Evaluating Decentralised Identity Projects
These days, with the support of standards for decentralised identifiers and verifiable credentials, there are a lot of companies launching apps in the decentralised identity space. Having evaluated a number of such projects, I have come up with a list of questions that help to assess the strengths, weaknesses and interoperability of such projects.
Following is an attempt to provide a comprehensive reviewer’s guide. The first thing the reviewer must do is to classify which component services are being provided: issuance, verification or identity services (typically described as wallet services). This evaluation isn’t really focused on the commercial aspects, but it’s my belief that issuance is what pays.
Issuance
- Are you producing Verifiable Credentials or just notarised documents?
- How does your application support all of the various use cases? Are you using the JSON schema as a driver for the production of certificates? Where are you storing the JSON schema?
- How do you handle layout? Can a web designer produce layouts or does it require programming and deployment (ie- devops) skills? Can your designer’s layout be imported into your application?
- Have you separated layout from the rendering application, so that 3rd-parties (including verifiers) can render your certs?
- How is decentralisation achieved? Will your decentralisation rely on encrypted files and if so, how will GDPR be supported?
- Can you support issuance on more than one (smart contract enabled) blockchain?
- Does your application provide a developer API supporting ad-hoc and batch issuance?
Verification
- What does the verifier service actually check?
- Does verification check that the document matches its schema?
- How do you assure that what’s in the layout matches the JSON data?
- Do you have the ability to check expiration of the certificate or credential?
- Does your verifier support multiple issuers (eg- the university and a specific department)?
- Does your verifier support one issuer and a separate certificate producer?
- Is this verifier suitable for issuers and other 3rd-parties to publish on their own sites?
Identities
- Are you supporting decentralised identifiers (DIDs) for issuer and recipient?
- Are you planning to provide a credential wallet which supports one or more DIDs?
- Which DID methods have you implemented?
- Can your DID method map (ie- transmute) to any existing method, similar to BIP32?
I hope you find this reviewer’s guide stimulates thoughts about how decentralised identity might work for maximum interoperability and broad adoption.
Bill Claxton — Founder and CEO of NextID Pte Ltd