Why Monetize Credentials
In our 2023 Masterclass on Reusable Digital Identity, we explained how verifiable credentials simplify organizations’ processes and improve customers’ experience by making it easy to reuse trusted identity data across business partners. This led us to focus our 2024 Roadmap on creating tools to simplify the management of digital identity ecosystems. With the help of our early adopters who provided valuable feedback, Dock Certs now contains simple to use tools for managing the trust relationships in a custom ecosystem.
One of the key concerns we heard from customers is that credentials need to work within existing business relationships, where the verifier pays into the ecosystem when they benefit from using trusted data. Verifiers need trusted data to complete necessary business processes, and they are accustomed to purchasing that data from brokers. Many organizations would prefer to get that data directly from the consumer if they can be assured of its accuracy, and they are willing to compensate issuers of high quality credentials. These verifiers also recognize the value of a well regulated ecosystem, so they are willing to pay ecosystem administrators to accredit issuers, define common credential schemas, enforce regulatory compliance, and maintain standards sufficient to build consumer confidence in the data ecosystem’s brand.
Most verifiable credentials suffer from a freeloader problem, where any entity who has implemented the standards can verify the credentials without incentivizing issuers or ecosystem administrators. Dock recently announced a credential monetization feature that solves this problem. Dock’s innovative ecosystem-bound credential format makes it possible to require membership in a closed ecosystem before credentials can be verified. This allows verifiers to be invoiced, issuers to be paid, ecosystem administrators to be incentivized, and non-payers to be excluded.
How Credential Monetization Works in Practice
Dock’s monetizable credentials offer a few guarantees:
- The credential can only be verified by a member of the ecosystem authorized for that specific credential type.
- Participation in an ecosystem is approved by ecosystem administrators.
- Verification of ecosystem bound credentials will be tracked so that the verifier can be invoiced and issuers can be paid.
- The ecosystem administrator is not restricted in how they manage payments within their ecosystem.
- The data and meta-data of credential holders is not tracked across ecosystem participants.
Because ecosystem administrators control access to the ecosystem, they should only allow trusted business partners to join an ecosystem and may choose to require payment for membership. Participants who do not follow the ecosystem’s rules as specified in the governance framework, and any additional agreements, can be removed from it.
The ecosystem will track usage of credentials so that the administrator can bill verifiers and pay issuers according to individual contracts and ecosystem policies. For each verification of an ecosystem credential, the billing report shows the issuer of the credential and the schema. This allows ecosystem administrators to pay issuers the negotiated rate for specific credential types. Because the protocol enforces an ecosystem membership check before verifying ecosystem-bound credentials, issuers can be confident that they will be paid for the credentials they issue.
To make it easy to generate an invoice, the billing report shows the verifier and the verification fee for each transaction. An identifier of the verification request is also included, which the verifier can correlate with the data that they received from the holder in order to audit that they are only paying for valid transactions.
The listed platform fee is the amount that Dock will be invoicing the ecosystem administrator for ecosystem service.
Here is a sample billing report:
How Holder Privacy is Preserved
Note that in the sample billing report, there is no information about the holder. The verificationID has no use to ecosystem participants other than the verifier, and no one besides the verifier can learn how a specific holder behaves.
This is in contrast to existing approaches to data exchange, where centralized identity providers charge for access to consumer data and track every interaction in their ecosystem. Data is passed between issuers and verifiers without the consent or knowledge of the person who is the subject of the data. Because this data can easily be stolen and misused, consumers have become hesitant to trust identity providers and those companies who consume the data.
With Dock’s ecosystem-bound credentials, issuers can be confident that credentials will only be verified by trusted participants who have committed to follow the ecosystem’s rules. Issuers can make assurances to the consumers who are receiving the credentials and educate them about the rules of the ecosystem. These consumers who are holding credentials will thereby learn to recognize the ecosystem brand. They will prefer doing business with trusted verifiers because they know their privacy will be respected and data will only be obtained with their consent. The verifiers also benefit from knowing the data is legally obtained and vetted for accuracy by the consumers holding the credentials.
How Credential Monetization is Implemented
Dock’s approach to credential monetization depends on our patent-pending ecosystem-bound credentials. Alongside our current standards-compliant JSON-LD credentials with Ed25519 signatures, and our privacy maximizing JSON-LD BBS credentials, we’ve introduced a new credential format with a signature algorithm based on Keyed-Verification Anonymous Credentials (KVAC). This format starts with a JSON-LD credential, as specified in the W3C Verifiable Credentials Data Model standard, but uses a BBDT16 algebraic Message Authentication Code (MAC) for the signature, rather than BBS.
When a verifier tries to verify an ecosystem-bound credential, the holder’s wallet computes a two part proof presentation and provides it to the verifier with a notification that this verification requires ecosystem membership. The first part of the proof presentation contains the data that the holder is agreeing to share with the verifier, but without the signature necessary for the verifier to confirm that the data has not been modified. The verifier passes the second part of the proof presentation to the issuer’s broker which is operated by Dock. The broker confirms the verifier’s authorization to access credentials based on a specific ecosystem schema and issuer, but does not receive any information that can identify the holder. After confirming ecosystem membership, the broker returns whether the credential is valid or invalid.
Our ecosystem-bound credentials also use the same protocol to confirm ecosystem membership before verifying a proof of non-revocation during a credential status check. This is accomplished by combining KVAC technique with our privacy preserving accumulator based revocation.
In order to empower the credential holder in making choices about their identity, the credential format supports selective disclosure and zero-knowledge range proofs. This same motivation led us to design Dock’s broker to allow any party to verify credentials from a defunct ecosystem.
Creating the Future
Credential monetization based on ecosystem membership allows organizations to revolutionize how they share user data with their business partners without disrupting their current payment models. This allows adoption of verifiable credentials in additional use cases, and allows organizations to reduce fraud, simplify data management, automate business processes, and improve customer experience, all while increasing the data subject’s privacy and control of their own data. We expect that this capability will live alongside current models to pay issuers, such as governments issuing credentials, having holders purchase credentials, or credentials being issued in the course of providing services such as education or certification.
We designed this approach to credential payments based on feedback from our customers about their most pressing needs, but our architecture allows us to implement additional capabilities as they become important for our customers. We expect to eventually deploy blockchain-based payments, payments outside of an ecosystem, self-hosted payment brokers, marketplaces to compare paid credentials from different trust ecosystems, and interoperability between ecosystems.
We hope the approach we are pioneering will be considered for incorporation into common VC standards so that verification brokers can be operated by other parties. We expect this will lead to a flourishing marketplace of valuable credentials issued within ecosystems of trusted business partners.