June 6, 2023

Verifiable credentials continue to be a hot topic in the digital identity space as a way to save verified attributes in a re-usable credential format to build scalable, transparent trust networks. Verification of employment seems an excellent example to test - relatively low effort and low risk for all parties involved - and I was excited to get the LinkedIn Verified Employee implementation up and running now that I had my Verified Employee VC in my Microsoft Authenticator Wallet!

This is a pilot, and setup is a manual process of mailing manifest links and info, which is to be expected. It would be interesting to see a self-service model in the future, but of course, then you'll start diving into the complexity of who is authorized to set up technically and approve that kind of trust for a LinkedIn entity and this is not the place to start down that rabbit hole- but maybe GLIEF will one day solve our legal entity and organizational relationship problems!

Once I got the green light, I was ready with my VC in my wallet and LinkedIn app and then spent some time hunting around for how to actually use it within the app! But once I found it on the Profile page (Under the "(...) button" > "About this Profile" > "Verifications"), I kicked off the verification process and realized it never actually needed my VC from the wallet! The current implementation uses the Verified ID Issuer I set up to issue another "invisible" VC to a wallet within the LinkedIn app after I authenticated with my Azure AD employee identity.  

So in the end, though I verified my identity and employment status through the new protocols, it really felt like I just did an SSO. The setup required exchange of metadata/manifest well-known endpoint, to share my attributes from the issuer I had to log into the Issuer at the moment to authorize the exchange, and at the end of the interaction I didn't actually have a record of the event or the exact data exchanged between the issuer and the verifier. Note though, Microsoft acknowledges some of the limitations here and mentions that in the future, the solution will be able to "use Microsoft authenticator or any compatible custom wallet to verify employment "*

It's a work in progress, and I am grateful to have been able to experiment with the technology and participate in the pilot. I am still enthusiastic and interested in exploring and promoting work in with Verifiable Credentials, but I do think this highlights some questions I want to work on:

• How do we get the basic tools in place so that real users can request and hold VCs?

• How do VCs fit with existing, mature IAM solutions?

• What is the true value proposition over existing SSO networks?