How do we bootstrap the web of trust in Verifiable Claims

by Matt Stone, Brightlink and Dan Burnett, Consensys

In the world of Verifiable Credentials, it is essential that Verifiers can trust Issuers. To this end, there must be a common understanding of the “functional identity” of the Issuer.[joe’s paper]. How do humans establish the appropriate level understanding to trust the artifact with conviction, i.e. how does one link “this key” to “that real world entity (person, company, etc)”

Significant work has been done on this topic to date, but what’s true now, and what’s handwaving to solve later? As chairs of the VCWG the authors have been close to this topic for a while now, but it is still unclear how all the pieces fit together, primarily when it comes to how humans in the world will recognize and become comfortable with this process online.

Situation

For example, any individual or company can register a DID and Issue a VC to any individual. How does a Verifier really understand and validate that the issuer is the actual “Department of X” or “Company Y”?

Challenges

The challenges are:

• In the beginning it’s all “untrustworthy b/c noone has a reputation”
• How do we get a critical mass of understanding so Issuers and Verifiers know what’s trustworthy?
• We have great technology, how to you jump-start grassroots adoption?

Ideas

work group process goes here...

Decisions/Approach

Workgroup deliverable will go here :)

Evidence of Success

What are the metrics that indicate we’re growing towards a critical mass of both understanding and reliance?

How do we measure where we are on a “reliance life cycle”. Consider a lifecycle that indicates how heavily a solution is relied upon: New capabilities move from “cool, new, exciting” through “useful in the marketplace” to “essential for everyday life”. Where are we in the life cycle and are we progressing to the next phase of reliance? Consider how reliant we’ve become on GPS as an analogy