SSI Business Models and Go-to-Market
What are some limitations and opportunities for making profitable business in self-sovereign identity?
This is second part of the 2-part series covering self-sovereign identity technology and business models around it. First part is available here.
This article is an overview of the business models for products that are enabled by the decentralized identity and verifiable credentials. We will cover differences between centralized versus decentralized business models, value creation and value accrual mechanisms and some of the specific monetization models.
There’s been a lot of progress made during last couple of years. We already see the largest governments, corporations and institutions launching products and pilots using SSI tech: US DHS, Canada, EU Commission, Europass, Korea, World Bank, World Economic Forum, MIT, Harvard, UC Berkeley, UK NHS, Singapore ICA, Finland, IBM, Microsoft, SAP, Oracle and hundreds more.
However, growth rate, especially on the end user applications side, is still not as significant as it could be if we’re talking about technology that’s aimed at billions of users. My hypothesis is that it’s largely business model and monetization problem as there’s no lack of research, great ideas and talented developers in the space, but business incentives are not as clear as in some of the more established technology business verticals.
Why are SSI business models different?
Historic development of online businesses was tightly associated with selling user data, traffic or ads. Marc Andreessen notes that this is not due to some intrinsic superiority of such models — but rather just due to the fact that there was no secure and reliable online payment method during the first 10–15 years of the internet era.
Reasons why some of the traditional business models don’t work for SSI:
- You can’t sell any data you want. In SSI user credentials, identity information, documents and data does not belong to the platform — it does not even belong to issuers and verifiers. You need to make sure to ask user permission to share any data with the verifier and doing this without user consent would be against some of SSI principles.
- Because of (1) you can’t sell ads Online ads has become the largest online business model but today it mostly depends on the quality and quantity of user data owned by the platforms. Google, Facebook and Twitter advertising revenue influenced by accuracy of user profiles and targeting algorithms. In an ideal SSI world this just shouldn’t be possible.
- Hard to do matching or two-sided markets Even though many SSI applications generate valuable data that allows matching or creation of various marketplaces (e.g. job marketplace where employers are interested in provable VC-based diploma of the candidate), this might become tricky due to the requirement of getting user consent to share data with another party. This is not impossible to do, but from a business perspective such a marketplace will be inferior to the traditional ones due to the requirement of having extra steps.
- Ideally, you don’t want to charge issuers Since the industry is still in its very early days, as an SSI company you don’t want to slow down the adoption. Charging issuers or verifiers just for some of the SSI operations (DID doc creation, VC signing, verification) will reduce supply and demand for data and therefore slowing down the adoption.
- You shouldn’t charge for every single interaction between SSI players Same argument as in (4) applies for just arbitrary interactions. Ideally, you should be able to distinguish SSI operations and transactions that are valuable for users and only charge for those.
Now, in order to pose some business model hypotheses let’s define possible value flows in typical SSI ecosystem. I tried to outline value flows of the possible SSI systems in the picture below.
Let’s dig a little bit deeper into these and come up with a few concrete examples. Basic assumption is that the party that gets most value from using SSI system or application has most incentives to actually pay for the service. In this part we won’t consider specific business model but I will cover some interesting SSI-specific monetization models later.
How do we make money with it?
To identify potential go-to-market strategies and business models let’s start with taking a closer look at value generated by different SSI applications.
Value accrues to Issuer
I consider this the most typical value transfer example. SSI applications must optimize or enable the core business of the issuer so that they get the most value and therefore pay for the service.
An example of this would be government agencies, certification laboratories or training centers. Commonality between those is that they get paid for the credentials they issue, therefore reducing the cost and increasing desirability for their end customer is a very attractive value proposition of the SSI application.
Value accrues to Holder
In this another example holder is the one who gets most value from the system. Maybe they don’t necessarily get paid while holding the credentials or digital identities but this opens up some additional opportunities. Good example would be notarization service: customers are already used to paying for this service and would happily switch to a new solution which is cheaper, faster or just easier due to its digital nature. Another but very similar example would be various self-issued credentials such as VC-wrapped scans and PDF documents. Sometimes what’s holder is really interested in is not the process of creating or receiving credentials but having decentralized, data rich and portable identity.
Value accrues to Verifier
Verifiers benefit from the SSI system when cost and speed of validating information about the holder is an essential part of their business. You can think of a financial organization’s KYC process or e-commerce onboarding process. SSI allows these businesses to get provable and actionable information about their customers in a faster and more secure manner.
Value accrues to the Network
In pretty much every case where SSI is used instead of a centralized solution there’s also a network itself that benefits from the usage. We can think about accelerated network effects that will become more and more prominent once critical mass of issuers and verifiers are connected together. In this case the cost of running the SSI applications can be subsidized by the network maintainer or network owner — government or large corporation. You can think of Amazon running an SSI-enabled network among buyers and sellers to preserve customer privacy.
How do we get there?
It is very easy to fall in love with the end vision of SSI: the world where all my data and credentials are digital machine-readable yet semantically meaningful; where any type of information about myself is controlled exclusively by me and accessible with just one tap; where there’s no vendor lock-in and no paper required to store piece of data about yourself.
However, in reality such shifts never happen instantly. In fact, a lot of failure by SSI companies can be attributed to a desire to jump over some of the existing pressing problems into this new sexy world. Currently, the world generates over 10 trillion paper documents each year and the majority of bureaucracy processes are not digitized or are digitized very poorly.
In the diagram above I’m trying to show the four distinct levels of SSI technology in terms of value proposition: we start from the most basic one which is digitization of data, credentials and attestations and then move up the stack to get to the fully interconnected and interoperable system where one not only stores digital documents but also keep digital persistent lifelong reputation as a foundation for trust.
Getting from bottom level to the top ones is not only important in terms of value that can be realized but also in terms of adoption speed. The higher you move up this functional stack of SSI technology the bigger network effects you begin to see. The go-to-market dilemma of SSI can be articulated as balance between providing immediate value to customers today (levels 1–2) and building a long-term solution with accelerated growth through network effects but no easy way to make it useful for first customers right away.
The diagram below illustrates a few sample go-to-market strategies that are being used by SSI companies.
Important thing to note here is that creating an ecosystem is hard. Even to enable a very simple use case like KYC you already need a lot of users with their wallets full of credentials. Therefore, most of the companies focus on direct offering as their go-to-market approach, leaving the opportunity to evolve it into the ecosystem.
It might be quite easy to start with a two- or three- sided marketplace but for this owner of the system must be someone who can impose identity rules onto a group (i.e. government).
What new business models can be enabled by SSI?
Now let’s consider some SSI-specific business models that can support value transfer described above.
Transaction & operation fee
This is one of the most common ways to price SSI solutions through fixed fee for each issue / verify / store operation (similar to Trinsic’s DIDComms pricing model).
Metadata usage fee
Even though charging for user data is not possible or least not compliant with SSI principles, there’s still some missing metadata that can be valuable for holder and verifiers. Examples of such information include:
- Verifiable Credentials schemas
- Issuer registry
- Issuer reputation
- DID anchoring
This model allows to preserve privacy principles but in the same time provide value to issuers, holders and verifiers by helping to navigate open ecosystem of applications and participants.
It’s important to keep in mind that business model influences long-term product development. Thus, if the goal is build decentralized system we need to explore business models that incentivize decentralization. This means thinking carefully about motivations and goals of every segment of ecosystem participants and then coming up with pricing that enables network to accrue value rather than just one owner or beneficiary company.
Good examples of such decentralized economy approaches are different blockchain projects. This does not mean that SSI network participants have to necessarily use cryptocurrency, although this might be a good decision for some of the more technologically advanced verticals.
PKI verification (Issuer registry)
One big problem that exists today and will also exist in SSI systems is matching real world entities with their public keys.
Centralized model is Docusign/Digicert, some of the more decentralized approaches involves tokenomics similar to https://handshake.org (token-based decentralized domain name system, DNS).