Skip to main content

Decentralized SSI Governance

By March 27, 2023Blog
Digital-looking cubes against a black background with spotlights, and shattered glass falling from the lower cubes
Image by @fabioha on

This new ToIP white paper sets out practical steps for better business decisions using decentralized identity SSI infrastructure.

Although this new ToIP white paper, publishing jointly by the ToIP Ecosystem Foundry, Governance Stack, and Concepts and Terminology Working Groups, is entitled Decentralized SSI Governance, the focus of the paper is actually on how governance can be used to specify business logic and workflow and hence the contextual validity of what qualified data:

Qualified data: data that comes with assurances, e.g. regarding its provenance and integrity (immutability), such that it qualifies as ‘valid to be used for specific purposes of individual parties’.

In the world of TCP/IP it is argued, any data can be transmitted, whereas SSI is specifically exchanging qualified data that is contextually relevant for decision-making.  

The paper first distinguishes between verification and validation — a critical distinction which interestingly challenges traditional identity and verification models. In traditional ID&V workflow, validation comes before verification. For example, at an airport when a traveler presents at passport control, the passport is first scanned to check that it is a valid document, then the border officer will use human and/or machine tools to verify that the traveler presenting the document is also the passport holder.

With SSI, this workflow is reversed. At the time of presenting their credential, the traveler is already verified as being the document holder (for example, using biometric verification and/or zero knowledge proof cryptography). Then the document’s data contents need to be validated as relevant for the purposes of that particular context— in this case, passing over an international border.

The paper lays out the business drivers and business process challenges of changing this logical flow. It shows how the benefits of SSI can be realized by following a clear roadmap at three levels:

  1. Participatory governance for all three roles in credential exchange (holder, issuer and verifier) to set policy for their respective contexts.
  2. Automating decision-making based on arguments (business logic).
  3. SSI assurance communities that are built on the existing accreditation, certification and audit regimes.

While it is billed as a white paper about governance, it is really a pragmatic guide for business people can make the most of SSI infrastructure, streamline their business processes, and implement new workflows for qualified data. The result is a clear path for transitioning from validation first to verification first, based not on future technological capabilities (although the roadmap proposes tools such as cryptographically enforceable policies for the future), but on existing business and assurance processes.

The paper (PDF) is available to read.