Listen to this Episode about Building Digital Trust Ecosystems on Spotify
The Virality of Self-Sovereign Identity
Mathieu: I wanted to start with a quote, Riley, from the movie Inception: from Leonardo DiCaprio’s character, Cobb. I’ve seen this quote in an article that you’ve written before, and the quote goes like this: “What is the most resilient parasite? Is it bacteria? A virus? An intestinal worm? An idea. Resilient, highly contagious. Once an idea has taken hold of the brain, it’s almost impossible to eradicate.”
You had used this quote to refer to Self-sovereign Identity, or when you started thinking about ‘digital trust’ for the first time some years ago. Would you mind giving a background of how this has taken over your brain, and your life, and effectively, the mission behind Trinsic today?
Riley: Yes, that’s an awesome quote — I’m glad that you brought that back up. The first time I was exposed to Self-sovereign Identity and this concept of decentralized identity was when I interviewed for a job at the Sovrin Foundation when it was looking to hire its first employee. My interview was with somebody named Steve Fulling, as well as Phil Windley. Phil Windley is the founder of the Internet Identity Workshop, and he was the chair of the board of Sovrin. He’s quite a ‘guru,’ and he was very good at conveying the vision and what we were trying to accomplish. I went in for a regular job interview, and it went well, but after I left the interview, I looked everywhere around me, and all I could see were digital credentials or the lack thereof. It was as if, once I saw the way the world could operate. I’ve never been able to go about life normally again. Even small daily things; one time, UPS was shipping me a package, and I wanted to pick it up at the distribution center, but I couldn’t prove that it was actually me who bought the package. Or another example: I used to work in the solar industry, collecting people’s electricity data so that we could build them a solar panel estimate. Things like that: everyday activities that you don’t normally hear about, such as KYC (Know Your Customer), or health credentials, or the prime SSI use cases.
The reason I love that quote is that digital credentials and verifiable data can not only impact the use cases that everybody tends to think about when they think about SSI, but they could permeate our whole lives and streamline everything we do. I think that was evidenced throughout my time in this space. It seems as if people who get into Self-sovereign Identity, can’t get out. Even people that I worked with at the Sovrin Foundation; while we were there, we never ever had any attrition of employees, even though the Sovrin Foundation was a hard place to be because of funding challenges. Ultimately, those funding challenges resulted in people losing their jobs at one point, but even throughout all that, nobody ever left. We’ve seen the same thing at Trinsic: nobody’s ever left, unless they’re an intern, or someone moving on to their next project.
Mathieu, maybe you could speak to this, but I remember when Northern Block came into this space. You weren’t focused solely on Self-sovereign Identity, but it seems like you’ve leaned into this subject. I think that’s characteristic of what I’ve seen over and over and over; once this concept infects your brain, you really can’t help but go all in. I think that’s a characteristic of really promising movements: Once you see it, you can’t unsee it. In my opinion, it’s inevitable that the world is going to go in this direction.
Mathieu: Yes, it’s a similar mindset. The feelings that you had towards SSI or digital trust, or Trust over IP, however, we call it; I had a similar feeling some years before when I got into crypto, and blockchain, and decentralized technology as a whole. Having worked on many software projects that utilize some type of decentralized or distributed computing technology, the property of verifiability that comes with these verifiable credentials is something that, for me at least, was missing in the decentralized stack that we were playing with. It was cool that we were building distributed or decentralized protocols; we touched it all for you-name-the-use-case. But, it was missing the core property of verifiability. Many people were trying to use technologies like distributed ledgers or blockchains to solve every problem in the world. Still, when it came down to lack of trust in transactions, caused by issues with the verifiability of data, it was as if a light went off there.
As you started working at the Sovrin Foundation, I’m assuming you got more and more excited about that. What are the types of things that you did at the Sovrin Foundation in the early days?
Early Days with the Sovrin Foundation
Riley: Yes, definitely; Sovrin was a very cool place to be. First of all, from a personal development standpoint; as the first employee, there was a lot to do, and I wore a lot of hats when I first joined. I think the other cool thing about it was that, at the time, it was very early; I don’t even remember whether the Decentralized Identity Foundation was established yet; it may have been. The Trust over IP Foundation was definitely not established, and so Sovrin was the most established place to go. If you were interested in this space, it was the destination.
My first major undertaking at the Sovrin Foundation was to establish the Sovrin Steward program, which is the program that the Sovrin Foundation runs to get organizations to operate nodes on the Sovrin network. Part of the governance of Sovrin is that the nodes are permissioned, but the read-and-write access was thought to be, ideally and eventually, totally public. Although the consensus protocol on the blockchain was done in a permissioned fashion, everything else would be public. Part of establishing the governance over the permissioning of the nodes that operated consensus on the network, was essentially establishing a standardized process through open governance. This would allow new stewards to join the network, add a node, and participate in consensus. That whole initial process was my first major project.
The first step in that process is usually to have a call with somebody who works at the Sovrin Foundation, or somebody on the committee would call the steward qualification committee. Originally, all of that was done by me. Eventually, it became much more decentralized, with different volunteers from around the world who are doing that, and it’s still being done today. But initially, it was all me. Following on to what I was saying about Sovrin being the first destination for organizations who wanted to get involved with decentralized identity, I had so many calls. My whole day would be filled with conversations with people who were interested in applying this new technology to some business problem that they had. Because of that, I got to hear, from the very beginning, about all sorts of business problems, and all sorts of industries to which people were trying to apply Self-sovereign Identity. Essentially, I was able to absorb all those learnings, in a way that I think was unique. I don’t know if I would have been able to have that opportunity anywhere else in the world at that time.
Mathieu: We can see this happening over and over again, where you see areas that foster technology startups, like Silicon Valley. They all leverage each other. In these really condensed environments, with people working in the same direction, you seem to see an ecosystem take shape. Different companies and different people can leverage each other’s skillsets for something specific.
Many of our companies today have a more global footprint, and we’re able to work with people throughout the world. Still, it’s quite crazy to look at Utah (where Trinsic is based) and to review the Sovrin Foundation coming out of Utah, all the SSI companies coming up there, all the Fintech companies coming out of there; it’s absolutely crazy. It feels as if there’s entrepreneurship in the mountain water that everyone’s drinking down there.
Riley: Yes, that’s absolutely true. I think that part of that is that, as I mentioned, once people see it, they can’t unsee it; people stay in the Self-sovereign Identity space, even if they leave their roles. If you look at all the people who were laid off from the Sovrin Foundation, I’m trying to think on the spot here, if anyone did something like leaving the space entirely: Nathan George went to Kiva. Ken Ebert and others based here in Utah started Indicio.Tech, along with Heather Dahl, who’s based out of DC. Evernym has a presence here in Utah, and people who’ve left Evernym have gone on to start things or integrate SSI into their own applications. Mike Lotter started a company called TrustFrame that’s based here in Utah. Of course, I came from that ecosystem and started Trinsic. So, I’m telling you that people can’t leave once they see this — it’s such an opportunity with such an open ocean. It makes sense that a lot of the initial ecosystem was built here, and that ecosystem continues to grow, and it’s very cool to see.
Mathieu: I agree; I honestly can’t imagine doing anything else once you’ve experienced this, and you understand how verifiable credentials could really work. I think it’s interesting because there are so many opportunities to use verifiable credentials to turn paper-based processes into better processes, and also, to turn digitized processes into digitally valuable processes, as well.
It’s one thing to say that I’m digitizing a paper document, but being able to actually have verifiability and authenticity behind it, and being able to leverage the data further on, in whatever customer journey or whatever you’re trying to do, is very exciting. So, yes, I’d have to echo your comments earlier in the discussion. Once you get lost in the topic: in your day-to-day activity, you’re looking at things, and you’re thinking, “Oh my god, there are so many opportunities to use this stuff to create a better world for ourselves.”
What is the Business Value of SSI?
Riley: Yes. You spoke to a lot of business value that can be unlocked through decentralized identity; I’m sure we’ll get more into that because that’s something that I’ve been obsessed with for the last four years. Before we leave the topic, and to add to your comment there; I think one of the main reasons that people stay in the space is not only for the big business opportunity. It’s also the fact that I truly believe (and I think that most everyone else in this space truly believes) that Self-sovereign Identity is going to create a better world for people. It’s going to make basic services, that people need but they can’t currently access, accessible, and it’s going to change the power balance in the world to favour people, more than it currently is.
I can’t see the future, but I do know that giving individual people more privacy, and more control and transparency into the way their data is used and managed are a big part of why people stay in this space. We can have all sorts of philosophical discussions about Self-sovereign Identity. I know that for me, I would not be nearly as passionate about Self-sovereign Identity, if it was just about automating business processes, and making paper-based workflows more efficient. Although, those are very good objectives: that’s where a lot of the money is to be made today.
I think that in the long run, what we’re really trying to do, is we’re trying to create a digital economy that works for people and for the world. We’re trying to create trust over the internet protocol — Trust over IP. We’re trying to create digital tools and digital ways for people to establish trust and get access to the things that they need and the things that they’re entitled to. I certainly wouldn’t be nearly as passionate and work nearly as hard for this movement, and I don’t think nearly as many people would stay in the space if it were only about the business value of what SSI can unlock.
Mathieu: I’ve gotten emails from you at six in the morning Eastern time, and I know you’re a couple of hours behind. So, I definitely know that you’re grinding away at this stuff because you truly believe in it. It’s quite similar to the vision that many people have — generally those in Web 3.0 or who are focused on decentralized technology. They have a vision for a digital economy with greater balance, more transparency, more traceability, and more value for people who are actually injecting value into the system.
To close on the Sovrin topic: I think Sovrin is amazing. I spend a fair amount of time in the Trust over IP Foundation, more particularly today in the utility foundry working group. It’s incredible how much of a step forward Sovrin has made for everyone, because everyone trying to set up a public utility today is looking to Sovrin as a model: Sovrin is effectively shaping how the space is growing today.
You left Sovrin to found a startup called Street Cred at that time; would you mind talking through the early days, and the transition out of there? Was this your first startup?
SSI Toolkits for Developers
Riley: It was my first real startup. I’ve always been entrepreneurial since I was a little kid, and in fact, I started a business when I was 14. At that time, I manufactured aftermarket freestyle Razor scooter components and sold them to e-commerce stores and physical locations in the USA, and also in Australia because that’s a big sport down there. I did that throughout high school, which paid for college, so that was fun. This is my first tech startup. I would say it’s my ‘real’ startup, in the sense that it’s a startup whose goal is not to sustain my own living, but it’s a startup whose aim is to make a meaningful impact on the world, and create an organization that is significant and enduring. I’m happy to talk about the transition there. For me, Mathieu, and this might sound dumb or cliché or whatever, but it really didn’t feel like a transition; it felt as if I was doing the same thing. While I was at Sovrin, I was totally obsessed with the idea of building adoption of Self-sovereign Identity. I could see the future; as I said, I was walking around, and I would walk into a restaurant, and I would walk into my university (because I was a student at the time). Everywhere I went, I saw what the world could be, and I couldn’t handle living in this world, when I knew it could be so much better, but not doing anything about it.
While I was at Sovrin, I was the staff lead over governance, for example. Drummond Reed from Evernym deserves so much credit for all of the work he’s done on governance over the years, as well as at Sovrin. He was an employee of Evernym, and I was the Sovrin staff employee who was working right alongside him and others on governance. The whole point there was, “How do we make SSI more adoptable?” I did a lot of work on the Sovrin Tokenomics — that was my other big project at Sovrin; Token was a big conversation at the time, and I was effectively the lead of the Tokenomics work at Sovrin. That work was focused on, “How do we potentially use a cryptocurrency to facilitate, or a utility token to facilitate adoption of verifiable credentials?” And, “How can we provide incentive mechanisms to drive that adoption?” This went all the way to starting the SSI incubator, which was an idea that I had from the beginning. The SSI incubator idea revolved around helping startups who were going to move fast, and build use cases for different industries, get funding and support that they needed to deploy this stuff.
Everything I was doing at Sovrin was about trying to crack the code of adoption. The other piece is the business of SSI working group, which I started and led for some time. Some good work was done there, as well, and so all of my work at Sovrin was around getting adoption. The story of how Trinsic got started (or, at the time, it was StreetCred) was that it was another continuation of what I was already doing. I was talking to people, and saying, “Why aren’t you going to production with your SSI solutions? What’s holding you back, and what do we need to do, to make it so that nothing’s holding you back?” I heard over, and over, and over, that the tools were not there, that there were no products that could do what needed to be done; the technology wasn’t mature enough, the technology wasn’t quite there, the technology was too hard to use, or hard to integrate into existing applications. For a long time, my answer was, “Okay, well, the private sector or whatever, the marketplace will solve that problem. That’s not Sovrin’s role.” That’s true, and so I really eventually thought, “Okay, I’ve done all my stuff I need to do here at the Sovrin Foundation, and now I need to try to make it easy for people.”
I needed to work on this other piece, which involves productizing SSI in a way, specifically, that developers could easily integrate into their applications; whether they be existing applications that are serving existing markets, or building new verticals and new use cases on top of Self-sovereign Identity, for whatever business problem that they’re solving. So, I got together with Tomislav Markowski, who wrote the first Aries framework for mobile, and then also Michael Boyd, who wrote the first Indy agent in Python, along with the rest of the working group at the time. These were two of the founding engineers, or code producers, in the Hyperledger Aries project. I said, “Guys, let’s get together, and let’s make something that makes it really easy for developers to integrate SSI into any application. Let’s try to make it as simple as Stripe made payments, or as simple as Twilio made communications, or as simple as name-your-API-based, developer-focused company made whatever thing easier. That’s what we did.
When I transitioned into doing StreetCred, it felt more like it was my next step in making SSI easier to adopt. Last Monday, we announced Trinsic Ecosystems, which is our new product. It’s a productized way to build trust ecosystems. This is the same next step in that same journey to make SSI adoptable and easy to use, and to successfully get digital wallets in the hands of people that have credentials, who are using them for useful purposes. That’s the summary.
Mathieu: Yes. I was going to hop forward, because, in the meantime, you guys have been the go-to for developer tools; that’s how we met each other. We had developers looking at the stuff, and the contributions were coming from your team. You pushed the bar forward there, and made it easy for a lot of people to start implementing Self-sovereign Identity. Now, we’ve developed these tools for developers to do basic functions, such as making connections, and exchange credentials, and do verifications, and so forth. That’s the space that we are looking at, as a company. There needs to be a provider, or someone that’s going to create an ecosystem; create the rules, and create the governance. We could talk about community-driven initiatives, such as when you mentioned Tokenomics before; there’s a discussion there to be had.
If we take a step back, and we look at how to enable organizations or companies to successfully offer the benefits of Self-sovereign Identity to their customers, and to their employees: how do you reap the benefits from less friction, more privacy? The list goes on and on; you need to have someone kick-starting the ecosystem. Was that the same realization for you guys? And, what did you feel was necessary to make this easy for an ecosystem provider to really get going?
Focusing on Self-Sovereign Identity (SSI) Ecosystems
Riley: Yes, we had that same journey as well. However, I think that for us, it was more around the fact that we have this developer platform, and we have this API product that’s being used by hundreds of organizations. At its core, it was an exercise of looking at the current state of our product and its growth, and the different segments. Some people are using verifiable credentials for authentication, others are using them for sharing and building these ecosystems, others are using credentials in a contained and closed ecosystem, and still others are open ecosystems. There are various different use cases for credentials, of course. Looking at our own data that we’d collected and thinking, “Where are credentials getting adoption?” That’s been the number one thing since day one, and it still is.
It’s going to be the main priority all the way until we’ve got a network effect established for verifiable credentials that is so strong, that nothing’s ever going to topple it. That’s going to be the thing that we’re constantly thinking about: adoption. Looking at the data that we had, credentials are getting adoption most — it’s the best use case today. The best way to get credentials into the world with real adoption has been in these ecosystems; it’s when people come to our platform, pick up the product, and use it to build an ecosystem — that’s where the best adoption has been. So, I would say that the Trinsic Ecosystems product was about talking to our customers who’d already created ecosystems, building things for them that help to solve their problems and help make it easier for them to build ecosystems, and then trying to generalize that. If we say, “Okay. These five companies need a trust registry,” for example: at a high level, it’s a list of issuers who are authorized to issue certain types of credentials. If these five customers need this, is this something that can be generalized to more use cases? Something I think that we’ve been very intentional about at Trinsic, is talking to the people who are actually implementing and deploying this stuff in production. Basically, Trinsic Ecosystems is our way of productizing all of those things that everybody needs if they want to deploy a credential ecosystem. At least, the general pieces that people need, so that they can configure an ecosystem and then deploy it out to their network that they’re trying to affect.
Mathieu: I love the vision. There are a lot of similarities for me, coming from a crypto/blockchain space, where people were trying to reinvent the world in so many different ways. That’s a separate conversation. Ecosystems exist today all over the place. I think that many people, when they approach something new with a new technology, they’re trying to create this new way of doing something, when things aren’t necessarily done that way. That’s not the easiest way to get people bought into doing something new.
If I have a business case for credentials —there are a hundred of them —it could be to reduce costs, or reduce fraud, or lower my compliance costs, or reduce friction. Whatever it is, you need an easy way for an organization or an entity that’s already trying to make their ecosystem a credentials-based ecosystem, to really get it going and get its existing governance, rule sets, and relationships into this new model. I think what you guys are doing there is good, and it makes it a lot easier for people to start using the stuff without throwing out what they’ve already done.
Riley: I think that, as you said, there are already ecosystems out there. Taking a step back again to the meta-topic of adoption; the other thing to keep in mind is that I’ve never talked to anybody in my life who has questioned the value of SSI, if we assume that there is widespread adoption already. The question is always, “How do you get to that point? How do you bootstrap the network effect?” It’s not always a great user experience to ask your customer to download a wallet, but if they already have a wallet, and already have credentials in it, then it’s an awesome user experience for them to streamline the access process through SSI. That’s just one example out of many that I could give.
I think that the ecosystem approach is a very pragmatic way for organizations to do something using verifiable credentials, that is uniquely valuable today. It’s something that they can do today, that’ll add value in a way that nothing else on Planet Earth can match. Of course, there are some caveats or dependencies there, perhaps, if you want to argue it. However, I think that what verifiable credentials are fundamentally good at, is portable data and verifiable data. When you have an ecosystem, verifiable credentials can be very costly and cumbersome, and not scalable when it comes to sharing data in these ecosystems. So, I think it’s an excellent way to give organizations something that they can do today, that will add value, reduce costs, and increase revenues and whatever else they want to accomplish. At the same time, they’re also keeping the door open for that eventual future, where verifiable credentials will be ubiquitous and where we will get to the more decentralized interactions that we all hope to see in the future.
Mathieu: Do you have concerns with the term ‘Self-sovereign Identity’ when talking to a prospect? When people are so used to doing something today, maybe self-sovereign sounds too out there, or people may have mixed feelings about it. The term Self-sovereign Identity addresses the ‘self-sovereign’ aspect, but the identity aspect is maybe not necessarily everything that it encompasses, as well. I know you have written a very good blog post, called: “SSI has an identity problem.”
Did you front-load Self-sovereign Identity in conversations? How do you look at that?
Riley: No, I don’t front-load it.; it depends on who I’m talking to. You always want to gauge your audience, so when I’m talking to you, Mathieu, I use the term Self-sovereign Identity or SSI. I’m assuming many of the listeners here are familiar with the concept, because of your other podcasts and things like that, but you’ve got to gauge your audience. One of the things that I talked about, either in that blog post or in another one I did about SSI adoption and the current state of adoption, is: “don’t talk past your prospect or your buyer or your whatever.”
Make sure you’re using language that’s shared. One of the challenges with any new technology is there’s no shared vocabulary. Having a shared vocabulary is the easiest way to communicate something; since we both know what a newspaper is, I can simply say the word “newspaper,” and there’s a great deal of context that we both have of shared knowledge. We can use that one word, instead of describing what it is in a bunch of words and sentences. I could try to do that here, but I’m not going to take the time to do that. I think you can see the point with SSI, right? When you already have all the context, I can say that acronym and you get a bunch of knowledge. Whereas, if you don’t already have that context, you’ve got to use a bunch of words to try to fill in that context. One thing that Timothy Ruff and I have talked about for years; we’ve been looking for a way to convey all of that context in as simple a way as possible, and, if possible, in only a few words, or one sentence. We’ve gotten close in various ways, but we haven’t gotten all the way there.
So, generally speaking, when talking to a prospect, it is all about the use case and the business value, and it is not at all about the way to get there or the implementation path. For example, if somebody wants to do COVID test results, and all they want is the ability to know that the COVID test was actually done by a legitimate lab. Necessarily, they want to know that; that’s their business problem. I think the way to do that successfully is if we discuss it in terms of the business problem and with the context and words that they’re familiar with.
As you said, I wrote a blog about all of the different names that people have tried to use for SSI over the years. There’s a new proposal, that’s not in that blog post. Maybe I’ll make an edit or update to that blog post about the term ‘authentic data,’ which I like, but again every name has its own trade-offs. I would say, generally, do I have problems with the term SSI? Yes. Do I think SSI is the most widely used, and is still the best term to convey all of that context? Yes. However, do I use it frequently with people who are unfamiliar, or with potential prospects? No.
Mathieu: It’s all about solving a business problem today for organizations. KYC is a good example. For regulatory reasons, you need to collect and verify certain information about a prospective customer before offering them financial services or whatever. My feeling is that the world of technology solution providers that are selling into these companies today, is very one-transactional.
Of course, in the financial world, every time you’re making a payment or conducting a transaction, there’s monitoring, there’s stuff that goes on for various policies such as anti-money laundering. However, much of the business value that people seem to be looking to get out of credentials, is that level of verifiability. I’m curious as to how you look at this, too. Is it more interesting to be talking about user-centricity, and consent-driven decisions, and privacy and better security?
Again, it depends on who you’re talking to. If you’re talking to someone that understands Self-sovereign Identity, then then you could talk broader than that. But, talking about these core values or aspects of Self-sovereign Identity might make it easier to get in the door, get credentials used within their respective ecosystem, and then slowly start talking about more exploration. In other words, “Now that we’ve done this thing; by the way, there’s a lot more upside that can be achieved through the reusability and portability of these things.”
Is my thought process similar to how you engage with prospects?
Riley: Yes. The other thing that I’ll say is: what you and I, Mathieu, are selling (for lack of a better term) is SSI. We’re selling decentralized identity; we’re selling the ability for companies to implement this stuff. But, what all of our customers are selling, is some specific use case or business problem. So, I think that the things I say in a conversation with a prospect will be different than the things that I think our customer will say.
Let’s take ‘Farmer Connect,’ for example: Farmer Connect has built a very awesome traceability solution, where you can scan a QR code on your coffee beans, and it resolves all the way back through the supply chain to an individual farmer who has a Self-sovereign Identity. That farmer can choose what data or information from all their verifiable credentials they want to share with the end consumer of the coffee beans that they grew. Then, the consumer can sort of ‘tip’ the farmer that grew the coffee beans, and it’s a very cool use case that implements SSI. Farmer Connect is not selling SSI to their ecosystem, right? They’re selling transparency, and they’re selling sustainability, and they’re selling a specific thing.
Whereas, somebody like Trinsic: we don’t build specific products, we work with companies who are building specific vertically-focused products. We try to be the best in the world at building those tools and the low-level stuff. So, the conversation that I might have with the prospect would be different than how I would advise a customer of ours, or an implementer of SSI solutions directly.
I would think that Farmer Connect is going to talk about farmers sharing their data, in a way that’s privacy-respecting and that those farmers can use, to get access to credit and other things. They’re going to talk about the farmers; they’re not necessarily going to talk about Self-sovereign Identity. Or, at least, I wouldn’t typically advise them to do so.
Whereas when I have a conversation with someone, it is going to be about the tools, and the technology, and the approach. As an example, Amazon AWS is going to be talking about the cloud and the benefits of moving to the cloud; Pinterest is going to be talking about pictures, and Uber is going to be talking about rides, but they’re both built on AWS. For the end consumer, for the sake of the use case, I don’t think you need to talk about the technology that’s powering it. It totally depends on what you’re using the technology for, and it’s better to be talking about the business problem instead.
Mathieu: Fair enough. You wrote another great piece: “Four Keys for SSI Adoption,” and one of the findings was simply, “Don’t sell the tech.” I think you alluded to that again here, in selling the value of SSI instead. I think that your fourth key for SSI adoption, was that chicken-and-egg problem. Has your thinking advanced since you’ve written this? And, perhaps you can also talk about the survey you did, and how you approach this thing? I think it’s pretty cool that you went out there, and came up with these findings.
Riley: For the survey that I did, I was thinking that there are so many companies out there who are deploying SSI-based solutions. Almost all of them are using some vendor to help them, so the survey revolved around reaching out to other vendors, like us, and asking whether those vendors have any insight on their customers and their customers’ adoption. It turns out, they do; so it was more about collaborating with other vendors. There are still conversations around confidentiality there, and so that’s why all of the raw data is not shared, but at a high level, I did share what I felt like I could. I talked to all the SSI vendors that you’ve likely heard of, and got every one of them, with maybe an exception or two, depending on who you want to count in that arena as a vendor. I would say it’s perhaps not exhaustive, but it was many of the more prominent players and talking to them: “Where are your customers at? Have they gone to production? What’s essentially the scale of that deployment? What’s the approach?
Ultimately, it comes down to that last component that you’re talking about, around the chicken and egg problem. Of course, if a bank is willing to accept a driver’s license and you already have a digital driver’s license on your device, and you can simply tap an NFC (Near Field Communications) reader as you walk into the bank — you can imagine really great user experiences once this stuff is widespread. But until that point, there’s a challenge with identifying where the specific value is, that verifiable credentials can add. My answer there was that there are really two ways to get around that: one is to take an ecosystem-type approach, which I think we’ve seen some successes in doing; and the other is to take a single-sided approach. That refers to the two- or three-sided marketplace that is SSI at scale. If we take one side of that, it would involve working with the Issuer, and trying to solve a problem for the Issuer. Or, to work with the Verifier, and try to solve a problem with the Verifier. In other words, you are starting with only one side of the Trust Triangle.
I asked approximately 30-odd people in this survey I did, and this was an hour-long interview with each of these people: I dug deep into the background behind the answers. Fifty percent of them said that an ecosystem-type approach was the right way to go, and fifty percent said a single-sided approach was the right way to go. So, really, the answer is that nobody knows what the right way is. Maybe the answer is that there is no right way; it’s whatever works for a given use case. But somehow, in order to reach the level of value that we all see in SSI, we have to get some kind of network of verifiable credential Issuers, Verifiers, and Holders to exist. Once those networks can cross-pollinate, and you can get a network of networks, or a network of ecosystems is maybe is another way to think about it: that’s when the value is really tremendous. That’s when the promises, that we all want to see happen, will be unlocked.
In order to get there, you’ve got to start somewhere, right? You’ve got to start with some immediate use case that can add value. The fax machine took nearly 100 years to achieve a widespread network effect. When the fax machine started out, its first initial use cases were point-to-point selling within US Military applications, because it’s very secure. So, sending confidential documentation from point-to-point within the military, that was the first use case for the fax machine. That’s a single-sided use case — it’s selling a new technology to one party, and having them implement it internally or for their own processes. Beyond that, it eventually became a way for other companies to get data from the US military and from the US postal service. That’s where the network effect was built from; it started on a single-sided adoption with one party, and then other people started building on top of that network or that initial node, and building other nodes relative to the first one, thereby creating a network effect.
The question I ask in that blog is, “What’s the best way to make that happen within SSI?” Is it to go after a single party, such as the Issuer or Verifier, or is it to try to tackle a whole ecosystem, and get both sides of the market there from the start? An example of that, would be something like COVID credentials, where the lab issues the credential, and some employer, or airline, or venue, verifies the credential. In those cases, there are effectively two sides; two separate parties that are interacting. I can’t speak to what’s best. What I can say, is that in our worldview, or with the people that we work with, the ecosystems have been the deployments that have seen strong initial adoption. That doesn’t mean that the other approach won’t work also; I think those models are not mutually exclusive. We created the Trinsic Ecosystems product to lean into that insight that we had on ecosystems, and to make it easier for people to bring Issuers and Verifiers and Holders into a single trust ecosystem, without a lot of custom development work and implementation. Faxes are unfortunately still used today for stuff — every time I see that, I can’t get over it. But, well, it goes to show how powerful a network effect can be. Think about the fact that faxing is still so prominent; we may not use it in our everyday life quite as much, but when you look at global volumes, it’s still a very prominent communication vehicle around the world for secure document sharing. The fact that that is true is a testament to how powerful a network effect can be. If we can create a network effect with something that empowers individuals, and gives them more privacy and autonomy and things like that, then that’s something I absolutely want to be a part of.
Mathieu: Riley, thanks for doing this. I really appreciate it.
Riley: Thanks for having me; this has been an awesome conversation.
