Verifiable credential innovator Indicio has joined the Google Cloud Partner Advantage program, a partnership that gives Google Cloud customers access to a proven family of open-source solutions and software components for authenticating and sharing high-value information. This enhancement to the Google Cloud will make digital verifiable credentials easier to issue and easier to verify.
By extending verifiable credentials as a service, Google and Indicio will make this critical technology more accessible to enterprises. In particular, any organisation will be able to build verifiable credential solutions within existing technology and business infrastructure.
Indico CEO Heather Dahl was recently awarded the 2022 Constellation Supernova Award for Digital Safety, Governance, and Privacy. While the Google parrtnship was still under wraps, Heather spoke about decentralisation of identity information on a panel at Constellation’s Connected Enterprise #CCE2022 innovation summit on October 26. This blog picks up some of her points.
Taming the technology
Cryptographic containers will become the norm for conveying almost any important facts and figures about ourselves, from driver licences and passports through financial services and healthcare accounts, to loyalty programs and gym memberships. But the technology seems daunting. It calls out for outsourcing.
Businesses, governments, universities, libraries and clubs have for decades been ordering membership tokens (usually plastic cards) from specialist bureaus. In the digital economy, these physical tokens will pivot to verifiable credentials. And I believe the outsourced business model for procuring them will remain much the same as they have been for cards.
The key is to get verifiable credentials technology into the cloud.
Verifiable credentials are allabout context. To issue them without friction and to impart the greatest meaning, VCs need to be published direct from the source of truth.
The best way to prove yourself digitally
Verifiable credentials are becoming a uniform way of proving important facts about people and also machines (i.e. non-human actors). In a huge range of applications, if you want the ability to prove something about users or about devices, then verifiable credentials provide an “authenticity layer”.
A verifiable credential is a digital statement about a specific fact about a subject, signed by a recognised issuer, and bound to the subject, usually through a key pair controlled by the subject. Verifiable credentials allow the subject to present the credential cryptographically whenever they need to prove the fact to another party.
The basic pattern is well established. Chip-and-PIN cards are one of the earliest verifiable credentials. The international e-passport has similar functions and benefits. But these examples operate within proprietary and rigid public key infrastructures.
For broader adoption and wider accessibility of the verified information, new digital credentials standards are emerging from industry groups such as Hyperledger Indy and open standards bodies, especially right now the World Wide Web Consortium. There has been enormous interest in this technology to convey COVID results and vaccination status. After a great many pilots, a few stable solutions have emerged, including Indicio’s Digital Travel Credential.
Beyond human subjects to the IoT
On the Internet of Things, autonomous agents are communicating with one another, making increasingly automatic decisions in real time. For security and reliability, precise information about devices is required; it must be machine readable, verifiable instantly, endorsed, and reliable. Verifiable credentials are perfect for delivering these properties.
So verifiable credentials are not just for humans. Indeed, Heather Dahl told as at #CCE2022 that around fifty percent of Indicio’s verifiable credentials are issued to non-human subjects; that is, IoT devices. And she expects the share going to device credentials will keep increasing.
Beyond identity to data
Indicio is on a mission to extend verifiable credential patterns to verify data in general. Heather describes the Indicio Proven platform as a technology for “managing devices and machines and accelerating digital transformation across every sector.” The platform embodies a philosophy of machine readable governance, which I take to mean that the vital metadata about how a system has been designed, tested and audited is also in scope for cryptographic verification.
Heather reported that very few of Indicio’s customers ever call the company “asking for an identity solution”. Identity is not the way that they frame their authenticity and data quality objectives.
Indicio in my opinion is on the leading edge of a movement to treat data as a critical utility and deliver it at scale with machine readable verifiable quality metrics.