i have migrated production systems off "open standard" platforms before and honestly that experience changes how you read documentation forever 😂
every platform that ever trapped a customer used open standards. the data was portable. the format was documented. the API was standard. and yet leaving cost two years and a complete rebuild
that memory is why i kept stopping on a specific phrase in the SIGN docs. they describe open standards as the mechanism that prevents vendor lock-in. W3C Verifiable Credentials
ISO 20022
OIDC4VCI
the argument is that because SIGN uses these standards, governments are not locked in.
And technically that is true
spent the past two days sitting with what technically true actually means here.
open standards guarantee one thing. data format interoperability. a W3C Verifiable Credential issued on SIGN can be read by any system that implements the W3C standard
the credential itself is portable
what stops me is everything else
take a government that has deployed SIGN for three years. national identity system. CBDC infrastructure. benefit distribution. they have issued millions of credentials. their verifiers - every bank, every border control system, every service provider - is integrated with SignScan. their citizens have wallets that point to Sign Protocol attestation registries
their government agencies know how to issue credentials through the SDP.
now they want to migrate to a different provider.
the credential format is portable. every credential they ever issued can technically be read by another system. thats what open standards give them.
but here is what open standards dont give them.
they dont migrate the operational knowledge their teams built over three years. they dont migrate the verifier integrations. every bank that plugged into SignScan has to re-integrate with the new provider. every border control system
every agency portal
that is not a data migration
that is a complete ecosystem rebuild
actually let me push on this further because the attestation history problem is the one that gets me most.
attestations issued on Sign Protocol live on specific chains, indexed by SignScan, queryable through Sign Protocol's infrastructure. a credential issued three years ago on Ethereum through Sign Protocol - when the government migrates, who maintains the Sign Protocol indexing layer that makes that old credential verifiable? the new provider runs different infrastructure
the old attestations point to Sign Protocol schemas and registries
portable format
not portable verification infrastructure
a citizen who got their identity credential three years ago and never renewed it - their credential is in W3C format, perfectly interoperable on paper. but the trust registry it points to is still Sign Protocol's. the schema it references is still Sign Protocol's. the verifier checking it still needs Sign Protocol's infrastructure to resolve it.
open standards made the credential readable. they did not make the verification chain portable.
the SIGN docs say the open stack ensures governments can evolve without locking policy into one vendor. i keep coming back to that line. because the policy is not what gets locked. the ecosystem is. and ecosystem lock-in does not show up in a credential format spec.
i genuinely think the open standards choice is right. it is the correct architectural decision. using proprietary formats would be significantly worse.
But open standards are a necessary condition for portability. not a sufficient one. and the documentation presents them as sufficient.
honestly dont know if open standards genuinely protect sovereign governments from infrastructure dependency or just lower the theoretical switching cost while leaving the practical switching cost exactly as high as it always was?? 🤔
#SignDigitalSovereignInfra @SignOfficial $SIGN
