How important is attestation?

In 2018 and largely in 2019, I viewed the attestation and cheque scheme important (but not urgent). Such a view comes after various blockchain experimentation in business. (At least in Australia I'm confident that I witnessed more experiments from a blockchain architect role than anyone else.) My (validated) premises were: it's impractical to ask the business process to be carried out on the public blockchain using Ethereum transactions thanks to the bandwidth, the nature of business and the publicity it resulted in. If businesses are not in, blockchain isn't doing what it is useful at - reducing market friction and allow cross-business-boundary integration.

Take, for example, airline tickets. It will be a long long way to go for (normal) airline ticket purchase to be done in cryptocurrency, or through blockchain transaction; but it is already possible for them to issue tickets as attestation and integrate all passenger related services with that, for example, in applying for a VISA, buying a connection flight and boarding the plane. (The ticket holder can prove ownership through cryptographic challenges, doing away the questionable PDF scans.) Unallocated tickets can also be traded on the market and filled by the most capable tourism agent or corporate buyers, reducing market friction. These tickets can be merely attested instead of minted and can have business data hidden in schemes such as Pedersen Commitments. All these can be done before the public uses crypto money.

But I did not believe any business will be using attestation in 2018 - it would be too early. I felt some should start experimenting this in 2019, which didn't happen. We would have been the first to use attestations to do something real in 2019, which again didn't happen (UEFA project cancellation). 2020 is coming to an end, will any business take this up in 2021?

If attestations are to be used by common business, a schema-based approach must be possible. People can't be relied upon to invent their own structured data and secure it (not to mention extending it later which is inevitable). Instead, they should be able to just define it and use it, much like a WordPress website where you defines header, navigation bar and fill content. But there is much work to do to make it work like that.

I agree with this. It is not an easy task to get people to adopt attestations. However, I do believe we are going the right direction in basing it on something that is already known and supported, that is X509. I believe that the approach we are using for the Cheque protocol is a good one in the sense that it is hiding the identifier being attested to while still be highly compatible with the standard idea of X509 certificates. Of course there is still the issue that every time an attestation is used on the blockchain it will be on display for all to see, so even if the identifier (in this case mail) of its holder is hidden, it is still possible to deduce a lot of information based on the patterns of usage. Could this perhaps be something holding business back from using attestations?

If so, maybe it should be investigated how to avoid leaking such "reuse" information? It can technically be done using Zero-Knowledge proofs, but rather inefficiently. If we are willing to move away from common approaches (signatures and X509) we could use Privacy Attribute Based Credentials (pABCs) which allows exactly that. However, they never really caught on either. Probably because they use non-standard crypto and requires secure storage on the user-side. However, new crypto and storage of secrets has not swayed blockchain users, so that might actually be something to consider in this domain?

For this I again think that the X509-based idea is the right one, since this intrinsically supports extensions, both in its schema and through linking to other attestations using the notion of certificate chaining. Both things that translate directly to our attestation definition.