Design Principles of Ayra Network Credentials

Excerpted from The Special Network Effects of Ayra Network Credentials whitepaper.

The 7 Design Principles of Ayra Network Credentials

These design principles apply uniquely to Ayra Network Credentials.

#1: Global Interoperability

As figure 1 illustrates, the #1 design goal for Ayra Network Credentials is to provide the broadest possible utility across ecosystems recognized in the Ayra Trust Network—utility for their issuers, holders, and verifiers (aka relying parties).

This design goal has one inescapable consequence: Ayra Network Credentials must use an open standard credential format and exchange protocol that has the potential to be supported by any ecosystem within the Ayra Trust Network.

This is the purpose of Ayra Interoperability Profiles (AIPs) and the Ayra Conformance Test Suite (CTS): to make it easier to implement compatible technologies that can be tested and proven to work between ecosystems with the Ayra Trust Network.

#2: Global Governance

Global interoperability also requires that Ayra Network Credentials be governed at the Ayra Governance Framework level. This is in contrast to cluster-specific credentials or ecosystem-specific credentials which are governed at the cluster or ecosystem level.

Governance at the Ayra Governance Framework level means:

  • Each Ayra Network Credential will have its own credential governance framework that specifies both the technical requirements as well as the policies governing issuers and verifiers.

  • The governing body of a cluster or ecosystem that wishes to issue or accept Ayra Network Credentials must be certified to meet the requirements of those credential governance frameworks.

  • Those governing bodies must in turn certify the issuers and verifiers within their ecosystems against those requirements.

See the Introduction to Ayra paper for a list of the Ayra Projects that will be focused on producing credential governance frameworks for specific Ayra Network Credentials.

#3: Simplicity

As the most generic of digital credentials, the dominant design principle for Ayra Network Credentials is simplicity. In other words, they should have as few required claims (a.k.a. attributes or properties) as possible, and those claims should be for data that is universally required to achieve the credential’s purpose.

For example, a verifiable relationship credential (VRC) issued by an employer to an employee as proof of employment could have as little as two required claims:

  1. A unique cryptographically-verifiable identifier, such as a decentralized identifier (DID), pseudonymously identifying the employee in the context of the employer.

  2. A type claim with a value of “employee”.

All other claims could be optional.

#4: Extensibility

Precisely because each Ayra Network Credential should be as simple as possible, the Ayra Governance Framework should define a standard extension mechanism that applies to all of them (such as an array of name/value pairs). This design principle not only helps protect the core simplicity, but makes Ayra Network Credentials an ideal way to “start the conversation” between parties when they are forming a digital trust relationship for the first time.

Either party can request the appropriate Ayra Network Credential from the other. Then their respective software agents can inspect the extension to determine how best to proceed with progressive disclosure (described below).

This design pattern can be applied to credential definitions at any level of the Ayra Trust Network—network, cluster, or ecosystem. Furthermore, interoperability of extensions can be greatly enhanced using type catalogues into which members can register the extensions they need for semantic interoperability. This is a core purpose of the Ayra Type Catalogue.

#5: Privacy Preservation and Progressive Disclosure

One benefit of constraining Ayra Network Credentials to be as simple and lightweight as possible is that it can also maximize personal privacy preservation. By defaulting to disclosing the minimum personal data possible in order to start a trust relationship, Ayra Network Credentials encourage data minimization. For example, the verifiable relationship credential for an employee (described above) has only two claims.

Although the initial level of assurance provided by such a credential may be low, the fact that either party can prove they hold at least one Ayra Network Credential—and thus are a member of the Ayra Trust Network—can help establish at least a “toehold level of trust”. Even such a toehold exceeds the current state of the Internet—where, to quote the famous New Yorker cartoon, “No one knows you’re a dog.”

Once this first toehold is achieved, it becomes easier to proceed with progressive disclosure, i.e., for either party to request other cluster-specific or ecosystem-specific credentials as required to achieve the level of assurance needed in a specific context.

This could give a major lift to privacy on the Internet, especially compared to the vast amounts of personal data that relying parties must collect today to fight fraud and bad actors. It could also head off the potential threat that digital wallets could lead to a “papers please” Internet where every website asks for a copy of your mobile drivers license simply because it can.

#6: “Minimum Viable Friction” for Acceptance

Another design objective of Ayra Network Credentials is to make them as easy and fast as possible for relying parties to accept. This goes directly to the cold start problem (aka chicken-and-egg problem) that all digital credentials face: issuers won’t decide to issue until there is enough relying party demand, and relying parties won’t demand until there is enough issuer supply.

Ayra Network Credentials are specifically designed to break this bottleneck by providing a set of very simple credentials that: a) have at least some immediate value to relying parties, and b) require the minimum friction to accept (including support for peer-to-peer issuance and verification of verifiable relationship credentials). As a general rule, this means there will be no charge for accepting an Ayra Network Credential.

This principle also avoids the gnarly question of how relying parties can compensate issuers for credential verification without “phoning home” to the issuer (a privacy anti-pattern the decentralized digital identity community desperately wants to avoid).

This does not mean verification of higher assurance Ayra Network Credentials (or other cluster-specific or ecosystem-specific credentials) will be free. Successful business models for digital credentials are still evolving. One important longer-term goal of the Ayra Association is to develop and implement a privacy-preserving credential payment protocol that can be used across any ecosystem or cluster in the Ayra Trust Network.

#7: Designed as a Family

To paraphrase John Donne, at the Ayra Network Credential level, “no credential is an island”. This is especially true of Ayra Network Credentials because they need to be explicitly designed to work together as explained in the next section.

PreviousAyra Card - The Main IdeaNextSpecial Network Effects of Ayra Network Credentials

Last updated