Once again on the topic of identity

with a dash of IIW31

There’s an article I came across recently - a listicle around how to take steps to prevent cybersecurity incidents. The very first point around password management kind of dates it to the old ways of doing things. With SSI based systems, there is now good ways to not have passwords and instead have passwordless authentication - watch this short video on the use case.

The point I wanted to highlight is that when it comes to the end-customer side of things then topics of “identity”, “access to services”, “equity” and “fairness” are among the factors which contribute to wider adoption of SSI based systems which enable self-governance of data. At the recently concluded Internet Identity Workshop (IIW31) quite a number of sessions touched on the topic of end customer experience. And even when the theme of the discussion was around use-cases, the customer experience kept coming up in terms of how to invest in that to make it more ubiquitous. There’s a neat summary of this topic at the blog post here.

IIW31 was a virtual event and this makes it somewhat easier to be a participant and contributor. While the in-person experience is certainly fabulous, the costs and logistics of international travel are often a great hindrance towards finding compelling reasons to take that step. At this edition of IIW there have been a lot of good natured nostalgia around “Oh! How lovely it would be when we go back to our usual way for this event” and to be honest that has me being exasperated. In the grand scheme of things, while North America and Europe have jumped ahead of everyone in terms of prototypes, pilots, proof-of-concepts and working deployments, APAC and other regions are slowly taking components and parts of SSI and designing services. For individuals and organizations in APAC to benefit from joshing with counterparts in other nations the virtual meeting workspaces are a good thing to have.

The SSI and Verifiable Credential adoption cycle reminds me a bit about growth and acceptance of Linux based systems for everyday computing. There was a point in time when setting up a new piece of hardware to boot into a Linux distribution was a hit-or-miss. Unless the new hardware was exactly similar to a previous working hardware, it usually meant some compilation-from-source (of drivers, modules, toolchain and other aspects). Over the years as it became progressively easier to deploy Linux based hardware, the focus shifted very organically to the higher layers of the sytem - the applications, services (or what is called ‘the ecosystem’). The work within various Standards Development Organizations (SDOs) and development foundations such as Trust over IP (ToIP) and Decentralized Identity (DIF) provide that reference frame of standardization of working components and interoperability around the topics of data exchange and portability of credentials. The next step is of course the ecosystem.

While the ecosystem work started with a variety of digital wallets as containers for the credentials these are not going to be the only important aspect. The ecosystem will emerge to serve needs to communities and groups who will find compelling reasons to transition over to a more self-governance of personal data and credentials. Regulations will have to be created to enable and support such approaches. However, the forces of disintermediation will be effectively exhibited in the domain specific services which come about eg. fintech, community/public health, education, travel etc being a small sampling of possible verticals.

The natural aspect of scaling for wide adoption is making the technology absolutely boring - functional, invisible and always available. This wondrous capability comes about from an intense focus on the layers contributing to service available being well designed for resilience, uptime, availability and recovery. Like any software there will be known and unknown failures at various parts of a transaction - they key is to have adequate instrumentation to identify the failure and being able to redirect the customer to a safe working path. In the next few years the companies betting on building SSI based services economy will have to focus on the specifics of customer experience of a consumer grade product/service at scale. And while earlier models used a high-touch human intervention method, today we have improvements in the form of assistive technologies eg. chatbots, self-service flows etc which compress the “mean time to recovery (from a failure)”. For always-on systems the metrics of uptime and availability are always signficant. For end users what makes the choice between providers easy is how quickly can they get back to task they were intending to complete.

Where is “identity” in all of this you ask? Depending on the persona you want to be you can either be shown the fullest extent of how a self-governed digital identity enables seamless exchange of data using trust frameworks or, you can perceive a product/service experience that abstracts all of that and presents a highly personalised and easy to use workflow. The path to this measure of experience is going to be difficult - it requires a willingness among vendors to cooperate and collaborate (a form of TSANet if you would). And it requires systems designers and architects to focus on measures of interoperability and sustainable architecture designs using mature product releases. The ‘productization’ of SSI enabled technology stacks are going to walk down the same path as Linux based stacks did - only the timescale will be compressed and the scale of deployment would be exponentially more.