What can identity ecosystems learn from payments?

Thank you Jamie Smith?? for pointing me in the direction of this article by Stephen Wilson from Lockstep Technologies : “Can a metaphor be too good?”?

In a nutshell, Wilson tells us that “Digital wallets are necessary but not nearly sufficient for effective verifiable credentials.” Coming from payments I love the analogy he uses to make his case. My key takeaways (you should still read the full article):

• A chip-based credit card is just a container of data, signed by the issuer at the time the card is manufactured and dynamically signed by the card chip at the time of transaction. Mobile virtual cards share the same cryptographic techniques. A wallet (digital or physical) is just a container of containers. I do not fully agree with Wilson when he states that wallets are “an uninteresting part of the payments system”. They are the main user interface, and as such, all other system / network decisions need to be made for the benefit of that wallet experience (ease of use, security, privacy…). Having said this, it is just one of the pieces of the puzzle
• What really makes cards so important to our everyday lives is that card schemes (e.g. Visa, Mastercard) built a two-sided network that caters both to consumers (cardholders) and businesses. Both sides are joined to the card schemes via their banks, and it is the schemes that allow the issuance and acceptance of cards almost everywhere in the world. It is not the wallet, “it is the credit card network that critically enables digital credentials from vetted issuers to be securely loaded to a customer’s card” and then it is also the network that allows businesses to be prepared to accept credentials. In reality it is a combination of the networks, the issuer and acquiring banks, it is the “infostructure” around the wallets what allows the magic to happen.
• This same model applies to verifiable credentials (VCs). Having the credentials in the wallet does not matter until we have resolved two issues: We know how to “(a) load the right verifiable credentials from the many issuers coming onto the market, and (b) make credentials legible at scale.” That is, we have resolved issuance and acceptance.

After reading the article, I decided to take his analogy even further…?

Could the future of identity be already written in the present of payments??

Just as the payment wallets, identity wallets (the relevant ones will be multifunctional wallets with identity capabilities) will need to 1) hold different types of credentials, catering to different issuer preferences, and 2) seamlessly connect to businesses accepting all those different types of credentials. Maybe everything facilitated by specialized players that will connect to the networks to build the “infostructure”. For example:?

• Entities like Universities will provide information to a “credential issuer” that will ensure the VC will only be loaded onto the wallet of the degree’s rightful owner.?
• An Employer will request the VC via a “credential acquirer” that will ensure its validity and decode its contents. Just like issuing and acquiring banks connect today to the many payment schemes around the world.?
• And finally, just as today, there may be another specialized entity that acts as the “credential holder”. These credentials are now assets that could be stored and protected by 1) banks, just like they today hold and protect our assets in our bank and securities accounts, or by 2) other players, just like Apple and Google (or some decentralized system) hold and protect our digital cards.?
• The “credential networks” will vet issuers and acquirers, set rules and protections, create and maintain directories…?

I don’t know if the best setup to issue, hold and consume verifiable credentials will be exactly like the setup that we have today for card-based payments, or if maybe a better analogy would be instant peer-to-peer networks (maybe missing some desirable protections…). But the fact that the card schemes are dipping their toes in the identity space makes me think that this may be, at least, one of the models at play. Maybe with the networks themselves playing a bigger role than the one they have today.?

What may be other options?

Even if what gets most talked about are the wallets at the edges, the truth is that there are many ongoing efforts to build this infostructure. Ranging from very large ones, such as:

• the initiative driven by the European Commission around eIDAS. I have pointed before in the direction of Andrew Tobin ’s six-part series “EU Wallet In Depth” - published on LinkedIn in February and March of last year - where he talks about many of the outstanding challenges to build the infostructure necessary to support the EU Wallet;?
• and the Trust over IP (ToIP) Initiative, working on the complete architecture for Internet-scale digital trust.?

To the nascent ones, driven by smaller players, but with the same big vision of providing a flexible, robust and safe network to connect the world. This is indeed what IDPartner - the mission-driven identity startup I started with three friends almost two years ago - is doing.? This is also why I love to talk about all of these topics. Hit me up if you would like to continue the conversation. Whether you agree or disagree with me, we can both learn from the exchange! ??

Link to this post on my personal website: https://trishburgess.com/f/what-can-identity-ecosystems-learn-from-payments