top of page
jshamah

There is Nothing New Under the Sun – It’s Just Distributed!

For some time now, I have had the feeling in the back of my mind that I am living Ground-Hog Day with SSI and Digital Wallets.


Just imagine the traditional loan application from over a decade ago, where the process involved many different participants signing documents in a particular sequence, with the outcome being, say, a bank loan. Even then completion was often fully digitally.


So what has changed?

SSI potentially opens the process for use by anyone with anyone! A distributed application could let the user build their own workflow if they wished. More likely though, SMEs could set up a sequence of transactions with multiple components using pre-designed process templates. Take for example the well-trodden use-case of getting a new job and moving abroad. Its described well here. It is much more complex than the loan example mentioned above. Importantly the workflow is now distributed with differing outcomes for the various relying parties in the process. Additionally, it need not just be digitally signed documents, but you can be demonstrating assertions by third parties as well, all of which can be verifiable.


Consider SSI as one or two evolutionary steps forward past workflow.

There are really big opportunities that can be realised too! While some may revel in the ability to set up and build personal workflows for their interactions, most people and companies just want outcomes. Look at the market for pre-designed PowerPoint templates. There are lots of companies offering templates, and even AI generated presentations based on your company activities and what your intentions are. The same with schemas for individual interactions. There could be a whole marketplace evolving to build custom one-off dAPPS for SMEs, etc etc.


The easier for the end-user, the more usage dAPPS will have. Once banks and payment providers wake up to the opportunities, then both on-line and face-to-face transactions will benefit. Imagine buying an airline ticket, and supplying all the travel documentation needed, easily and completely from your phone at one time, including applying for a long term visitor’s visa.


Let’s look at Verifiable Credentials:

So a trip down Memory Lane the other day caused me to think of a delightful period in my life working for a start-up called CORESTREET. Boston-based, it focussed on providing resilient OCSP (Online Certificate Status Protocol) which could also be used offline. Primarily for use in First Responder and military applications it was designed to provide validation for PKI certificates used in the US Federal PIV identity cards. Why do I mention them?


Well, the concept (which was put into use with over 1.5 million federal certificates was interesting to say the least. In order to verify (validate) a PKI certificate, you should either refer to a Certificate Revocation List (CRL) or an Online Certificate Status Protocol (OCSP) response. The older CRL was a list of all the revoked certificates. It was this negative statement: “This certificate is not revoked”, to keep the size of the file small. The file was distributed to several servers globally. It was quite large (>1GB in those days). The alternate and newer OCSP was just a response back to a query: “Yes this certificate is valid”, or “No, this certificate is not valid”. This was faster and used less bandwidth than CRLs BUT you had to be online. From a privacy point of view it could be auditable, so not so good in most cases. However, this was actually an advantage in the federal PIV case where privacy was not an issue. The online issue was a real problem for resilience and other ’tactical’ reasons.


So CORESTREET created miniCRLs and miniOCSP which were really small. These were like miniature signed tokens and were carried alongside the certificate. They had a pre-determined, short shelf life. In essence. When using the certificate, the software redirected the validation request to the token locally.


Admittedly the tokens needed to be updated regularly (as per the policy of the PKI) but this co-incided with online availability and with some additional innovative distribution mechanisms.


Does miniOCSP sound a little like what we are doing now with digital wallets and Verifiable Credentials? I think so. It may be even more flexible!


Last time I looked, the CORESTREET Validation Suite was available from HID Global.


There are lots of great ideas in the past which just did not succeed because one element was not mature enough. We should revisit the concepts every so often!


Comments


bottom of page