All the high level descriptions of Atala Prism that I can find make it seem like a textbook PKI (public key infrastructure) using the Cardano blockchain for storing public keys and certificates. It seems you could get similar results if the credential issuers stored the credentials on a public website instead. I'm trying to understand what benefits the blockchain provides in this system. I can think of a few:
Timestamping: the blockchains allows you to check when identities/credentials were issued without trusting the issuer. But you still have to trust the issuer that they issued every other aspect of the credential correctly/honestly anyway.
Revocation: the blockchain gives you a more robust revocation system than deployed technologies like certificate revocation lists, oscp etc.
It's not using X509: At least I assume it's not. X509 is the worst.
Replication: if you have a Cardano full node you don't need to do any online queries to check credentials. You still need internet access to run a full node of course but a local node should give better latency for queries.
All of these things seem worthwhile but none of them would be deal breakers for running a system that does what Atala Prism does without a blockchain. Can anyone who knows more tell me if I'm missing something more important?