The Quiet Corner of Web3 That Means Business
While the metaverse still lacks legs and crypto stumbles, managers who are keeping an eye on Web3 can learn from promising implementations of decentralized credentials.
Executives are hearing a lot about Web3, a blockchain-based road map for the future internet whose building blocks include cryptocurrencies, non-fungible tokens, decentralized autonomous organizations, and, perhaps most famously, the persistent virtual worlds that the so-called metaverse comprises. It’s early days for most of these developments — but leaders who want to be out in front on emerging technologies should take note of decentralized credentials, one of the quieter but more promising applications under the Web3 umbrella.
While not every organization will need to build a brand in a metaverse or transact with cryptocurrencies, all organizations manage credentials as issuers, holders, and verifiers. Every organization issues credentials to employees, customers, suppliers, and partners; an account for identity management is the most ubiquitous credential issued. Every organization holds multiple credentials, such as a license to operate, taxpayer identification, and securities registration. Every organization verifies proof of credentials from employees, customers, suppliers, and partners. These three roles, along with a governing authority, form a credentials ecosystem. Today, organizations manage their credentialing needs with centralized databases or by paying trusted third parties. Solutions are often expensive, slow, frustrating to use, and wrought with cybersecurity risks. Let’s not forget that the 2020 SolarWinds breach that affected hundreds of U.S. government organizations and businesses was enabled by stolen log-in credentials.
Get Updates on Innovative Strategy
The latest insights on strategy and execution in the workplace, delivered to your inbox once a month.
Please enter a valid email address
Thank you for signing up
Decentralization empowers holders to control their own credentials via a digital wallet. It’s up to the holder to accept a digital credential offered to them by an issuer or to provide proof of a credential to a verifier. Privacy is enhanced because holders often need to present only a part of a credential to a verifying organization. For example, customers ordering a beer at a pub can prove they are of legal drinking age without revealing other information that may be found on a driver’s license, such as their name, exact birth date, disability status, or home address.
References
1. B. Turczynski, “2020 HR Statistics: Job Search, Hiring, Recruiting & Interviews,” Zety, updated Jan. 9, 2020, https://zety.com; and “Your Organization’s Reputation on the Line: The Real Cost of Academic Fraud,” PDF file (Herndon, Virginia: National Student Clearinghouse, 2016), https://nscverifications.org.
2. A. Preukschat and D. Reed, “Self-Sovereign Identity: Decentralized Digital Identity and Verifiable Credentials” (Shelter Island, New York: Manning Publications, 2021).
3. The W3C is an international community that develops open standards to ensure the long-term growth of the web. The W3C’s Verifiable Credential standard was published in 2019; its Decentralized Identifiers standard was published in July 2022.
4. M. Lacity and E. Carmel, “Self-Sovereign Identity and Verifiable Credentials in Your Digital Wallet,” MIS Quarterly Executive 21, no. 3 (2022): article 6.
5. The Sovrin Network is managed by the nonprofit Sovrin Foundation. The foundation has authorized over 80 independent volunteers on six continents to operate the network’s nodes.
6. The NHS lists the organizations that have registered to use the Digital Staff Passport on its website.
7. The Trust Over IP Foundation was launched in 2020 with the mission to develop a complete architecture for internet digital trust.
8. The OrgBook for the province of British Columbia is available and can be searched online.
9. “BC Wallet,” Government ID, Government of British Columbia, accessed Jan. 11, 2023, https://www2.gov.bc.ca.
10. The FIDO Alliance is an open industry association with a mission to reduce the world’s overreliance on passwords.
11. “Bonifii and Entersekt Announce New Context-Aware Authentication Solution for Credit Unions,” Bonifii, April 21, 2022, https://bonifii.com.
12. P. Windley, “Building an SSI Ecosystem: MemberPass and Credit Unions,” Phil Windley’s Technometria, June 7, 2021, www.windley.com.
13. The three cases all use the Sovrin Network. In this network, transaction costs are low; only issuers are charged a modest fee (about $10) to post their public keys to the registry, and the issuer can use the key to sign an unlimited number of credentials. At this point, verifiers are not charged for reading the registry.
14. The W3C lists 136 methods for decentralized credentials. See “DID Specification Registries: The Interoperability Registry for Decentralized Identifiers,” W3C, updated Jan. 7, 2023, www.w3.org.
i. “About,” Web3 Foundation, accessed Jan. 11, 2023, https://web3.foundation.
ii. R. Browne, “Web Inventor Tim Berners-Lee Wants Us to ‘Ignore’ Web3: ‘Web3 Is Not the Web at All,’” CNBC, Nov. 4, 2022, www.cnbc.com.