The point isn’t to shame the use of centralised elements like did:web, which are often required to achieve pragmatic outcomes - it’s to advocate for intentionality. Understand the trade-offs, and design your solution to align with the level of decentralisation and trust you need.
🎭 Decentralisation Theatre? 🎭
Saying the quiet part out loud: “We’re so decentralised… but our root of trust? A file on the webserver.”
There’s been a quiet yet widespread acceptance of approaches like did:web and centralised trust lists in decentralised identity.
1/5
On the other hand, if your goals require decentralised key management and trust minimisation, consider alternatives:
⛓️ Ledger-based DID methods that leverage decentralised public infrastructure.
🔑 Self-certifying identifiers that remove reliance on central registries.
4/5
@BentleyVC@sytaylor Yeah it’s cool to see it “working” in a scaled production use case and all, but so many opportunities for bailing out in that flow! 🪂
New Zealand has left the door open to both W3C credentials and ISO mobile drivers license in their Digital Identity Trust Framework rules. Why? Various reasons, but one key reason: PRIVACY!
ISO mdl (18013-5) was just not built with privacy in mind, it does not provide unlikability, and its approved cryptographic methods do not support advanced zero knowledge proof capabilities. So what is a govt agency to do? Leave the door open and allow experimentation with both! (Yes I am talking to you European Commission policy makers for EUDI 😎 ).
Oh by the way, did you also know that the state of California DMV app is doing dual issuance with both ISO mdl and W3C credentials in their wallet? Want to try to guess why? 😉
Source:
https://t.co/vWh09rkUe0 (page 8 of this doc)
It would be amazing if this scared the authorities into regulating private surveillance against all of us, not just government personnel, but hey - even that would be a start!
“Anyone Can Buy Data Tracking US Soldiers and Spies to Nuclear Vaults and Brothels in Germany”
Yet another scandal about the giant RTB data breach (RTB explicitly highlighted in the article)
https://t.co/GevtxKbDqS