App-node Trust

[shakreiner]

Hello,

I recently started learning about ION and its potential, and I have a question:

Talking about the current beta of Azure Verifiable Credentials, in the sample verifier app code I saw, the app relies on a Microsoft-owned service (an ION node) to resolve the issuer’s identity for it.
Doesn’t that contradict the whole decentralized principle? I’m fairly new to decentralized solutions, but I understand that in Bitcoin itself you can also have this problem, where if you don’t run a Bitcoin node yourself, you can’t really fully trust the information you get from other nodes/services.

I’m interested in your take on that; do you expect every app that uses ION to run its own node? Will you perhaps add an option to perform a DID resolution using multiple nodes and compare the responses?

I’d appreciate any input.

Thanks!

[thehenrytsai]

Sorry for not seeing this until now! For what it's worth:

Your observation is totally valid. My take is that it is fine for Microsoft to use its own ION node as default for services they provide, as long as they provides an option for their customers to override the resolution point. If they don't provide this feature and enough customers complain, they will most likely add it. I think it is more of a feature prioritization issue more than anything else.

I personally don't expect every app to run their own ION node, but the key is that they get to decide for themselves!