#SSI101: Verified Credentials and Data Portability
The atomic unit of a secure, privacy-preserving, future-proof data exchange
Having covered the core complexities of identity systems until now, we have mostly dealt with identities and systems. We mentioned in passing that attestations do not become data without identity and context. Here, we will detail how so-called “Verifiable Credentials” encapsulate that data with enough identity and context information to make them a powerful unit of data that can highly portable, valuable, and self-contained.
Verified Credentials as secure data capsules
Verifiable Credentials (often called “VCs”for short) are small packets of information, which function like high-tech envelopes that can contain any kind of information worth verifying: a sensor reading, a claim about a human, a license or diploma, a series of GPS coordinates, a pointer to a file stored securely elsewhere, anything. In addition to their “payload” or contents, VCs also store some “metadata” and links that facilitate the kinds of verification, encryption, access control, and traceability discussed in previous entries of this series.
Since these envelope-like wrappers have robust privacy and access controls coded into their basic architecture, they keep private and contextual data (even those generated over time by your machines and algorithms) limited to its intended scope, free to travel as self-contained objects more widely than the closely-controlled keys that control and unlock them.
It is important to note that “traveling” is the core function of a verifiable credential, not a special case. The main utility of VCs lies exactly in their circulation between silos, across security perimeters, and into new contexts over time. Another core function is that they verify those sometimes distant and unknown contexts cryptographically. In the evolution of thinking about digital identity systems, an earlier form of the concept went by the name “Verifiable Claim” — i.e., an attestation with enough metadata to have its relevant identities verified and thus be more useful as data. In the context of attestations by and about human individuals, this was a logical choice of terminology.
But as a broader horizon of use cases and utilities (as well as non-human identities) entered the conversation, it became clear that the basic unit of data should include a little more context or references to external standards, turning these verified claims into credentials, designed to be more flexible for presentation to strangers and to future interlocutors in unforeseeable future situations. Indeed, bundles of VCs (from different points in time, for instance, or across multiple contexts related to one identity) are called “Verifiable Presentations,” since VCs can rarely stand alone when presented to unknown or untrusting actors in complex real-world examples.
Granular encryption + Separate access layer = Security-by-design
Widely circulating sensitive or valuable data might sound surprisingly universal or simplistic in today’s security-focused data landscape, but this is largely because the aging architecture and security methods of today’s hierarchically-organized servers has grown nearly impossible to effectively secure after decades of incentivizing a worldwide information theft industry. Indeed, security has famously been “bolted on” after the fact to file systems and worldwide networking systems that were never intended to carry as much value and consequence as they do today.
By building in ownership and subject-centric access controls at the protocol level of identity objects, and linking these to data objects that are radically portable and storage-agnostic, many of the inherent weaknesses of the current systems can be sidestepped altogether, centralizing less risk and access in one server or master account which can grant access to mountains of data.
Complex capacities for limited, contingent, and revocable sharing are built into the very format of a VC controlled by a DID, as defined by the Worldwide Web Consortium. This division of labor between VCs and DIDs means that “exfiltrated” or otherwise misdirected VCs can simply be opaque, encrypted junk, as they require the consent of their controlling DIDs to be read. This shifts security priorities from the central repositories of data to the individual identity objects controlling each piece of data, making completely encrypted data less of a risk to transport and less of a liability to store or backup.
While the consequences of such a paradigm shift for enterprises are complex, the benefits can be summarized simply: better data which is easier to control and secure, with precise consent and privacy built in. This makes for happier end-users, with a more mutually-trusting, less antagonistic relationship to the organizations holding and using their data. Data subjects do not need to request resources or bandwidth from the organizations vouchsafing their data to present it in new contexts or have it verified again and again as it circulates.
Verified credentials can even be privacy-preserving security implements in and of themselves, functioning like hotel keycards or one-time passwords to verify an attribute rather than an identity or a role. Many organizations are starting to move towards security systems based on attributes (of actors and assets), and VCs are a lightweight and flexible way of implementing. In such use cases, attributes can be confirmed by issuing a VC containing an “access token” which can be verified at various automated checkpoints in one or more ways (cryptographically, with reference to additional VCs, “behaviorally,” etc) without leaking data. Here is an example of such a straight-forward VC containing such an access token and its metadata:
Verified Credentials as building blocks of modern, agile business process
Another way of thinking of a VC is as a business-ready document — a simple computer file, encoded with relevant ownership, access, and origin information that can be updated separately. The file contains data that might contribute to a business process by making two parties trust each other more, checking a box on a checklist, fulfilling a requirement, or forming part of a dataset. The metadata makes it searchable, anonymous or pseudonymous, and in some cases de-anonymizable as needed (at least when queried against a powerful identity system like Spherity’s by the appropriate authorities). It also facilitates the hard-coding of rules about consent for use, sale, resale, etc. in a way that is machine-readable for batch processing.
Presenting or exchanging credentials with unknown actors provides a kind of decentralized authorization and authentication for establishing business relationships or securing communication channels without relying on third parties, giving neither actor a “home court advantage” and compromising the privacy of neither. This so-called “credential-based trust” is self-evidently valuable and powerful in a digital economy moving steadily towards production-on-demand, consumer-driven object marketing, and other agile business models only made possible by digitized identity and instant communications. Different visions of the macro-economic shifts caused by this “trust layer” are the subject of our #SSI301 series about future economies.
More tangible in the medium-term are the auditable, securable integrations into our customers’ systems that we are building today to make their value chains more agile, less siloed, and more future-proof. Thinking of VCs as a kind of harmonized data format for more open data economies, wrapping existing data in this more portable, more powerful format maximizes the chances of today’s transaction data fueling tomorrow’s readily auditable business intelligence or monetizable machine-learning data. They can include the little ticks emitted by a smart utility meter in the physical world just as easily as it could include the measurements of a metaphorical “service meter” counting computation expenditure and traffic through a serverless architecture like our own Software-as-a-Service backend.
In various industrial use-cases analyzed in our 201 series, we show how the “VC”-powered versions of human resource processes, inventory systems, and industrial data flows are already worth bringing us into the decentralized future today. Today’s cars, for example, contain a veritable ecosystem of data events pouring out of maintenance sensors and efficiency meters, which might seem like straightforward data streams until you think about the privacy implications of rental car fleets, mechanics subcontracted to maintenance service providers, insurance companies, real-time traffic-prediction systems, and so on. As these sensors move to a DID/VC model, they can continue to do what they do best: produce large volumes of encrypted VCs on autopilot, leaving the ownership of and access to those VCs to be managed elsewhere, in real-time, independently. Every industrial use-case we have worked on with our clients is comparably complex in privacy and/or security terms, yet there is real value driving our clients to invest in this powerful way of organizing it.
To dive just a little deeper into the mechanics of both security and privacy, we now turn our attention to encryption and correlation, two of the fundamental mathematical concepts underlying all the privacy and security mechanisms inherent in identities and VC data flows, yet two concepts rarely explained well to outsiders to the data economy.