Are the Decentralization Normies Designing for the Wrong Architecture?
As many of you know, the EU is going down the path of mandatory digital identity wallets for all with its eIDAS regulation. Regardless of what you think, there is an existential power struggle going on who gets to control or bless the wallet that everyone will use. Will it be Apple/Google (the EU hopes not), will it be the EU as a whole, or the individual member states.
I believe the power struggle is due to the fundamentally wrong architecture they have chosen - the SSI model of: Issuer-Holder-Verifier. Due to this architecture, everyone wants to be the blessed app in the centre that ‘protects’ the Holder, namely the user. Now the mad scramble by states and tech giants to consolidate power on behalf of its cherished holders ( the hapless users).
What if there is another architecture?
Ever since being involved in #nostr, I got a sense that there was an alternative architecture, but did not know how to express in a way to counter the Issuer-Holder-Verifier model. Now, I do, it’s:
Event-Relay-Client
Now the relay is in the centre, but in contrast to the ‘Holder’ it’s open, transparent and replaceable, unlike the ‘Holder’ who is closed and private. Another problem with the Issuer-Holder-Verifier model is the Verifier actor. This model is modelling the solution, not the actual problem. Everybody now is trying to figure out who the ‘Verifier’ will be.
In contrast, ‘verifying’ is baked into the guts of the #nostr model of Event-Relay-Client model. Every event is a verifiable credential (to use the mainstream lingo). If your events aren’t signed, they won’t go anywhere. Nobody is a Verifier’ because everybody is a verifier. As well, Clients aren’t anything special in the architecture- you just build what you need for your users. In contrast, the ‘Holder’ implies it is special because of the important role it plays for the user, and hence a great excuse for the state to regulate to ‘protect’ the user. Relays can be argued as being ‘special’ but we all know they play a limited role and are replaceable at any moment.
So there you go.
To sum up, the Issuer-Holder-Verifier model, despite its promise, still leads a path of decentralization. In contrast, the Event-Relay-Client model does not accord any special privilege to anyone, allowing ecosystems to evolve for their own best purposes.
Tim Bouma
npub1q6m…x7d5
2024-06-09 09:43:29
Author Public Key
npub1q6mcr8tlr3l4gus3sfnw6772s7zae6hqncmw5wj27ejud5wcxf7q0nx7d5Published at
2024-06-09 09:43:29Event JSON
{
"id": "a7e7dfae35a6cceb51b80566b6f8ce26ef6599d248a153dd073dd0dbd4875cab",
"pubkey": "06b7819d7f1c7f5472118266ed7bca8785dceae09e36ea3a4af665c6d1d8327c",
"created_at": 1717919009,
"kind": 1,
"tags": [
[
"t",
"nostr"
],
[
"t",
"nostr"
]
],
"content": "Are the Decentralization Normies Designing for the Wrong Architecture?\n\nAs many of you know, the EU is going down the path of mandatory digital identity wallets for all with its eIDAS regulation. Regardless of what you think, there is an existential power struggle going on who gets to control or bless the wallet that everyone will use. Will it be Apple/Google (the EU hopes not), will it be the EU as a whole, or the individual member states.\n\nI believe the power struggle is due to the fundamentally wrong architecture they have chosen - the SSI model of: Issuer-Holder-Verifier. Due to this architecture, everyone wants to be the blessed app in the centre that ‘protects’ the Holder, namely the user. Now the mad scramble by states and tech giants to consolidate power on behalf of its cherished holders ( the hapless users).\n\nWhat if there is another architecture?\n\nEver since being involved in #nostr, I got a sense that there was an alternative architecture, but did not know how to express in a way to counter the Issuer-Holder-Verifier model. Now, I do, it’s:\n\nEvent-Relay-Client\n\nNow the relay is in the centre, but in contrast to the ‘Holder’ it’s open, transparent and replaceable, unlike the ‘Holder’ who is closed and private. Another problem with the Issuer-Holder-Verifier model is the Verifier actor. This model is modelling the solution, not the actual problem. Everybody now is trying to figure out who the ‘Verifier’ will be.\n\nIn contrast, ‘verifying’ is baked into the guts of the #nostr model of Event-Relay-Client model. Every event is a verifiable credential (to use the mainstream lingo). If your events aren’t signed, they won’t go anywhere. Nobody is a Verifier’ because everybody is a verifier. As well, Clients aren’t anything special in the architecture- you just build what you need for your users. In contrast, the ‘Holder’ implies it is special because of the important role it plays for the user, and hence a great excuse for the state to regulate to ‘protect’ the user. Relays can be argued as being ‘special’ but we all know they play a limited role and are replaceable at any moment.\n\nSo there you go. \n\nTo sum up, the Issuer-Holder-Verifier model, despite its promise, still leads a path of decentralization. In contrast, the Event-Relay-Client model does not accord any special privilege to anyone, allowing ecosystems to evolve for their own best purposes.",
"sig": "70ac9aed9aa024e8e5f89930c477e02eb0db2b2f134699731994035a22f0789a6a1e874a5f3e2834114f5ce42ad13bae6ab05d9227ee7bd3b100763484a71b82"
}