VCs 3 - 2 NFTs (AET)
Tokens and credentials are not the same thing at all.
Dateline: Singapore, 18th July 2022.
The chaotic scenes at this year’s Champions League final at the Stade de France in Paris were caused, according to the relevant authorities, by large numbers of fans trying to gain access to the venue with counterfeit tickets. France's Interior minister Gérald Darmanin said that “70% of the tickets coming into the Stade de France were fake” and that after the first “filtering” some 15% of tickets were still fake.
As it turned out, it was poor filtration, unreliable technology and bad management that were the problem more than the fakes themselves because there were actually only 2,700 fake tickets presented on the night. I do not doubt that many of these tickets were purchased in good faith and there are a great many devoted followers of the Reds who were taken for a ride by unscrupulous middlemen. Here is just one story of a group that lost some £19,000 after being scammed into paying good money for fake tickets, but there are undoubtedly many, many more.
This isn’t the Champion’s League final. This is Woking.
There is actually a fairly easy solution to this problem and it doesn't involve a giant database of who bought what ticket and who they sold it to and who they bought it from and who paid for it and all that. This is because event tickets are a very natural application for “Web3”.
Take Your Seats, Please
A ticket for a seat at the Champions League final is a non-fungible token (NFT). It is absolutely unique and there are no copies or clones allowed if the system is to work. I have absolutely no idea about how Champions League tickets are allocated at the moment but for the sake of discussion let us assume that some go to the clubs, some go to corporate sponsors and some go to various dignitaries. Each of these is allocated through multiple tiers of distribution until an actual ticket ends up in the hands of an actual fan.
Now imagine a decentralised alternative. The venue mints the NFTs for the event, and then sends these over to the wallets of the supporters clubs, sponsors and so on. Basically, that's it. That’s all they have to do.
Neither the stadium nor the clubs nor the police nor anybody else has to worry about counterfeit tickets in this alternative vision because they simply don’t exist in the NFT environment. The tickets can be bought and sold and transferred between wallets by means of DeFi protocols with no further central co-ordination required.
(You might argue that fans should not be allowed to sell their tickets: For the purposes of this article, I disagree.)
When a fan turns up at the stadium they either have the NFT for a seat on the night or they do not. End of. That NFT might be stored in a suitable wallet accessed via a smart phone or might be stored in a smart card or even some fancy device provided for the purpose or whatever, but the general point holds: The fan shows up at the gate and presents the NFT, the gate opens and friendly and helpful stewards direct them to their seat.
Well, not quite. As always, the complicated part is identity.
The stadium is private property and it is under no obligation to allow entry to one and all. It might, for example, require that fans with a Liverpool ticket belong to the official Liverpool Supporters Club. Why? Well, because some people are banned from stadiums. The moron who ran on to the pitch at the end of Manchester City's amazing victory over Aston Villa in order to harass the opposition goalkeeper was tracked down and banned for four years. In that case, even if he buys an NFT for a game at an English football stadium, he will be denied entry, because no fan club will issue the necessary verifiable credential (VC) that is needed to get into a ground, since in order to issue this credential they will have to scan the list of banned supporters.
(You can easily imagine that the fan club app on the phone will connect, say, once every week to obtain an IS-A-SUPPORTER credential that is valid for a week. No credential, no entry.)
Entry and Exit
The examples of the Champions League final and Manchester City’s EPL winning victory illustrate that point that the token (in the case, the event ticket) and the credentials of the ticket bearer are entirely different things that are implemented in entirely different ways. This is an interesting debate right now as fintech looks for sustainable new business models around the metaverse.
NFTs and VCs are often spoken of interchangeably because they uniquely identify entities in the digital world, but they are not the same thing at all. For one thing, a fundamental characteristic of an NFT is that it can be transferred: That's kind of the point of NFTs. I think there are real problems when these technologies are used for use cases for which they were not designed (and I am not the only one who thinks this!). NFTs are designed for recording the ownership of and transfer of value, as well as representing assets in digital form. VCs are fundamentally optimized for recording attributes relating to identity. This is why the suggestion for using non-transferable NFTs to manage reputations does not feel right to me.
(Put to one side the complexities of binding the real-world entity, such as a fan, to the private key that is associated with the public key that is bound to the relevant attributes to form the credentials. Just assume that it can be done and that the private key can be held somewhere that uses strong authentication to use it to encrypt or decrypt: a smartphone, for example.)
In a recently published paper “Decentralized Society: Finding Web3's Soul”, Flashbots' Puja Ohlhaver, Microsoft's Glen Weyl and Ethereum progenitor Vitalik Buterin outlined a kind of non-transferable NFT — which they call soulbound tokens" (SBTs) — that could be used as a sort of living, transparent and immutable curriculum vitae (CV). I have to say, their utility is not obvious because as Kate Sills pointed out, while in the paper the use case is attestation, tokens are a “terrible” design choice for that.
Apples and Oranges
Just to signpost where we are then: VCs are not transferable. VCs are a (privacy-enhancing, when used correctly) means to prove facts about an entity. NFTs are about demonstrating the rights of ownership, VCs are about demonstrating the reputation of owners.
(Having said this, as Trish Burgess points out, we should not underestimate the potential for NFTs in some limited use cases. As good as the technical standards for DIDs and VCs are, standards are meaningless without adoption, and the fact is that there are a lot of people out there with NFTs in their wallets.)
When it comes down to implementation though, I think the soccer examples illustrate the right way forward:, the event ticket is an NFT, the Liverpool Supporters Club membership is a verifiable credential. A practical system for speeding people through the gates of the Stade de France in the future must deal with both of these, so that when the fan presents their smartphone to a gate, the gate can request authentication of the ownership of the NFT and the VC at the same time and have both of them delivered in one tap.
The infrastructure is already coming together. An Android wallet capable of storing NFTs can use the Identity Credential Hardware Abstraction Layer (HAL) to deliver the requested verifiable credential and Apple already supports identity credentials such as drivers' licences in the USA.
There is no practical barrier to building a working infrastructure that deploys both NFTs and VCs to the greater good, but on balance I think that NFTs are best for tickets, VCs are best for fans.
Are you looking for:
A speaker/moderator for your online or in person event?
Written content or contribution for your publication?
A trusted advisor for your company’s board?
Some comment on the latest digital financial services news/media?