperatives for resilient infrastructure could be better served by systems that don't create single points of failure or control. As Will noted, advanced privacy-preserving cryptography is becoming practical. But the question remains: will we deploy it in service of human autonomy or platform efficiency? The Utah model suggests there are unexplored paths between the purist and pragmatist positions. I'm working on a longer exploration of these alternative architectures - examining not just technical standards but the legal and institutional frameworks that either invert or preserve human agency in digital systems. This includes both building new models AND advocating for policy constraints on existing power structures. For those interested in the policy side, see "Building a Trustworthy Digital Future - Digital Identity in the Land of the Free," a white paper I contributed to on preserving individual agency in digital systems: https://www.btcpolicy.org/articles/building-a-trustworthy-digital-future-digital-identity-in-the-land-of-the-free Beyond the recognizer model, patterns are emerging around: - Duties under Agency Law for those holding digital personal identity data (based on principles of bailment, entrustment, or even fiduciary responsibility in cases like Apple and Google), such as duties to resolve problems, preserve access, and act in users' best interests. - Human-scale coordination systems that sidestep the platform/government binary - Exit rights that preserve actual data and relationships, not just the theoretical ability to leave - Community-based verification that doesn't require hierarchical trust anchors - Infrastructure explicitly designed to resist capture by limiting what power can accumulate The conversations here have sharpened my thinking considerably, particularly around how architectural choices encode power relationships that legal frameworks alone cannot remedy. Thank you again for engaging so substantively. These discussions matter because, as our community knows well, architecture is politics - and the architectures we build today will shape the politics of tomorrow. -- Christopher Allen Blockchain Commons P.S. For those interested in following the broader conversation, I'll maintain additional links and discussions with a synopsis of each at the bottom of the original post: https://www.blockchaincommons.com/musings/gdc25/
Received on Monday, 21 July 2025 07:30:01 UTC