David Birch has been at Identiverse, Denver this week, he will be on stage in the Aurora Ballroom tomorrow speaking about Identity and the Metaverse!
David wrote an article about this exact topic after the chaos at the recent Champion’s League Final: The Identity League Final: NFTs Vs. VCs…
The Champions League, Non-Fungible Tickets and Verifiable Fans.
The chaotic scenes at the Champions League final (seen by many as the biggest game in world soccer) at the Stade de France in Paris were caused, according to the relevant authorities, by large numbers of Liverpool FC fans trying to gain access to the venue with counterfeit tickets. I do not doubt that many of these tickets were purchased in good faith and there are a great many devoted followers of the Reds who were taken for a ride by unscrupulous middlemen. Here is just one story of a group that lost some £19,000 after being scammed into paying good money for fake tickets, but there are undoubtedly many more.
There is actually a fairly easy solution to this problem and it doesn’t involve a giant database of who bought what ticket and who they sold it to and who they bought it from and who paid for it and all that.
Event tickets are a very natural application for “Web3”. A ticket for a seat at the Champions League final is a non-fungible token (NFT). It is absolutely unique and there are no copies or clones allowed if the system is to work. I have absolutely no idea about how Champions League tickets are allocated at the moment but for the sake of discussion let us assume that some go to the clubs, some go to corporate sponsors and some go to various dignitaries. Each of these is allocated through multiple tiers of distribution until an actual ticket ends up in the hands of an actual fan.
Now imagine a decentralised alternative. The venue mints the NFTs for the event, and then sends these over to the wallets of the supporters clubs, sponsors and so on. Basically, that’s it. Neither the stadium nor the clubs nor the police nor anybody else has to worry about counterfeit tickets in this example because they simply don’t exist in the NFT environment. The tickets can be bought and sold and transferred between wallets according to “defi” protocols with no central co-ordination required.
(You might argue that fans should not be allowed to sell their tickets: For the purposes of this article, I disagree.)
When a fan turns up at the stadium they either have the NFT for a seat on the night or they do not. End of. That NFT might be stored in a suitable wallet accessed via a smart phone or might be stored in a smart card or even some fancy device provided for the purpose or whatever, but the general point holds: The fan shows up at the gate and presents the NFT, the gate opens and friendly and helpful stewards direct them to their seat.
Well, not quite.
Entry and Exit
The stadium is private property and it is under no obligation to allow entry to one and all. It might, for example, require that fans with a Liverpool ticket belong to the official Liverpool Supporters Club. Why? Well, because some people are banned from stadiums. The moron who ran on to the pitch at the end of Manchester City’s amazing victory over Aston Villa in order to assault the opposition goalkeeper will be tracked down and banned for life. In that case, even if he buys an NFT for a game at an English football stadium, he should be denied entry, because no fan club will issue a necessary verifiable credential (VC) that is needed to get into a ground.
(You can easily imagine that the fan club app on the phone will connect, say, once every week to obtain an IS-A-SUPPORTER credential that is valid for a week.)
The ownership of the ticket and the identity of the owner (or, at least, the owner’s authorisation to enter the stadium) must both be established and the problems around this important soccer match, and their potential solutions, are interesting to me because they illustrate very well the point that the token (in this case, the event ticket) and the credentials of the ticket bearer are entirely different things that are implemented in entirely different ways.
This is an interesting debate right now as fintech looks for sustainable new business models around the metaverse, business models that need an identity infrastructure built for the new environment.
NFTs and VCs are often spoken of interchangeably, but they are not the same thing at all. For one thing, a fundamental characteristic of an NFT is that it can be transferred: That’s kind of the point of NFTs. I think there are real problems when these technologies are used for use cases for which they were not designed (and I am not the only one who thinks this!). NFTs are designed for recording the ownership of and transfer of value, as well as representing assets in digital form. VCs are fundamentally optimized for recording attributes relating to identity. This is why the suggestion for using non-transferable NFTs to manage reputations does not feel right to me.
In a recently published paper “Decentralized Society: Finding Web3’s Soul”, Flashbots’ Puja Ohlhaver, Microsoft’sMSFT Glen Weyl and Ethereum’s progenitor Vitalik Buterin outlined a kind of non-transferable NFT — which they call “soulbound tokens” (SBTs) — that could be used as a sort of living, transparent and immutable curriculum vitae (CV). I have to say, their utility is not obvious because as Kate Sills pointed out, while in the paper the use case is attestation, tokens are a “terrible” design choice for that. Token are designed to be traded, after all.
Apples and Oranges
Just to signpost where we are then: NFTs are transferable, they are property. VCs are not transferable, they are a (privacy-enhancing, when used correctly) means to prove facts about an entity. NFTs are about demonstrating the rights of ownership, VCs are about demonstrating the reputation of owners. Oh, and Real Madrid won in the final.
When it comes down to implementation, using the example of the Champions League final to illustrate the point, the event ticket is an NFT, the Liverpool Supporters Club membership is a verifiable credential. A practical system for speeding people through the gates of the Stade de France in the future must deal with both of these, so that when the fan presents their smartphone to a gate, the gate can request authentication of the ownership of the NFT and presentation of the necessary VC at the same time and have both of them delivered in one tap.
The infrastructure is already coming together. An Android wallet capable of storing NFTs can use the Identity Credential Hardware Abstraction Layer (HAL) to deliver the requested verifiable credential and Apple already supports identity credentials such as drivers’ licences in the USA.
There is no practical barrier to building a working infrastructure that deploys both NFTs and VCs in their optimal roles for the greater good and the sooner we get started on it the better.