SSI and Guardianship - A practical Experiment (2/3); September 2021
To accommodate guardianship needs in the context of online business transactions, the use of a guardianship verifiable credential is suggested. In the previous blog, we mentioned a recently released whitepaper that proposes a new kind of credential that, contrary to traditional credentials, is designed to accommodate transactions under a guardianship arrangement. In this blog, we report on our findings regarding its practicality. In the next blog we will elaborate on the consequences we think our findings should have.
Recall that the whitepaper proposes a novel kind of credential type, that is one in which not a person is the subject of a credential, but the actual guardianship. The guardianship credential specifies roles (such as 'child', 'dependent', or 'judge', 'parent', 'guardian', etc.), rights and duties (assigned to roles), and 'stakeholders', that are individuals or organizations that fulfill one or more of these roles in the guardianship.
Figure 1 Proposed Guardianship Credential
In Figure 1 of a guardianship credential is presented. For more information on syntax and semantics, we refer to the whitepaper.
During the Techruption Guardianship use case, TNO, KNB and Rabobank worked together to look into the different guardianship types that exist in the Netherlands, and the implications for organizations of accepting guardianship arrangements. Moreover, the practical usefulness of a guardianship credential was investigated. To do so, we decided to choose one out of the very many kinds of guardianship arrangements that are out there and see what a credential would look like, then select a practical use-case in which the credential could be applied, try to make it work, and see what happens.
We decided to choose a legal kind of guardianship in which a person that is not capable of managing their own finances gets a guardian appointed to do this for them. The roles here are 'dependent', 'guardian', and 'judge', where the latter has the duty of supervising the guardian, to ensure the guardian does not disadvantage the dependent. To determine whether the construction of a guardianship credential for such cases is feasible, tens of court cases were reviewed, and it was concluded that the court orders for the appointment of guardians appear to be a good basis for creating guardianship credentials as proposed by the whitepaper. In fact, judges already enter their verdicts in a system that third parties can query to see whether someone is 'under guardianship', and such a system could readily be extended to also provide the proposed credentials.
We also chose a second type of guardianship arrangement, in which a deceased person is the dependent and one or more others, called 'burial-executor', 'inheritance-executor' in The Netherlands, are the guardians that take care of the affairs of the deceased. A guardianship credential would thus contain 'deceased' as the dependent role, and 'burial-executor', 'inheritance-executor' and some others as guardian roles. The burial executor gets the right to organize the burial and pay for this from the checking account of the deceased. The inheritance executor gets full rights to all bank accounts as well as various other rights, and the duty to divide the legacy amongst the legitimate heirs. Creating a credential that satifies these requirements is more difficult than the first one, but still should not be a problem since the rights and duties have a solid legal basis.
As a practical use-case, we selected the case where a guardian needs to access a bank-account of the dependent, because it so happens that TNO has an SSI banking demo in its SSI-Lab that should be easy to adapt. It turns out that making the technical adaptations is indeed relatively easy, but that does not mean the guardianship credentials are also practically useful. Where with traditional credentials it is easy to find out for the banking application who the 'user' is (for example, credentials used to login into an account) and interpret credentials as being associated to this user. However, in a guardianship credential you need to go investigate the credential: who is the user, which (guardian)role it plays, whether the dependent has bank accounts with the bank, and finally what rights/duties the user has regarding these bank accounts. This means that the bank needs to verify more than only checking the ‘user’.
Of course, with a bit of additional coding, this can be solved, but this also means that any time changes are made in the syntax and/or semantics of such a credential type (e.g., because of laws that change, the nature of rights/duties change, etc.,), the code will also need to change. And note that this should happen not only in the bank application that supports financial transactions, but in every bank application that has to deal with such guardianship. And considering this for a bit longer, it seems reasonable to assume that also other organizations would have to do all this.
Our verdict: while guardianship credentials as proposed in the Sovrin whitepaper can be constructed relatively easily, there are concerns about their applicability in practice, because they require too much fine-tuning depending on the exact context, law and regulation, etc.
So then, is this the end of guardianship credentials as suggested in the whitepaper? We think so, unless of course there are other purposes/applications in which they can serve some role. In our next blog, we will provide our thoughts on improving the applicability, and about what we think might help organizations (banks and others) to transform their IT such that all their applications may use credentials and other SSI technologies to reduce the amount of work required to accommodate the wealth of (legal) guardianships that they are (legally) obliged to facilitate.
Sterre den Breeijen, Rieks Joosten, Peter Langenkamp (TNO) Leon Roseleur (KNB)
This blog is the second in a series of three blogs about SSI and guardianship.