At the last Internet Identity Workshop, I announced my talk: “5yrs ago at this conference, Trinsic launched our self-sovereign identity platform. Today, I’m hosting a session called “SSI didn’t work. Trinsic is pivoting.” Since then it’s been a whirlwind helping customers improve their IDV flows through Identity Acceptance—accepting a digital ID (like mobile driver's license) instead of uploaded photos of physical IDs. Only recently, during a couple of 2am - 5am shifts with a newborn baby, did I get around to following up on that IIW talk. 😂 Many people asked me to turn that presentation into a blog post, so here it is! The intent of the post is simple. I’m no longer betting on interoperable digital credentials taking off. This post articulates why. Specifically, interoperable, standards-based digital credentials like verifiable credentials (and its variants) face three impossible* problems that block adoption: Interoperability vs innovation catch-22 UX always worse initially Scattered heat map I dive into each of these problems in depth in this post. If someone can crack these, they’ll quickly be a millionaire. Obviously, there are hundreds of organizations that ostensibly want interoperable digital credentials. But despite all this spend and attention, have failed to adopt. If these problems are solved, I think adoption can occur and the enablers can succeed wildly. *While I term these "impossible problems", I hope I'm proven wrong. This post is my call for others to pick up the baton and run with it, not from the starting line, but with hard-earned lessons behind them. There are probably only 100 people on earth that care enough about this topic to read the whole post & apply the content. But if you’re one of those, I’d love to hear your feedback & keep the discussion going! Big thanks to Kim Hamilton Duffy Timothy Ruff Gerald Glickman Eve Maler David Grantham James Monaghan and Zachary Jones for giving feedback on a draft of this post 🙏 https://lnkd.in/g7KkY656
Alen Horvat
4mo
Today, the Identity Provider (IdP) space functions largely as a winner-takes-all market. In contrast, Verifiable Credentials (VCs) require a shift in philosophy, moving from "I trust the information because I trust the source" to "I trust the information because I can verify it." For VC frameworks to be effective, many elements that are currently implicit must be digitized and made explicit. For example, the fact that an organization is authorized to issue a credential should be verifiable. Based on this premise, two potential outcomes emerge: a) A single vendor dominates the market, leading to the scenario outlined in the article. b) A VC framework is established that reaches a Nash equilibrium. In this case, the framework would need to be collectively owned by everyone and no one, transforming into a public good. Note that nothing prevents me today to obtain an ID Token bound to a public key I control, and present it to a 3rd party (who's not the ID token audience). Challenge is to convince the 3rd party to accept that ID Token.
Julian Wilson
4mo
Hello my friend…. Riley Hughes I sense the frustration that comes with being a pioneer: putting yourself in the spotlight and predicting when the three planets will collide [think ven diagram] and what the world will look like [how much more efficient /happy/beautiful/secure we all will have become]. I too have many arrow scars in my back. But… it is a timing thing . As @alenhorvat says below .. evidence of the indisputable benefits of using proof ‘frameworks’ will not truly be realised until and only when there is critical mass of ‘participation’. [my words not his]. The problem with the focus of most current use cases is that they are being used to represent something that rarely [if ever] changes [identity] and which is seldom used. When we can use the same techniques [verifiable credentials] to represent a wide range of ‘stuff’ which is used on a daily basis: then the benefit of asserting and relying upon data WITHOUT the pre requisite of a pre arranged relationship, will become obvious. So much so that to consider building a closed network and assume the costs of engagement of all parties would be economic nonsense. #keepthefaith
Jonathan Rufrano
4mo
Riley, I can't imagine how heavy everything must have felt as you came to this conclusion and gave this presentation. I applaud your courage, and your continued hard work in this space as a leading voice over the past half decade. I have not been to the past couple of IIWs, but I have been in DC speaking with lawmakers and web3 companies across verticals. Many of those I speak with are in fact craving a reusable identity credential in order to solve disparate issues they face. I don't mean to disregard or disrespect your words or experience over the past few years. I merely hope to add another perspective to the conversation. I'll say though that I don't hold your viewpoint on markets deciding the winners, that if the market says the product isn't good, then it isn't good. To your point about the two large identity companies you quoted, I would argue that they're not creating the better product for the market. They're just not following the same egalitarian principles that Trinsic and other open-source SSI companies created for the space, and that gives them significant advantage, to the point of cornering the market in their favor. Markets get manipulated. Monopolies form. Users are stuck with bad products. That's why we build.
Riley Hughes, I appreciate your tremendously thoughtful approach in all things. We all benefit from your thoughtfulness and openness about your evolving thinking. More generally, thank you for your: - Courage in speaking unpopular opinions - Showing remarkable determination in getting to the "why" - Framing it as a dialogue What's truly incredible about what Riley's done (mathematician hat on), is he writes down his assumptions, documents his findings, and invites people to diagnose/debug/share in the evaluation. We may, and often, disagree on things, but the fact that your work allows this precise / nuanced discussion makes your work complete gold in my book. And on a personal note, thank you for tolerating my extensive feedback. As soon as I get a moment, I can summarize that here.
Elias Ekonomou
4mo
Wow, takes a lot of courage to write this - congratulations. It makes sense for a company like yours to pivot, before it is too late. However, it may be that SSI does not work, but Decentralised Identity will work. I hope people get the difference. Big words about user privacy and freedom do not sell product and cannot drive SSI it forward. We need governments and large tech to adopt the standards, and they need to have tangible obvious reasons to do so. We may also need DID to be standing alongside something else, e.g. have a place in IAM (the way Microsoft is doing it). Also, yes, we spend way too much time talking about it and no so much doing it. Here in Europe, I currently have done 5-10 "centralised" identity verifications in the last 2-3 years (all relating to KYC for my banks and similar). Some of which are from the same issuer, for different verifiers. There is no reason why these could not have been reusable.
Thank you for taking the time to share such a raw post. As a fellow founder, I can relate. At IIW, I plan to talk about the difference between leading with identity as a solution or a building a solution that leverages identitiy. Building a solution that leverages identity is what makes the companies successful that you mention. It is the approach I took when I started the groundwork for Numeracle in 2017. It does take all kinds, but I hope to help others look at the markets they are focusing on a little differently and perhaps tweak or pivot their approach for success.
Ultra Quamfy
4mo
Was this written pre-sovrin news(knowledge)?
Eve Maler
4mo
Riley Hughes, your article is an exemplar of courage, honesty, and practicality. Thanks for inviting me to take an early peek at it. In case others might find it of interest, here's a distillation of the comments I offered. - Moxie Marlinspike noted in his infamous “thoughts on Web3” that “A protocol moves much more slowly than a platform.” You’ve got a very nice living example. - The SSI world hasn’t fully contended with the similarity of its main use cases to supply chain management. Cross-border travel and KYC are not primarily about privacy, they're about tracking the movement of unique entities (people vs. luxury goods or whatever) in a system. It's required to try and preserve privacy, but few of these use cases offer something people inherently want. - Federation is likely to continue to be involved on the back end even if supplanted on the front end. - Relying parties are always the toughest constituency. I support efforts to focus on them…as you are now doing! I'm watching with interest.
Peter Cranstone
4mo
Finally, someone who speaks out. I've been a broken record about this for 10 years now. It's why we invented Augmented http/html - yep, same old web standard, but a whole lot smarter. Designed around the 7 Laws of Identity which I'm sure you're familiar with. We've cracked Laws 5-7. I'll read your blog post and get back to you with some comments. We patented our IP but no longer own the patents (RPX does.) We were the first to invent DNT and if you read this patent, you can see what else it can do, that the original spec never thought about. https://patents.google.com/patent/US8639785B2/en
Cofounder, CEO at Trinsic
4moLinkedIn won't share a preview of the post for some reason, so give it a read here: https://rileyparkerhughes.medium.com/why-verifiable-credentials-arent-widely-adopted-why-trinsic-pivoted-aee946379e3b