Case study: Verifiable
Verifying credentials in healthcare can take days or even weeks. Processes are plagued with inefficiencies due to paper-based licenses and certificates, coupled with manual verification processes and gatekeepers. The healthcare industry and traditional credentialing processes have been long overdue for change and Verifiable is the company enabling this transformation.
Verifiable has created an ecosystem of credential issuers, employers and individuals and provides a platform to streamline credential issuing, verification and monitoring. With the use of verifiable credentials and blockchain, Verifiable’s issuing product enables issuers to create digital verifiable credentials and a mobile app for individuals to store, share and instantly verify in real-time. Employers utilize the platform to instantly verify and continuously monitor credential status to ensure compliance on a daily basis and avoid large regulatory fines.
Through the use of blockchain, Verifiable transforms the entire healthcare employment and compliance ecosystem.
The inefficiencies of existing blockchain solutions
Rather than reinventing the wheel, Verifiable initially started working with existing standard Blockcerts coupled with the Ethereum blockchain to build their credentialing solution. However, the Verifiable team found a number of gaps in these toolsets that made them challenging and inefficient to work with.
For example, use of the Ethereum blockchain has become increasingly expensive and slower as it became congested as it’s popularity outpaced its ability to scale. This problem was compounded by the Ethereum client only able to process transactions sequentially .i.e. they are processed one at a time and in order.
Within Blockcerts, the verification processor checks the transaction signing keys against the contents of a JSON issuer profile hosted on a web server. This requires the issuer to set up a webserver to host the profile with a URL that is guaranteed not to change and if it did the credentials issued referencing this profile would not pass verification.
Having the issuer host their own profile and revocation list also leads to a fragile revocation process. In this environment, should an issuer require to revoke a credential they would simply be required to add a credential ID to the revocation list JSON file. In both cases, the webserver is a single point of weakness. More robust solutions would require issuers to utilise more secure cryptographic methods in using their private key to revoke credentials.
"We found existing solutions to be very limiting. With many different and often niche standards running alongside multiple different protocols and toolkits the process was both daunting and cumbersome. Dock solves these issues with a streamlined toolkit; out of the box advanced features and much greater scalability and fee control. Implementation time is a fraction of what it was.”
Partnership with Dock
In contrast with Blockcerts, The Dock Network enables issuers to create decentralized identities (DIDs) and on-chain revocation. This removes the responsibility and administration of managing their off-chain identities away from the issuer and places it on the entire Dock Network which runs on multiple nodes. The issuing entity need not even exist anymore, yet their credentials would live on and be cryptographically verifiable for as long as the Dock Blockchain exists.
Dock is built on Substrate, a framework that provides much more flexibility for customizable blockchain solutions. Substrate’s modular approach ensures that Dock can adapt and iterate solutions more quickly for partners like Verifiable.
Dock’s focus on incorporating well-recognized standards, such as the leading web standards organization the W3C’s Verifiable Credentials Data Model
(VCDM) into the Dock Network ensures that the solution is building upon the shoulders of those with domain expertise while providing maximum interoperability for users of Dock. VCDM also enables features such as bundling several credentials into a single Verifiable Presentation, and the use of privacy-preserving options like Zero-Knowledge Proofs facilitating the credential recipient to prove certain things, such as their age, without revealing anything else about themselves.