This is a solid blog post on the identity crisis #SSI industry itself faces, from @rileyphughes. 👌🏾 (Discussion on that thread is very valuable too, for different perspectives.)

It's a challenge we've been mulling over @cheqd_io as well. Some of my own thoughts below (unordered)
1️⃣ "IDtech" is overly-broad. It covers what we know as "self-sovereign identity", "SSI", or "Web5"...but it *also* covers traditional selfie-scan-check (e.g., Onfido, Jumio), single sign-on (e.g., Auth0, Okta, Microsoft AD).
The concept of "identity providers" or "identity & access management" is *too* strongly entrenched in the minds of this corner of tech industry as relating to authentication + authorisation.

We need a more *precise* term than IDtech to distinguish it from the broad idea of IAM.
I don't think SSI / Verifiable Credentials *supplants* IAAA (acronym alert! thorteaches.com/cissp-iaaa/), it *augments* it. This from actual conversations with clients/architects over many years where they don't really understand why SSI is powerful, until that distinction is made.
2️⃣ "Self-sovereign identity" / "SSI" is a mouthful and too much of an in-crowd term. I like @rileyphughes's points on "reusable" vs "authentic". Similar thread here with @kimdhamilton on alternative terms 👉🏽
The more I think of it, the more I get to the conclusion that a constellation of different-but-related terms will need to replace "SSI", at least outside of the in-crowd.
E.g., I can totally see "self-custodied" perform with the crypto crowd, because they love their "not your keys, not your crypto" mantra.

Unsure whether "self-managed" has the same ring to it for general audience, especially since it doesn't have widely-known mantra like above.
3️⃣ "Verifiable Credentials" are "verifiable" in exactly one sense: that it's cryptographically untampered since the point it was issued (or tamper evident).
Where this breaks down is when the term "verifiable" is used with legal/compliance audience, especially as it often gets mangled to "VERIFIED credentials".

In *their* context, "verifi..." means "the data contained within can be trusted". Not whether it's untampered (but false).
Which is why @cheqd_io we played around with "trusted" data or "authentic" data to distinguish "verifiable cryptographically as untampered" (since the data itself could still be "false") vs "cryptographically verifiable AND you can trust it".
Tbh, I don't think either of those takes is *quite* there yet. "Trusted" performs slightly better than "authentic", IMO. Like @rileyphughes, the problem is that the usage of these terms in English just varies so much based on context! These terms are useful when one wishes to distinguish betwee
And to answer the question "how many terms have you heard 'verified credential' instead of 'verifiable credential'?" Honestly? Too many times than either I or @fraser_again can count, as soon as we step outside SSI. Especially when talking to teams in large enterprises/govt. 🥲
(For context, I've sat on non-technical standards bodes/panels such as Open Identity Exchange, Tech UK, Fintech Panel etc and a lot of bank teams while at R3, and their interpretation of "verified"/"verifiable is completely different, and the mix-up between the two VERY common.)
The reason why, IMO, that distinction between untampered vs data inside can be trusted comes into play is ultimately it's the latter they care about. I also use it as a *reminder* to those teams that assessing verifiable credentials is *exactly* the same as they assess a PDF
...upload, as far as the legal perspective/liability goes. Yes, an SSI VC will speed up some of the steps/checks by rejecting obvious tampering etc but they still need to trust:

a) data in the credential
b) the issuer

...which is where we run into *trust* registries 🤔
...rules that apply, but rather it's the *portability* that's the key characteristic.

E.g.: I've seen in past few weeks, as people are moving Twitter -> Mastodon, that unscrupulous actors are replicating entire Twitter profiles (with posts) on a different Mastodon server
Having said that..."trusted"/"trustable" over-indexes for the definition of those two terms as defined in traditional KYC/ID verification processes.

But there are other use cases, e.g., porting a social media profile from Twitter to Mastodon, where it's not traditional "trust"
Also, a lot of *technical* engineers/architects, especially if they have any IAM background at all, in my experience find it hard to distinguish "verifiable" (checking the envelope) vs "checking what's inside the envelope". Traditional IAM often cares only about the former.
...than the one the original author created. VCs can enable a form of portability, Obviously, there's no legal/regulatory body that can define a "trust registry" for Twitter (unless they get into this game themselves - and why would they?!)
I'm unsure how to frame that example ("this is THE correct Mastodon profile for THIS Twitter user), which I do think VCs will play a role in.

Outside of a regulated industry, what's the term that will land? Is it verified? Trusted/trustable? Portable? (Likely a blend.)
Thanks for this enlightening read @rileyphughes (and other contributors on that blog post) - definitely very thought-provoking! 🤗 (And sorry for reply-spamming - will post it as a Medium comment too later, but I find conversations are much better on Twitter.)
You can read the unrolled version of this thread here: typefully.com/ankurb/u7U5u5C
PS - if some of the tweets in the middle don't make sense, it's because I mangled the order up when re-arranging some of them in @typefully - that's my bad 🙈

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Ankur Banerjee 🆔⚛️

Ankur Banerjee 🆔⚛️ Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @ankurb

Sep 28
Great session on “Identity & the Metaverse” @idnextplatform with Sarah Levassor and Mark Evenblij, chaired by @pulugundla.

A fundamental issue is…whom did you *actually* meet in a metaverse world? Deepfaking in real-time is getting easy, but it’s even easier in VR.
Avatars are easily copied, and they aren’t even necessarily humanoid. So we have to resort to usernames/handles…and those are easily scammed with lookalikes.
The second problem is a lot of online communities often devolve into misbehaviour and harassment. Second Life is a VR platform that’s existed for 10+ years. This…is a story from *2006*.

You can imagine how upsetting this can be in an immersive world 😕

engadget.com/2006-12-20-sec…
Read 10 tweets
Sep 27
Privacy-preserving (and digital identity) tech needs to become a lot more like sex education or drug education campaigns. This thought came to me during #RWOT11 @WebOfTrustInfo

A lot of digital identity and privacy is fear-based, on how Bad Things Can Happen With Your Data.
1/ Many people *don’t* care about zero-knowledge proofs or private and secure identity because…it’s complex and boring (for many audiences). So, preaching that people should Really Care About Tracking doesn’t fly because a lot of people *like* ads.
2/ I do myself. Normally I’m armed with 3 different ad/tracking blockers but if I’m buying something expensive, I’ll turn them off and *browse with intent*, hoping to get a targeted add with discounts. Or add something to a shopping cart, hoping to get an email with a coupon.
Read 14 tweets
Sep 19
Genuinely loved this event with @AnimoSolutions on Aries Framework JavaScript with AnonCreds anchored on @cheqd_io.

I still remember the moment I first saw demo.animo.id and immediately shared it around our team because it’s the simplest, hands-on SSI demo I’ve seen 🤌🏾
You can try out this demo yourself on cheqd-demo.animo.id. This is the culmination of a LOT of work to extend the types of credentials @cheqd_io supports beyond just JWT Verifiable Credentials (which we built on @veramolabs) to *also* have ledger-agnostic AnonCreds. ImageImageImageImage
And I *loved* the reveal to the audience of my own avatar in the demo 😎 ImageImageImageImage
Read 7 tweets
Sep 3
This is a *really* good thread rounding up #Web3 identity and privacy tech companies. Wanted to throw in a few more on the list that IMO deserve a mention...

@AnonyomeLabs, which is working on a wide-ranging super-toolkit that covers phone, email, passwords, credentials
@Avast, one of the world's largest cybersecurity companies that now owns @evernym and @SecureKey (and is likely to be a powerhouse in wide-ranging existing user base)
@darrello from Continuum Loop (no Twitter?) for niche consulting and expertise in digital identity
Read 15 tweets
Sep 2
There’s multiple things to slice-and-dice here…

By default, a lot of CeFi (and as seen with @dYdX, some DeFi protocols) default to “traditional KYC” because, let’s be honest, the developer experience to integrate a check from Onfido etc is far easier and well understood.
However, the *user* experience of traditional “selfie-scan-check” KYC is universally bad.

Nobody wakes up and is excited about “Ahhhhh, today’s the day I’ll go through another KYC process 🌞”
And so almost inevitably, the DeFi space “hates KYC” because this is precisely the kind of broken process that they dislike from TradFi.

The sad thing is that KYC isn’t even very effective at preventing behaviour like money laundering etc (from @sytaylor sytaylor.substack.com/p/fintech-food…)
Read 8 tweets
Jul 27
🚨 We built a network-wide validator status monitoring tool for @Cosmos SDK chains that can monitor for validators that have missed too many blocks, and are likely to get jailed.

Check out the code on @cheqd_io's GitHub 👉 github.com/cheqd/validato…

Here's how we went about it...
1. To provide some context here: proof-of-stake blockchains like @cosmos use a self-reinforcing mechanism to ensure nodes maintain good uptime.

You can see this on our block explorer: explorer.cheqd.io/validators
2. We decided to build this because a few node operators have been jailed in the past for missing too many blocks. As a reminder, validators on Cosmos SDK networks get slashed if they miss too many blocks within a defined window. learn.cheqd.io/overview/intro…
Read 9 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(