The purpose of this blog post is to argue that, instead of expanding controls and imposing unnecessary restrictions on interactions outside their locus of control, single identity system providers should prioritize feeding outputs into identity metasystems to use as trust decision inputs, and allowing these entities operating in metasystems to define their own policies. This is the key to achieving widespread digital trust.
Identity System Outputs and Metasystems
The world is made up of various unique and intricate ecosystems, each with its own context that can be challenging to comprehend, both from an outsider’s perspective and even for those within an ecosystem. Does a goldfish know they’re in water until they’re not?
Understanding the context within an ecosystem can be complicated.
In a recent podcast episode I recorded with Tim Bouma, we discussed how understanding different contexts within an ecosystem can be daunting. Additionally, ecosystems on their own may have dependencies on other ecosystems, which further contributes to the complexity of it all.
Although in recent years, the usage of the term ecosystem has evolved to include groups of people, organizations and other systems, the term ecosystem was originally coined to describe the interconnected systems of nature, such as the complex web of relationships within a forest ecosystem, which is further divided into sub-ecosystems or subsystems. They naturally develop on their own without any restrictions, as the image in this post tries to convey.
In my backyard, there is a maple tree that annually produces and disperses samaras, also known as “helicopter seeds”. These samaras serve as inputs for various ecological communities, including the soil microbiome, plant communities, and insect populations. The maple tree functions as a self-organizing system, managing its own resources and interacting with other entities in adjacent ecosystems through the dispersal of its seeds.
Just like my maple tree, an identity system is its own self-organizing system with its own boundaries, but it is not a metasystem.
A metasystem can be thought of as a higher-level system that is built on top of other systems. It is a system of systems that can provide consistency and interoperability between multiple systems, creating a more cohesive whole.
One of the key advantages of a metasystem is that it promotes network effects. By providing a shared infrastructure, a metasystem can be leveraged to serve many different purposes, allowing for more efficient use of resources and increased interoperability between different systems. This can lead to greater adoption of the metasystem, which in turn can increase its value to all participants.
So evidently, an identity metasystem is a grouping of identity systems interacting with each other. They follow a common set of standards, conventions and protocols to increase value to all participants involved. As the above image displays, it’s the interactions that happen outside of single identity systems and within the metasystems which are most valuable.
If we can distinguish Identity Systems from Identity Metasystems, it creates a better framing for discussions around the roles of governments, private sector and wallet technology providers within the pursuit of widespread digital trust.
It’s important to recognize that single identity systems can play a critical role in building trust, but they are only one piece of a larger puzzle when it comes to addressing the complex challenges of digital interactions.
In a podcast I did with Phil Windley in 2021, we discussed the difference between identity systems and identity metasystems. While preparing for another podcast with Phil (soon to be released), I revisited our previous conversation where he explained how a government’s driver’s licence management division found itself operating its own identity system. They were able to set the requirements and design policies that would lead to a driver’s licence output. Although not necessarily wanting to be in the identity business, the driver’s licence authority was able to leverage international norms, driving safety considerations, and data privacy regulations to build the system properly. In this case, it’s important to note that the driver’s licence system is not a metasystem – the driver’s licence document itself represents an output from a single identity system, which in turn becomes an input for a broader metasystem. The metasystem in this case can be the idea that people can carry cards with their pictures on them for authentication purposes wherever they wish, and the data in these cards is trusted or not based on the holder’s presentation of them. The point to consider is that there exists a metasystem of cards and their presentation, and the reason why we trust some and not others is because of the specific system that designs the policies for the issuance of these cards.
The complexity of the situation underscores the fact that there is no single identity system that can solve all the complex problems we encounter in our increasingly digital lives. As noted by Kim Cameron in his Fifth Law (‘Pluralism of Operators and Technologies’) within his Laws of Identity paper, a variety of operators and technologies are necessary for identity systems to function effectively.
Identity systems cannot exist in complete isolation from one another, rather they must be able to work together in a cohesive manner, much like ecosystems. This means that each identity system must be able to ingest inputs and provide outputs that other systems can consume. Just as my maple tree ingests sun and rain (inputs) from other systems outside of its control and, in turn, creates leaves and buds (outputs) for systems outside of its boundaries. My tree couldn’t thrive on its own – the same is true with identity systems.
If, as an identity system provider, you aim to create a closed and tightly managed ecosystem that doesn’t provide any output for other systems to use as support for making trust decisions, then you won’t be contributing to the attainment of widespread digital trust.
Your identity system is a single, distinct system where you exercise control. It is where you can use policies derived from various legal, business, or technology-driven considerations to create interactions between yourself and your citizens, employees, or customers. In your identity system, you can set the rules. Similarly, the entity you interact with, such as your customers, employees, or citizens, can also set the rules on how they wish to interact with you. With wallets and digital verifiable credentials, we can even look at them as running their own identity system.
In reality, no one operates their whole lives within a single identity system. The world functions using a variety of different identity systems.
Avoiding Restrictions At All Costs
If we aim to create digital trust on a broader scale outside of one simple digital identity system or ecosystem we need to consider how to design infrastructure that provides greater control for all participants while still maintaining an appropriate level of privacy, authenticity, confidentiality, security and suitable levels of trust for participants involved.
Rather than imposing restrictions outside of your identity system’s boundaries, you can think of offering your governance as inputs for other systems to use or not to use. When you begin to impose restrictions beyond your area of control, you end up creating a centralized identity system, rather than being a contributor in a metasystem. As history has shown, such systems have not been successful in achieving widespread adoption.
In a blog post of his, Doc Searls discussed the comparison between wallets and web browsers, and while there are some similarities, there are also significant differences that make them not entirely comparable.
[…] browsers are a bad model for the wallets we need. That’s because we need wallets to be ours and private, and browsers are neither. […] users, and not independent actors able to operate at full agency.”
With an understanding that browsers and wallets are like comparing apples to oranges, we can learn from how web browsers allow us to interact with servers and access information from them. Browsers act as open explorers, enabling users to visualize and extract information from servers while implementing security and authentication methods to offer more assurance to the requester that the server they’re interacting with is safe and that they’ve established a secure connection, such as through the use of SSL certificates. Browsers put mechanisms in place to protect consumers from unsafe connections, but they don’t necessarily prevent them from interacting with servers that may not have the level of trust that the browser deems safe. Instead, browsers give a warning, asking users to confirm if they wish to proceed, which helps to protect consumers by giving them an input to help them make a decision. This approach doesn’t impede their control or sovereignty over accessing information from the servers they choose to interact with; rather, it provides them with inputs and not restrictions.
If we take inspiration from how browsers give consumers a notice of possible security concerns, we can apply the same thinking to consumer-controlled digital wallets. With the main difference being that the consumer owns the wallet, unlike the browser. This means that consumers now have the ability to select, or subscribe to, the types of notices they would like to see from whom. Certain wallets could help consumers by preselecting packages of notices, but the consumer will have the ultimate control to turn them on or off, and to take their advice or not.
“Is a verifier trusted enough for a citizen of mine to share a government-issued credential with?”
“How do we verify issuers and verifiers?”
The above are types of questions that I’ve been hearing more lately as conversations around self-sovereign identity ecosystem governance have been on many people’s minds. We all want to protect citizens/consumers, but at what expense?
If issuers and verifiers are required to register on a list to interact with a wallet, we are extending the control boundaries of identity systems and creating larger centralized systems that impact individual sovereignty. The maintainer(s) of the lists are third parties who shouldn’t be involved in the interactions between two sovereign entities.
It’s one thing for these third parties to provide governance outputs as value adds into supporting systems that could be consumed by entities within a metasystem, but not applying restrictions or controls over others’ interactions.
Ecosystems are complex, and it’s challenging to understand them alone, let alone with their interdependencies and complexities. Therefore, to protect citizens and consumers, it’s crucial that we view governance elements as inputs for others, and not restrictions. The Trust over IP Trust Registry Task Force is actively discussing these topics to ensure that both parties involved in an interaction or transaction can decide what inputs they require according to their policies to make their trust decisions.
We must also keep in mind that personal information won’t only be shared through self-sovereign identity wallets. If we begin restricting certain types of credential exchanges based on governance, we must question whether we are truly promoting an open and decentralized identity system and making it simpler for end-users to transact using these products.
Identity metasystems have several benefits. They promote self-regulation and prevent the unnecessary proliferation of new identity systems, while also facilitating the monetization of outputs, which can be beneficial for existing identity systems.
Enforcing policies by a third party not involved in the transaction is not appropriate. Instead, we should focus on providing consumers and the private market with more available inputs rather than restrictive decisions. Enforcing restrictive governance on wallets and identity systems is unlikely to lead to network effects that can effectively address the current widespread digital trust issues.