[rocqua]

The underlying cryptographic technology here: "Verifiable Credentials" is quite exciting. If you have ever wondered "why aren't bureaucracies using digital signatures?" then VCs are interesting.

It's a pretty decent technical spec for signing statements like "This person has this age" or "this person is vaccinated" or "this person is authorized for this bank-account as executor of a will". It is a spec written by cryptographers and hackers.

At the same time, it is a spec being used by banks, governments, and health-care. That is, its not just a nice technical ivory tower idea, it is actually liked by people who would use it. Why do these organizations want to use this? Because, without cryptographic guarantees, your business processes involve a whole lot of bureaucracy, manual checking of data, implicit trust relations, and friction (so much friction).

That friction is part of why people would actually want to use it. Essentially, all you need to do to share required data is scan some QR codes. Another, maybe more important part, is control over your data. You determine who you show your VC. It is not needed for two organizations to have access to all of their shared data they need. They give the used the data, and the user hands it over, or he doesn't.

The general concept behind all of this is sometimes called SSI (Self Sovereign Identity).

[koojen]

I've worked with VCs and personally I found them unnecessarily complex and over hyped by a certain gang of people/companies. all the hyped benefits causes dependancy on being available to download contexts, access lists/blockchains of public signatures etc etc

[rocqua]

Does that mean you prefer a different standard for "signed statements", or do you think the idea of "signed statements" is just not useful (or not useful yet).?

[atonse]

Thanks for the background. For fun I did a thought experiment a couple weeks ago, of designing a vaccine verification system and arrived at the same cryptographic abstractions (without JWT and JWS, but same for offline verification with public keys) and it’s good to see the design matches mine, mainly as a validation to myself that I am understanding a practical application of those crypto building blocks.

The added bonus is there’s already an open standard I can use that’s been poked at by smarter people.

Exciting!

[rocqua]

The real interesting part here, if you want to start making this more widely available, is determining whose signatures you trust.

Self-signed statements already have some value. You can litigate those in court. But when you wanna enter e.g. the Netherlands, how are they to know which key belongs to Quebec?