Here’s a fuller response that we will be discussing with Jimmy and Bryan soon…
Verifiable Credentials and NFTs
Jimmy Snoek and Bryan Georges of Tykn have produced an interesting and balanced webinar that compares and contrasts Verifiable Credentials and NFT’s mostly in the context of identity and the sale of digital art …and music.
I’m really pleased to hear Jimmy and Bryan’s cautions about use of NFT’s, or any blockchain, where any personally identifiable information is stored ‘on chain’. Verifiable Credentials are a purpose-designed and more mature solution for identity scenarios.
Jimmy and Bryan have a more ‘nuanced’ discussion about possible ‘hybrid’ uses where VC’s might be used to offset some of the privacy risks seen in the booming NFT market.
TL;DR There could be an opportunity for Resonate to partner with an ethical and privacy-respecting NFT platform, without compromising our core principles and values.
But first of all, let’s assume here that none of us are blockchain entrepreneurs / enthusiasts who want to launch an NFT platform and make $$$$ from crypto-investors in a short term pump and dump scheme. Let’s also assume that no one here is keen to see a planet-burning (proof-of-work) or potentially cryptographically unsafe (proof-of-stake) token system, burdened with tax and legal issues.
Instead, let’s assume we are a community that cares about its art and its artists, some of whom want to sell their work for a decent reward on a digital art market that is fair to both artists and buyers. (That’s Resonate by the way :-)… for music, but it could also be for the digital art showcased on the player)
What do we need to do that?
A means of issue of certificates of ownership/authenticity from a trusted source;
Transparency, but with privacy, verifiability, and selective disclosure of personal information;
A marketplace - a trusted, moderated place for sellers and buyers to find each other, either on a community platform, or truly peer to peer;
Community Governance… to maintain trust and keep it all legal, decent and honest.
Verifiable Credentials is a W3C standard all about issuers, holders, wallets and verifiers… and selective disclosure. At Resonate we take a ‘human-centric’ view of identity that keeps your personal identity information close, in your wallet, NEVER on a blockchain. For example,from the artist (issuer), you the buyer (holder) get a digital credential (VC) to prove you paid a decent reward for the work and you also keep that as a credential in your wallet that you can present to others (verifiers) as proof.
You control what you disclose and you can prove it digitally, without being tracked or having to show a full copy of the work to someone for inspection: Is it genuine? Yes.
Jimmy rightly points out that the SSI (Self-Sovereign Identity) stack is complex - normally this is a combo of Verifiable Credentials and Decentralised Identifiers (DIDs). However, depending on your requirements, you don’t actually need a big and complicated global world of DID’s… in our opinion DIDs will take a little while to mature, especially at global scale. To quote the W3C standard on Verifiable Credentials: “As of this publication, DIDs are a new type of identifier that are not necessary for verifiable credentials to be useful. Specifically, verifiable credentials do not depend on DIDs and DIDs do not depend on verifiable credentials. However, it is expected that many verifiable credentials will use DIDs”
However, Jimmy and Bryan do point out that you can use a conventional database or ‘middleware’ and certificate authority, and in the meantime, within a community platform, or network of community platforms and a conventional trust infrastructure, you can achieve a lot without blockchains or the complications of DIDs. That helps a lot with usability, and cost. Even hard things like revocation can be worked around with simplifying assumptions.
We are sitll cautious about the DID part of the ToIP stack. We think identity is a human thing, so we resist the temptation to stick a number on humans everything, even if it’s ‘pairwise’, for the sake of a computer ecosystem. We try to stick with what is there already, and not make it worse. We may need to introduce that complexity later, but for now there are those who think there might be unintended consequences in the immensely complex world of identity. See this ‘systemic’ view at SSImeetup by Philip Sheldrake, for example.
But what about the Marketplace?
Verifiable credentials have very little to do with public marketplaces of any kind.
There are so many digital marketplaces appearing everywhere it seems absurd to create even more of them. eBay, Amazon, OpenBazaar It’s also easy to add marketplace features to an existing community, inheriting established governance and trust. However, a Community-Based solution simply cannot provide the global consumer reach of NFT’s, a supercharged and ungoverned marketplace, and one that has a lot of attention right now from folks with considerable crypto spending power.
What about authenticity? A VC can prove the sale of a digital asset between authentic parties, with multiple signatures, and can include a hash of the digital asset as a digital fingerprint in the VC. If you wanted to deter subsequent copying without attribution you could also ‘watermark’ the asset using steganography so that there is an audit trail, but that seems a niche requirement.
How could NFT’s and VC’s work for digital asset sales?
The community of artists on Resonate might act as the issuers of VC’s that certify both their identity (without disclosing ‘real world’ identity attributes) and the authenticity of specific art or music on offer. A community process could provide additional audit / internal verification.
The VC could potentially be safely issued as a ‘public presentation’ in an NFT (a ‘VC-NFT’) for potential purchasers to verify at a verification point. They’d have to sign up with our Resonate community and get a CC wallet (later to be an integral part of our player). Our player is already a nice place to view digital art and listen to music. (We already have a ‘buy now’ button.) With the wallet, they could verify the authenticity of the public (but encrypted) VC-NFT.
In the NFT marketplace, the transfer of the asset for crypto could then occur in the usual way. The NFT would be a persistent, long-term public record of ownership, albeit with the risks of correlation of identity and tracking associated with publicly-visible addresses
As Jimmy and Bryan point out, the widespread use of NFT’s for ticketing is pretty toxic from a privacy perspective and could presents serious tracking and correlation risks, unless the ticket is reduced to a trivial, but transferrable token. Bryan suggests hoiding the ethereum wallet address of the holder as data within a VC, but then why not treat the VC as the ticket data, and eliminate the need for the NFT altogether? A verifiable credential could effectively represent a ticket, or agreement (in our community we call it a ‘digital handshake’) to which there are terms and conditions attached to the contract.
Resonate’s Vision for Community Credentials
You can find out more about Community Credentials here.
We ‘publish’ our Verifiable Credentials as ‘badges’ in our Community Platform. The holder of the badge is strongly authenticated using FIDO (Fast IDentity Online) standards, to prove humanity, and that it is the same human, that is presenting the VC for verification. We are packaging this as an open-source plugin to community software like Discourse.
We have talked about ‘portable’ membership credentials across co-operatives - Know Your Co-Operators. We are looking towards a possibility of a ‘commons of co-operative membership’ with co-ops busily ‘cross-selling’ frictionless membership to each other, growing solidarity among co-ops and boosting that 1.2Bn members of co-ops globally.
We have also discussed the possibility of having a ‘play anywhere’ portable ‘owned tracks list’ as a verifiable credential, recognised across a number of players / Digital Streaming Platforms (DSP) which accept that the artist has been paid a ‘decent reward’ by that listener via another service in the music playing ecosystem. Resonate could lead the way in establishing a standard credential, and the ‘play fair’ process and governance around it.
There could also be a portable ‘social’ credential, which would privately keep the user’s follows, feeds, friends and social contacts list, held in a private VC and accessed by a client app, for greater privacy, explicit consent to connections, and less centralised storage of the ‘social graph’ (yes, today exploited heavily by Facebook and Spotify). We might manage this nicely in a player / wallet app perhaps, limiting the amount of information we make public for ‘discovery’ purposes and allowing for privacy-respecting version of apps like these.
On the foundations of a web of trust between co-ops, underpinned by Community Credentials we could build loyalty points systems to reward solidarity or we could even grow a full-blown ‘circular’ mutual credit exchange or community currency ecosystem of ‘barter’ for services … who knows?
Purpose and Consequences
There are all sorts of use-cases possible, but I think our strength in Resonate begins in the Community and social solidarity around music. That’s where we start, not as a tech solution looking for a problem. For example, we need to think about the social, behavioural and economic consequences of introducing a feature that creates a new class of user - ‘investor’ in art / music. We might conclude that it is better to keep that outside the platform, but we have to accept the reality that it goes on and can bring enormous wealth to a few who are savvy in exploiting it. Could we make it easier for all to exploit it? Could we ethically participate in it by offering valuable community certificates of provenance to a less toxic version of one of these NFT platforms? Could we simply work with ANY ‘capitalist’ art market, even eBay, to help artists monetise their work?
I don’t know, but whatever we do, let’s take it step by step, growing organically from our co-operative, community core.