What kind of identity which is inside the credential is appropriate?

Hello. I’m Shun in Tokyo.

I’m very interested in Blockcerts and I am seriously planning to use Blockcerts in my project.
I would be happy if you could tell me your opinion about this topic.

The topic is what kind of identity is appropriate.
An identity is input through cert-tools roster. Finally a signed credential includes it.

In my opinion:

  1. I think we could use a facial photo image which is base64-encoded.
  2. I think we could use some documents certified by trusted third party. (e.g. passport number)
    But these documents expire someday so I think we have to expire credentials on the same day as they expire.
  3. I don’t think we could use an email address because it is not permanent and is easy to relocate to another person.

Privacy protection:

  • You know, there is no credentials on blockchain but those hashed values. Personally, I think credentials have to be protected for recipients’ privacy. It might cost verifiers to properly deal and store credentials.

Premise:

  1. Signed credential includes a recipient’s identity. If recipient updates the identity in the credential, verification for the signed credential will be fail.
  2. Without recipient’s identity, verifier cannot judge if received credential is truly owned by the recipient. I mean, the recipient might have a credential of third person which has been signed in the correct way. It will be verified correctly but it is not his own credential. So that verifiers have to KYC all recipients using identities inside the credentials.

What do you think?

I think Blockcerts is the most valuable product to support credentials on blockchain.
I look forward to hearing from you. Thanks.