10.4 SSI & Decentralised IDM: Challenges Flashcards
Google, Apple, and Mozilla filed official objections to the acceptance of the W3C DID 1.0 specification in September 2021. So, what was the reason for it?
Four main reasons were given:
§ The DID 1.0 specification standardizes DIDs in general but does not …
§ The DID 1.0 specification encourages many different DID methods instead of just a few, which might …
§ The DID 1.0 specification does not prohibit …
§ The DID 1.0 specification promotes the use of blockchains, about which …
standardize any specific DID methods.
limit interoperability
centralized DID methods
environmental concerns have been raised.
But…
§ Currently, there is no alternative to DIDs.
§ Diversification means “plug and play” ensuring interoperability and …
§ Besides, all of the objecting companies have a significant interest in staying a …
There was also some criticism on SSI in general coming from tech influencers who argue that most SSI use cases can be solved easier using … While that is generally true, there are arguably benefits in researching and designing systems that do not needlessly centralize control and data. Technical criticism is rare.
easier adoption for existing systems.
federated identity provider.
existing central authority database systems
Implementation Challenges
§ Many libraries are still in a very …
§ Many “VC-adjacent” functionalities have no ..: Status lists only have one standard that is arguably not sufficient: StatusList2021
§ Wallet software is also still in its infancy: … is key and needs to be improved
§ … is generally not recoverable: Backup solutions are simple if present at all
Should privacy be traded for usability (e.g., through cloud wallets)?
§ The choice of DID methods is overwhelming, even for technical experts: Roughly 170 methods exist
Very different characteristics spanning …
experimental state
viable standards
Usability
Loss of private keys
cost, features, and security
Governance is one of the major challenges in SSI.
Consider an example:
If we encounter a diploma credential from an unknown university, how do we know if that issuer DID is actually a university?
And who is able/allowed/trusted to decide which issuers are trusted?
Similar problems arise for other types of credentials with real world impact.
§ A … is often stated as a solution to decide which issuers are trusted. Good implementations of this are similarly unsolved like revocation.
For example, on a national level, a country’s ministry of education could provide a list of universities.
However, government involvement might not be desirable in all cases. Also, it might prove very difficult to find a single institution that has the trust of all participants world-wide.
“Trusted Issuer Registry”