When's a token not a token? When its a VC...

Tokens have emerged as one of the central narratives of Web3, with cryptocurrencies, utility or governance tokens, NFTs and stablecoins being our current staples.

However, another key emerging narrative that is relevant for both individuals, as well as businesses, are verified credentials, which are core tenants of decentralised identity.

In Web2, identity is a centralised concept. Platforms store their own sets of credentials to identify their users. This is achieved via usernames and passwords, or by using OAuth2 — where you use your login from one of the big tech platforms such as Google, Facebook, Twitter, LinkedIn, etc to sign up for an online service.

Regardless of which approach you use, your credentials are being stored and managed on a centralised service, which you have no choice but to implicitly trust as they are gatekeepers to a number of online services. They could suffer an outage, or worse case your credentials could be stolen from them, but in Web2 you have limited other choices.

Decentralised identity (DID) removes these platform gatekeepers from the mix, empowering users to control their own identities, where trusted organisations issue claims or facts about their users or customers, which can subsequently be easily verified by other services users may wish to use. These claims are the basis of verified credentials which are going to become an ever-increasing component of Web3.

On the surface verified credentials (VCs) may appear similar to tokens such as NFTs — VCs are associated with an individual and can be stored digitally just like digital tokens such as NFTs. However, it's important to draw distinctions between the two technologies, as whilst they are distinct from one another, they're likely to be bundled together incorrectly when discussing use cases and applications of them.

A token resides on a blockchain, ownership is public and it can be traded. VCs do not reside on a blockchain, they are private facts that can be disclosed at their owner's discretion and cannot be traded.

A real-world analogy for how these technologies can be used is that an NFT could be your membership to an exclusive club. Whilst this NFT may give you access to this club, you could choose to sell it to someone else, transferring the access with it to the new owner. Contract this with a VC which could be used to represent a passport or driver's license which is unique to you, and is issued directly to you by the appropriate government organisation.

The opportunities for companies to become VC issuing organisations are mammoth, and this is one area where we will see huge investment over the coming years. The reason for this is that pillar of Web3 — trust.

Generally speaking, the larger the company, the larger its customer base. Large corporations, whilst inefficient in many respects, have significant influence in their respective industries and are trusted by their customers.

They have their fair share of issues, be that regulatory or political, but broadly speaking, customers trust them enough to allow them to carry out their core service on behalf of the customer. That may be the provisioning of healthcare, utilities, financial services, products or other services.

This trust relationship is what can be leveraged by these companies to provide new products and services that cater for decentralised identity initiatives.

The classically cited example is with proof of academic credentials. Historically, if someone wishes to prove that they have achieved a certain qualification such as a degree this is proven by presenting their actual degree certificate and potentially contacting the issuing institution for secondary verification.

With a decentralised identity approach, this proof of qualification could be issued by an academic institution as a VC to a student, where the proof is a cryptographically signed message by the institution associated with the student's own cryptographic key. The student can then present this VC to a prospective employer to prove that they have achieved this academic qualification. This prospective employer checks the cryptographic signature of the issuer in order to verify the VC.

From this example, one can easily see how it can apply to broader businesses. Imagine if you wish to prove you are a current customer of a utility provider. The current model is to present a copy of a utility bill which can easily be doctored. Instead, your utility provider could be in the business of issuing VCs for their customers. This could provide cryptographic proof that you are a real customer of theirs.

Or perhaps you're a government agency issuing passports or driving licenses. These too could be issued as VCs instead of physical documents which are subject to tampering and forgery.

These examples are just the tip of the iceberg, but they help illustrate how large the opportunity space is for VCs. Like it or not, unlike many other areas of Web3, large corporates and government agencies are very well placed to be the primary issues of VCs due to their position as providing trusted services that many citizens rely on in their everyday lives.

As with other parts of Web3, the user experience associated with these verifications isn't yet standardised, but down the line, it could be similar to when you access a website such as Google or Amazon and look for the padlock in the corner of your browser to trust that it's genuine. When someone wishes to verify a credential, they will have a similar proof point they can use to easily visually verify that the credential was issued by the accredited organisation.

VCs will not be underpinned by the aforementioned public key infrastructure (PKI) which secures much of the web, but the overall perception of trust provided by PKI is a useful reference point for how this can play out, albeit with decentralised technology as its backbone. Decentralized PKI (DPKI) is already a very real concept which makes use of blockchain technology for publishing public keys, which given blockchains immutable nature will be a more robust solution for storing public cryptographic credentials than what we have currently. 

We've seen cryptocurrencies and NFTs cross the chasm and enter the mainstream culture. Many organisations have scrambled to find opportunities to embrace these technologies. However, decentralised identity technologies such as VCs, whilst nothing like as exciting for consumers, present a mammoth opportunity for any organisation providing valued products or services.

Some of the more savvy governments and corporates have been exploring DID networks for some time, but for many, it's still not baked into their Web3 strategies. This is a mistake, as the opportunity to be an issuer of VCs is far more relevant to many organisations than other components of Web3 that they may be considering. It’s even friendly from a regulatory perspective due to the controls users have over how much of their data is disclosed which aligns well with initiatives such as GDPR.

Whilst DID and VCs may not be as popularised as other parts of Web3, they are going to be core tenants of Web3 and especially relevant to corporates, which is why anyone with even a passing interest in Web3 should be starting to take them seriously.