A Simple Ecosystem Model

Tim Bouma
2 min readSep 18, 2020

Disclaimer: This is posted by me and does not represent the position of my employer or the working groups of which I am a member.

In my never-ending quest to come up with super-simple models I came up with this diagram. This post is a slight editorial refactoring of my recent Twitter thread found here.

A simple ecosystem model

The above illustration is not intended to be an architectural diagram — rather, it helps to 1) clarify conflations, 2) help define scope (the dotted box) and 3) understand motivations — of the parties that exist ‘outside of the system’

For example, ‘Issuer” usually gets conflated with ‘Authority’ — an authority merely ‘Attests’ — if you recognize it, then you can assume it is authoritative.

Anyone can attest to anything and issue something. The point of this model is that everything inside the box is neutral to that and solely focused on specific properties everyone needs regardless of intent or role.

The “Verifier” usually gets conflated with Relying Party. But a Verifier could be an off-the-shelf black box with the firmware baked in to verify against the right DIDs, challenging the holder with Bluetooth or NFC. The “Acceptor” could be logic that simply throws a switch to open a secure door. All done on behalf of a Relying Party.

The Holder can be anyone outside the system. An individual, organization or device, that is the ultimate ‘holder’ of secrets or cryptographic keys that is the basis of their power to convey intention.

Finally, the Registrar, is anyone or anything that is responsible for integrity of the ledger (doesn’t have to be blockchain). This ledger is responsible for two fundamental interactions: validation and transfer. In the case of a permissionless system, the ‘Registrar’ is actually an agreed-on set of rules, and proven (or not yet disproven) cryptographic primitives. For permissioned, or centralized systems, it could be a group of people, or even a single person in the back room with an Excel spreadsheet (not blockchain).

As for the dotted box — you need to determine who/what sits inside or outside of the box. For many outside the box, they may only care about a black box that they trust. This dotted box is also useful when you start thinking about the non-functional properties of the system — black or grey, should it be permissioned, permissionless, restricted access, globally available?

In the end, what I am trying to achieve is the expression of a simple conceptual model to help me express what could serve the wide range of use cases e.g.: opening a door, applying for university, letting someone across the border, etc. The model could also be used to express simply what we need to start building as a new digital infrastructure.

As always, this is a work-in-progress. Constructive comments welcome.



Tim Bouma

Based in Ottawa. Does identity stuff. My tweets are my opinion but they can be yours too!