Your Identity, Your Control: The Power of DIDs in the Decentralized Era

Your Identity, Your Control: The Power of DIDs in the Decentralized Era

SPEAKERS

Nadja Bester, AdLunam Inc Co-founder

Phillip Shoemaker, CEO/Executive Director of Identity.com

Mike Schwartz, Founder / CEO of Gluu

Markus Sabadello, Founder of Danube Tech

Nadja Bester: 04:55

And then, Philip, I see you are speaking, but I can't hear you, so I hope. I'm not the one having tech issues. Okay, great. I got a sign of life that I can be heard and I can hear you as well. Welcome, happy to have you here.

Phillip: 05:08

Happy to be here. Hey, thanks for having me awesome.

Nadja Bester: 05:12

And then Mike, let's see if we can hear you as well. Welcome,

Mike: 05:16

yeah, hi, Lauren, or is that Nadja? All right, awesome, perfect.

Nadja Bester: 05:19

So I think we're still waiting for one guest, but in the meantime, I'm gonna kick us off by doing the intro, and then we can get into the well, meat and bones of the conversation that I'm very happy and excited about. So 3,2,1, hey web3 world. This is Nadja Bester, co-founder of web3 investment system, Adlunam Inc. and welcome back to another episode of the Future of NFTs, where we dive deep each week into what the digital and hopefully the decentralized future holds for everything from NFTs to whether we'll all be cyborgs one day, I'm hearing Philip, if you're able to unmute, to mute yourself for just a little while, I'm hearing a little bit of background disturbance. I think it's from your account. Thank you. So very quick announcement before we get started with today's incredibly interesting topic. If you're in Tokyo this week, AdLunam’s media arm, Altcoin Observer is a media partner at WebX Asia, happening 28th and 29th August. I think that's tomorrow. So come say hello, and now on to today's very, very excited. I mean, I'm very excited for this very, I think, very topical discussion. I think if you've not heard of the concept of decentralized identity, I think we're all much more familiar with the concept of perhaps a digital identity, since in this day and age, we all have one, but I don't think there's as much of a discussion even happening in the web3 circles around decentralized identity and what really that means, both from a technical as well as a philosophical, regulatory and just a societal point of view. So very, very excited to get into this topic today with some amazing guests that are absolute experts in this very early and pioneering field in the tech space. So I have Philip, the CEO and Executive Director of identity.com leading the charge in revolutionizing digital identity through decentralized technologies. Philip, welcome. It's quite interesting. I think we might share a surname, because in I'm from South Africa, and one of my family's surnames is Shoemaker, or skuman in Afrikaans, and I think it has the same origin. So welcome. Very happy to have you here.

Phillip: 07:40

Thanks for having me. Yeah, interesting last name. I'm sure my ancestors were shoemakers at some point, but, but I'm happy to be here.

Nadja Bester: 07:52

Lovely. And then we have this CEO and founder of Gluu, Mike Schwartz, a leader in enterprise, identity and access management solutions with a strong focus on open source innovation. Mike, happy to have you here. Welcome.

Mike: 08:08

Thanks for having me.

Nadja Bester: 08:11

And then we have one more guest that unfortunately, since this is x, is experiencing some tech issues. So Marcus Sabadello, the founder of Danube tech, a pioneer in decentralized identity, contributing to global standards and building bridges between identity networks, will be joining us as soon as he's able to so let's, let's start somewhere. This is a very, very big topic, and I think at the moment, you know, it's still quite a technical a highly technical discussion for the most part. Now we've not we know from whatever kind of corner of the of the business world that you're in, especially if you work in the tech space, the average person doesn't really care about what the underlying tech is. They just want to have a problem solved. Now, one thing that we've observed over many, many years in the decentralized technology space is the fact that, you know, you can talk to people about the benefits of blockchain, being decentralized, and, you know, no ownership. I mean, there's no central ownership. It's decentralized. You know, you're it's transparent. You can talk about the about the many, many selling points of these technologies. But if people don't understand what problem it's solving, then it's a moot point. And I think especially in the in the realm of digital and especially decentralized technologies, at the identity technologies at the moment, because it's not yet, let's say, infiltrated to the standard sort of business boardroom level, because it's still highly technical. And when I say business boardroom, you know, maybe it's very different at a corporate level, but generally speaking, even in the business world, and even in the web three world, it's not a topic that receives a lot of discussion. So therefore, although this. So typically is one where we really deep dive into, you know, more high level discussions around certain topics. I think what I want to do tonight is to keep it quite simple and to keep it sort of beginner friendly. So as opposed to really focusing on what the intricate nature of different technologies and different technological elements are, I really want to focus on what it is, why it's important, and what is happening that is going to make it the future, but what is also happening that is making it difficult for it to be the future. So on that note, I'm going to kick us off, and I would love to have an answer from all of you on this topic, if we talk about digital identity, let's start there. What does digital identity mean to you, and how do you explain it to other people? Philip, we can start with you.

Phillip: 10:55

Well, for me, digital identity just means I have a representation online of who I am. Now, that can mean a variety of things, right? Their identity is, is one of these interesting things that there's basically three, three different aspects of your identity. You have, your personal identity, the way you look at yourself, the way the way you look etc. There's a another one called a social identity, which is how many followers I have, what I post online, etc. And then there's this concept of legal identity and those all kind of get wrapped up into my identity online. If you create a developer account at Facebook or at Apple or at Google, they have a certain aspect of your identity, and they refer to you as as, as that identity, your legal surname, etc, and that's something that is, is I see as your digital identity, something that represents you digitally. And this is one of those things that we're in a world right now where your identity is not necessarily owned by you, right? Apple has something that they say, is me. So does Facebook, so does Google, so does Twitter, X and that's one of the big concerns I have about digital identity, is these identities don't tend to be owned by you as an individual, even though it's representing you, you can easily get blocked up these platforms and then suddenly you can't use those logins elsewhere. To me, that is what digital identity represents at this point.

Mike: 12:32

Well maybe

Nadja Bester: 12:33

Thank you so much. Yeah, please. I was about to ask, please jump in. I think that's an excellent starting point. So

Mike: 12:40

yeah, maybe I'll just add one sort of other perspective, which is that as citizens, we're going through a digital transformation in how we interact, and that includes also our culture and so. So this is impacting all aspects of how we interact with the government, how we interact with private sector companies, how we get health care, how we get education. So as all of these different you know, let's say industries become digitalized, and we need to interact with them. We're really, as a society, having to invent a lot of new, you know, cultural or rituals, you know, like resetting your password or logging in or interacting with the account team or using social login. So I just like to say, at a high level, like we're going through this digital transformation as a society and that's impacting, like, just all layers of our life.

Nadja Bester: 13:51

I absolutely love the answer that both of you gave, because I think it really speaks to how incredibly complex and nuanced this topic is. You know, the fact, as you say, uh, this this new cultural ritual, you know, group that we have where logging in becomes a ritual, whether you want it or not, proving that you are a human, even though there's more AIS on the internet and there are humans, becomes another sort of cultural ritual. Uh, so then building on top of this, because, I think, especially as Philip pointed out, digital identity being you online, but then you online also, you're able to kind of fragment this into how you think you are online, how other people see you online, what the law thinks you are online, what then is decentralized identity? I

Phillip: 14:44

Yes, I can take a stab at that. A decentralized identity is an identity that's been validated by an external party that represents yourself online and you control the key. To your to your identity. Nobody else does. Apple, Facebook, Googles, they don't own your identity any longer. You're holding it in your hands. You're controlling the keys to it, literally the keys to it, just like you do with your own currency. If you're in the web3 space, and you can control the disclosure of that information to third parties and what the what you disclose, right? You not only disclose, you not only control who you disclose this data to, but what data is actually disclosed. And that's part of something called self sovereign identity as well. But the whole concept of decentralized identity is that there's not one gatekeeper, not one controller of your identity, you hold it yourself, and you can leverage it to identify yourself with a whole variety of platforms.

Mike: 15:52

You know, I have a slightly different perspective, so I started Gluu in 2009 and we implemented a federated identity platform called the Gluu server. And in that sort of architecture, each domain, xyz.com, abc.com, has their own identity provider, and that enables there are millions of domains in the internet, and it enables each domain to have control over their identities that they're going to, let's say, vouch for. And so I would argue that that's already decentralized. And to paraphrase Tim Berners Lee, he says something like, you know, my internet's my Web's already decentralized. So I would argue that the identity and sort of the internet, by definition, as a network of connected networks that agree on some standards, was already decentralized. What decentralized the decentralized ID community is trying to say is that we can hold some of the data on our device, and that's actually an important innovation, and I'm optimistic that that innovation is going to be really useful in the repertoire of digital identity tools and rituals that we have. But I don't think that it's decentralized per se in so, yeah, I'll just leave it there. So I think it's, it's a, don't think of, don't listen to the word decentralized. But I would just use decentralized as sort of a, sort of a net to say this person means that they want their identity data on their phone and they might use instead of like they might be using a wallet to present that identity. So that's sort of what I think decentralized identity means.

Nadja Bester: 18:00

Perfect. Mike, Philip, thank you so much. I want to before we kind of zoom out a little bit, because I think there's already so many questions that have popped up, keeping in mind that we don't want to make it too technical, can we then have a brief overview of what exactly are the IDs, decentralized identifiers, and how does that work? You know, explain it to me like I'm five.

Mike: 18:25

I nominate Phil for that one.

Phillip: 18:32

I was going to nominate you, Mike, you know, a decentralized identifier. So think of this as a as a URL to your identity, right? Think of it as a or a URI to your identity. This is something that is a list of digits, text and numbers, etc, that represent who you are, that point to a document that represents who you are online. Now, if you think about this, in the old web port, in the web parlance, it's, it's just like http:// that's representing a website you're going to go to. And this is a similar thing. It's did:// blah, blah, some, a url, there something that points to something unique online. Now, what that document, what it ultimately points to is a document that is an encrypted document that represents your, your what, what you choose to put online and ad, a decentralized identifier. Can represent your email address, it can represent your phone number. It can represent a whole KYC, legal verified identity of yourself as well. So just think of it as a resource that represents you as a person. If you look at someone like. Like a group like the open Metaverse Association, Alma three, they are looking at doing something where they can't when you go into their platform to go into a Metaverse, you can log in if you want to call it that, you can represent yourself through a DID, and when you bounce from Metaverse to Metaverse in the inner, inner portal inner Metaverse portaling system, your DID is carried along with you, so you can easily access all of these platforms. But ad is essentially a document that basically represents who you are, it's a complicated thing, but typically the way, so example, the way identity.com does it is you can go up onto our system. You can create, go through a full KYC, or just give your email address, and you'll get ad ID spit out at the other end of it. And they can be hosted on salonic, be hosted on BNB chain, various chains, to be able to host this, and then you have, as I say, a link that goes directly to that, wherever it is on chain. Now this data isn't, isn't hosted on chain. You don't have your KYC hosted on chain, but what you do is you have a link to a document that represents you. I don't know. Does that? Does that ring any? Okay, absolutely.

Nadja Bester: 21:29

I think that that is a very, very great, simplistic explanation. Which leads me to my next question, if I'm the average person I get what you just said, however, looking at, I mean, not necessarily my own, but, you know, playing devil advocate, looking at my past behavior. I'm on the web, two social media platforms. I am either not aware of how they treat my data, or I am aware, but, you know, feel there's nothing I can do about it, or an argument I hear very often. Well, it doesn't matter. I have nothing to hide. You know, privacy is not that important. So to the average person, why would I want to be involved with this process, as you described, Philip, where, instead of, you know, at the moment, if I go to the doctor, the doctor has all my medical, medical records in certain countries, you know, you're able to access those records. Certainly, the country that I'm from, that's a very foreign concept. If you have medical records, it means the doctor or the data or the hospital essentially owns it. So how do I go from this paradigm that I'm used to, that I grew up in, you know, that's maybe not the best, but normal to me, and suddenly I'm hearing about all these concepts that sound really cool, but why? Why do I need it? Mike,

Mike: 22:44

well, I hope you as a person would never know what a DID or ever CID, just like most people don't know what DNS is. You know, with DNS, we take a domain name, www.acme.com, and we request back basically a resolution of the to an IP address, but you can get back other information from DNS. So I think of did, like fancy DNS, where we have, first of all, did URIs, which is a way to identify a unique resource on a network, which is sort of like how we use domain names in DNS so just an address, where is this data, and then for that request, it did enable you to define different methods to determine what will be returned to that request. So these documents and then browser vendors and other vendors will have to figure out which one of these resolution mechanisms they want to support. But, you know, with tons of these things, I think there's like 100 DID methods out there, with hundreds of them to choose some from, what we're seeing is that the market is sort of agreeing on here are some of the ones that we're going to use. But to answer your question, and I think what I'm hearing is that people project a lot of hopes and wishes on digital identity, but identity is a complicated societal issue that's not going to be solved with DIDs or did documents, and just like your average person really might look a little like weird at a URL, if you give them a URL, if you start talking to the average person about DNS, then they probably don't know what you're talking about. And then if you talk to them about did document resolution, they're going to think you're utterly crazy. So the normal person will never see anything as wonky like that. And by the way, I see Marcus is on if Daniel tap, Marcus is Mr. DID, and yes, tell you much better than me.

Nadja Bester: 24:50

welcome Mike. Thank you so much. I think you really touched on something that we very often talk about on the show is all these. One. Wonderful technological innovations and all their fantastic applications, but the average person really should not, should not really have to know about it in the same way. I don't understand how electricity works, but if I go to my light switch, it switches on, and that's great. So thank you for giving that perspective. Markus, welcome very happy to have you here. I don't know how long you've been able to tune in, but please do chime in on any of the topics that we've addressed so far.

Markus: 25:25

Yeah, thank you. Can you hear me?

Mike: 25:29

Yes, Markus, welcome. Okay,

Markus: 25:32

sorry, I had some technical problems in the beginning, but thanks for the for the invitation. And I mean, I agree with what others have said so far, especially with the explanations by Mike right now that ad decentralized identifier is, of course, a technical construct that the end user should never have to deal with, right? So you don't wake up in the morning and think, oh, I want to create a few the IDS now, because that that's so cool. So it's not something that should be exposed to the end user, but it's a it's a piece of technical infrastructure that that we think will basically change how digital identity, how personal data, works when we, when we go, go online, right? Philip has already explained a little bit how they how the piece work. There a new a new type of digital address, little bit like domain names, little bit like IP addresses. But the difference is that a DID is something that you can create, right without a or your tools that you use, like wallets and other applications create and manage the DIDs for you, right? There digital address that really belongs to you. It's not like a domain name or a phone number that's assigned to you by someone, right? A lot of people think they own a domain name, right? I own my own domain name, but you can never really own a domain name. You can only rent a domain name, and you can lose it over time. And deities are designed to be independent of central authorities and belong are under your, your control. And then, based on that, we're building a lot of things that that actually make this interesting, right? So the DID by itself, is not is not interesting. It doesn't really do anything for end users. But with the IDs on as a base layer, we build a lot of things like wallets and digital credentials and agents and so onward. And value and some usefulness comes for for end users. Maybe one more thing I'll say is that Regarding your question, that maybe in your country or in certain parts of the world, this idea of taking control of your identity and personal data may not be so familiar. We've been using a lot that the term self sovereign identity, right? SSI, self sovereign identity also to describe this idea that you're in control of your identity. And this is maybe not always cultural or neutral, right? This may be a very western concept, right, a very individualistic concept that that I own my data and I'm in control and I have all the rights to it. So in our community, we have been aware of that a little bit. And I think it's an interesting question. I think ultimately what we're trying to do with with the IDs is to model digital identity, identity in the digital world in the same way as it works in the physical world, right? As a human being, there are some aspects of who I am, how I think of myself, how I identify myself, that's inherent to me, right? That's not assigned to me, that my inner self, that cannot be taken away from me, that that's a little bit the philosophical ideological background and the deities is a technical realization. And again, the DIDs, by themselves, are not useful, but we think they are a basis for some, some actual applications and services and use cases that are being built on top of that. And there are some really interesting real life use cases and applications already that are emerging.

Nadja Bester: 29:33

Markus, thank you so much. I found it especially interesting the mention of the cultural differences. I think you know, in the many years that I've been in web3, since 2017 initially, the talk of self, sovereign identity was very much, I mean, it's definitely one of the reasons, one of the main reasons, that I came into the space. But I've seen over the years, as the space has continued to grow, that that becomes less and less on the agenda. And. As you know, the entire industry sort of reaches all corners of the world. So I do find it incredibly interesting this idea that you know, the very notion of wanting to control and own your own identity might be more of a particular cultural construct than perhaps is, you know, as globally applicable as other things are. But I wonder then, because shifting a little bit, I think, to something that perhaps more people are not necessarily always interested in, but certainly aware of, is this idea of privacy, data privacy, and then, you know, related data ownership. So I want to ask then for the average person, yes, they might not ever really need to deal with the idea of the ID as a technical construct, but we are certainly seeing in society that there's a very definitive shift from bottom up, which, of course, we are all part of, which is why we are on the space, but then also top down, from governments and institutions that are very much acting in contravention to the idea that, you know, users should own their own data and should have privacy of that data. A very, very contemporary example is the telegram CEO Pavel Deruv just he's just been arrested in France. So I would love to get your insights then on, how does this idea of what the ID and decentralized identity can do for the average person and for businesses? Let's not touch governments just yet. I think that's quite a different a different topic. At some level, how is that going to interplay with data? You know, ownership and privacy rights. How do you see that playing off in the near future? Philip maybe we can start with you.

Phillip: 31:47

Yeah, you know, I think just to really touch on something Marcus said about the cultural differences, you know, I think yes, that is true, but we're also running into, there's also this concept of web three and web two cultures as well. And what we're seeing on the web3 culture side is that people want decentralized money. People, people see this as a way for the government not to be able to take the money back from them, because they own the keys to it. And to me, that's an important concept here, because we are shifting our ideals based on something we see online and something we interact with online. And to me, my identity is much more important than my money, and I want to be able to control that as much as I as I can, much as I'm legally allowed to and technically allowed to. And so for me, I see the this cultural shift, not only being about where you were born and raised and where you're living right now, but also what you're interacting with online. And so to me, that is an important piece. But for me, I think one of the big concepts here, and the thing that really got me interested in decentralized identity was this, this concept of who owns my, my digital online presence, right? And to me, all these companies have a representation of me. They they have a lot of data that they've stored up on me, and they store them in these honeypots of of information that that people love to hack and be able to get access to, assure my password, my name, but a lot of details about me are included in those, in those honeypots of information, and I want those to all be eradicated. So for me, I want my digital I have this I have this belief, this ethos of decentralized identity, is that when I use a decent right now, when I go onto a system, a coin base, or a variety of systems, I have to KYC myself, which means they they go through a KYC process. They scan my driver's license, all my information, they store it in a database somewhere in their system. And to me, I do that from place to place to place. I mean, how many KYCs Have I done in my life online, and what do they do with that information, and how do they store it? And that scares the heck out of me, because, quite frankly, we see every single day, another one of these honey pots gets hacked, and you get a note in the email or in the physical mail that says, Hey, your data's been breached again. And to me, we need to eliminate these things. And I the ethos behind decentralized identity is that when you represent yourself without disclosing much information to that provider, you there's no data leakage. You're not giving away the farm. You're just giving away a very little information just to prove that you're human, to prove that you're unique, and to prove that you are who you say you are, and they don't need to store any of that information. And for me, this is one of the key tenets of how I look at decentralized identity and self sovereign identity. Is it something I have control of that nobody can take away from me, and you can't pretend you're me? You. And and you can't get access to that honeypot of information because they no longer exist.

Nadja Bester: 35:09

Thank you so much for that brilliant answer. Mike and Markus would love to hear from you as well.

Mike: 35:14

I'd like to highlight something that Philip said about KYC so we have to establish that this person we're dealing with digitally is really a person. And Philip mentioned that the these sites ask you to, like, provide your ID, like to take a photo of your ID or a video of your ID. And by the way, not just you wanted to exclude government, but I'd like to point out that that actually links you to your government issued ID, because the government has a process to establish that you're actually a person. You present a birth certificate in order to get that driver's license or other identity document, government issued photo ID. So you know that that fundamentally, what we're saying is, is that websites need to know that you're a person and not a bot. Naji, you mentioned that before. How do we disambiguate the AIS? And so that's really become more existential than ever. I just wanted to make that point that it seems trivial that we should be able to tell, like the human beings from the bots, but me now that actually it's normalized, that that's really, really hard. Now the best AI bot detection programs, by the way, are only about 95% effective, and that's not so your biometric sensor on your device is way more effective than bot detection is today, and this is why it's more and more important that we move to cryptographic types of authentication and stop relying on knowledge based authentication or control of a single channel like email or SMS. But if I could, I'd really like to ask Markus a question, because he also said something that was really interesting, which was that there's real world use cases. And I know Marcus is in Austria and Vienna, I believe, and there's a big movement in Europe around digital wallets. They're probably the most advanced, definitely the most advanced in terms of, like, thinking and research in digital wallets. And I'd love to hear Marcus's answer or ideas about how DIDs are connecting to the wallet, especially the European government identity ecosystem, and also Marcus, I'm curious about the did web method. And if you could give us maybe just an idea of what's going on there and why that's getting some adoption.

Markus: 37:44

Okay, this, yeah, these are multiple topics. Nadja's question, I think, was, how is this going to impact people and businesses in the in the near future? And I And to answer that, I would have mentioned what you just brought up my mike, which is this effort here in the European Union, how there's a new regulation known as known as eIDAS 2.0, and there's a big effort and a lot of funding to develop digital identity wallets for all people in the in the EU in the In the next few years, and it's a bit unclear still what the exact technical implementation will look like. So how much the idea there will be in this implementation, in this in this project, is not entirely decided yet, but I think it's a, it's a project that conceptually is very much aligned with the idea of decentralized identifiers and decentralized identities. So in this effort, like I said, in the next few years, the people living in the in the EU will all get one of these digital wallets where you can manage and share your digital identity data and keep it under your under your control. And, yeah, there are a number of concrete use cases, I mean, starting with things like driver's license and digital diplomas or a verifiable piece of data that says that you studied at a certain university, for example, digital social insurance cards and potentially any, any kind of digital identity data that you also have in the in the real world, right? It could be a loyalty card at a supermarket. It could be a membership card at a soccer club. So all of these things in the next few years, you will be able to have in a digital wallet, in digital form and and if done right, it will, it will actually, I think, be very powerful when it comes to privacy and protecting your. Are your identity and protecting you from surveillance and things like that, because there's some interesting requirements in in this project and in the in the self sovereign identity movement in general. So we have things like selective disclosure and unlink ability and these properties that, in theory, prevent you from being tracked, right? So what this means, for example, is that that if you want to present a driver's license to someone, you could actually present just a part of it, right? That's called selective disclosure. So instead of showing your entire driver's license with your name and date of birth and all the attributes you could just show, show and prove a part of it, for example, just prove that you're over 18, right? So in theory, a system like that can actually much, can be much more privacy preserving than than the identity documents that we have in the, in the in the physical world today. And thank you. Mark successful, and it will.

Nadja Bester: 41:15

I think there's a bit of are you? Are you done? I'm hearing background noise of you speaking, and then you stop. I think it's a tech issue. Did I interrupt you? Or is someone speaking? I'm not sure what's going on right now.

Markus: 41:24

So the only, the only other thing I wanted to say is that that, if done right and this, will have advantages, both for the end users, that the citizens, that the users of this technology, but also for businesses, because for businesses, it will be easier and cheaper to get a verifiable data right, and at the same time only with the with the consent of the of the individual, so that the theory is that this, this has advantages for both sides.

Nadja Bester: 42:01

Yeah, perfect. Thank you so much for highlighting the business aspect as well. I want to get into that a little bit, but just quickly addressing the elephant in the room, Mike. The reason I said to exclude governments earlier is because I wanted to have a very specific sort of initial discussion to center us a bit. So yes, I can hear that there are in numerous benefits for individuals and also for businesses, as we will discuss. But then we have this very strong sort of oppositional spectrum where we have governments that are increasingly focused on centralized control, and of course, data being the new oil data is how we are owned and controlled, and then this decentralized identity movement. So how is this going to play out in future? What is this sort of tension between governments? What are the benefits for them in adopting decentralized identity technologies, or are they rather going to opt to not use it at all or as much as they are able to avoid it? What is that relationship going to look like in future, knowing, of course, that different geographies would have different approaches. Mike, could we start with you

Mike: 43:06

Sure? Well, so Government's going digital, just like every business, like how you pay your taxes, how you get health care, how you get education. And the savings to government are just the same as the savings to the private sector. So you know, you don't want to go into the store if you can order it online, well, you don't want to go into an government office if you can do it online, either, whatever that thing is. So I don't, I don't, I don't think the government's any different than any other business. It's a type of business, and however, the government's role in issuing identity most of the claims that we're interested in, you know, one of the interesting things is, like Markus points out, a very, you know, interesting property, which is that you can domain names are controlled by ICANN. So there's a TLD, and you could buy your own TLD, but it's like $100,000 to do it. So I think the point that Marcus makes is a good one about how you can't be de platformed through DNS. And however, yeah, I forget where I was going with this. Sorry, but maybe Philip, your thoughts on how government will sort of intersect with or, I'm sorry, we were talking about the role of government basically in issuing foundational identity, right?

Phillip: 44:39

Yeah. Yeah, thanks. Thanks, Mike. Yeah. This is, this is kind of controversial, I would guess. But look, we talked about self, sovereign identity, and like I'm in complete control of my identity, which is an absolute fallacy, right? I don't tell people that I'm Phillip Shoemaker, and I live at this address and I have this driver's license. Because I invented it, and I created it all myself. This is issued to me by states, by governments in general. And so to an extent, my to a very large extent, my legal identity is absolutely controlled by the government in which I live. And that, of course, is US government at this point. And so it's, it's the one that issues my identity. It's the one that tells me who I am, etc, all this legal stuff. Now, this social and the other aspects of my identity, let's just put that aside, because the government is more interested in my legal identity. Now, having said that, I encourage these governments, US government, as Mike said, governments in general want to go digital. I see many of these governments moving extremely slow, but you got a lot of the governments. You got the EU you got Estonia and other places. You got a lot in Latin America that want to dive head first into digital, digital identity. I'm not going to say decentralized, because that's really not at the top of their plate. They don't talk about that a lot, but these guys are really keen on moving to the digital world and giving them their constituents, their people, a digital identity as soon as possible. But they're slow. Governments are slow, right? The US government is extremely slow at doing this kind of stuff. But I feel that we're in this, this existential threat to online identity right now, with a eyes, a eyes are able to with products or services like only fake people can generate synthetic identities using AIS in a matter of minutes. And these things are virtually foolproof for many eKYC systems, and that suddenly makes everybody a bot, essentially or at risk of getting scammed by people that are pretending they're somebody that they're not. And most eKYC systems from companies like onfido secure, etc, all these companies, they readily ingest these and they don't see the issue. Now, the problem with something like only fake is that that when you print out an ID and bring it to somebody in person, it's not going to pass, but online, they do. Now I'm saying this because these governments really need to start issuing digital identities, preferably decentralized entities, identities, to their constituents as soon as possible to be able to combat this exits existential threat. So that's me playing Chicken Little and saying the sky is falling, but I'm, I, you know, I'm very nervous about this, and I think we need to, you know, the whole zero trust thing, zero knowledge. We need to be able to trust the math behind these decentralized identities, but we have to be able to issue them in a way that is really trustworthy and one way to do that is have the government's issue these things at birth.

Nadja Bester: 48:08

So I want to ask a follow up question. Then, is there a future in which this is absolutely going to happen? What is the likelihood of us you're looking back on this conversation, 5-10, 15-20, years from now. And this being a commonplace thing of how documentation and identity is done, both at a government level, perhaps not in every geography around the world, at least in the superpowers and then also, but interesting what you said about Latin America as well, but then also from at a business level. How far down the line are we going to start having these things as a go through in our lives?

Phillip: 48:49

Well, I can throw up my thought is 5 to 10 years. I mean, I, you know, I jumped into digital identity in 2016 because of the hell I went through at Apple and knowing who my developers were, but also having people being able to readily find out where I live and show up in my house at odd hours and ask favors. And so I jumped into this thing, okay, we need to get rid of these honeypots. And I thought it was five years away at the time. And look, that's 2016 we're now 2024 significant time has passed, and I'm still looking at it with this, with this lens of five to 10 years, and hopefully Markus and Mike have other thoughts on this, but I just keep putting it out there. Look, I think it's critical for us to move in this direction, but we need to separate it. I I remember in the mobile days when people were talking about mobile phone operating systems, and somebody's like, I can't wait till I get Linux running on a phone. And I remember saying, I can't wait till I don't care what OS is on the phone, that everything just works, very similar to what we were saying earlier about nobody cares about the IDs, right? We want a service to be able to handle this for us and have. The we don't need to know what the technologies that's underpinning it, just like in the future, we won't care what chain is under it. Everything just works. This, to me, is the future, but, but we need an approach, like a decentralized identity to solve this problem, and I'm seeing that as is. I would even say eight to 10 years out,

Mike: 50:21

I have a two word answer for this, Gen alpha,

Phillip: 50:26

yeah, that's good.

Mike: 50:29

And, you know, I think the problem is, that there's people don't know what a wallet is, most people, and not only that, people, they don't trust wallets. And there's even research that says there was an article yesterday from biometric update, which is a great industry newsletter, and the title of the article was, are digital wallets safe? New research says no. So not only do people trust them, there's research that says that wallets shouldn't be trusted. And so in order to build a level of trust with people, I think Gen alpha, who's maybe like 10 years old right now, will have it worked out in time for them, and will educate them about it, and it'll become part of their culture, and I think they'll adopt it. But I have a hard time seeing Gen X or millennials and maybe Gen Z, yeah, but I think Gen Alpha definitely, I'm willing to say this is the this will be the reality, and there'll be a culture for this in Gen Alpha.

Nadja Bester: 51:37

Marcus, if you want to add your thoughts as well,

Markus: 51:45

I don't know. I mean, just having something that gives you more privacy, that that by itself, I think, is not enough motivation right to go through the effort to learn how to start using complex new tools, if they are if they are complicated, right? So what we're building, like others have said, should work, should either be so simple and so convenient that they just work out of the box, or they have to provide something new and cool that we can't do today, right? And maybe, maybe we'll see something in that area, right when we talk about the ad. Then often we just talk about wallets and digital identity documents, which is also what I was talking about previously, right? Driver's licenses, diploma social insurance cards, having digital equivalents of that. But actually, in the ad community, there's, there's much more going on. There's that there's a lot of innovation, a lot of ideas that that you can build on this, this basic foundation of the IDs and decentralized identity. There are ideas to build decentralized social networks, or decentralized version of LinkedIn, or things like personal data stores, personal clouds, having decentralized playlists of my favorite songs, for example, that I can share, right? So all these applications, all these things that we're using today on centralized platforms, could potentially be built on top of a basic decentralized identity layer that just wanted to add that. I think there's also a potential scenario where something cool and new will be built on this foundation that that actually lets us do things that we can do today, and then it will be something that we really want to use, and not just, not just something that fixes a few privacy problems, right? Because that, by itself, is maybe not but the most exciting thing in the world.

Nadja Bester: 54:17

Thank you so much. Markus, yeah. Absolutely love the fact that ultimately, people are not going to be motivated by what, what level of privacy they are enjoying in their in their data on their and their software and app and platform usage. So I think this is a perfect note. Then to end off the conversation, we've had a very enriching discussion touching on multiple different aspects. So let's bring it down to a very practical and real world question each of you are building in the decentralized identity space. What are the problems that you are working on solving? Philip, let's start with you with identity.com

Phillip: 54:53

I think one of the key things that we're focused on, and probably it's every. Every company in this space is there's this overload of us having to identify ourselves at different systems, creating new accounts, creating doing more KYC, etc. And look, I'm scared to death at how many copies of my driver's license are sitting around in databases in the world, just because I've been burned by it so many times and for me, I want, I want to eliminate that. I want to, want to reduce that. So for me, it's reusable identity, using DIDs or verifiable credentials to identify myself once and then be able to use those to identify myself in disparate systems. That's mainly what we're working on. And to do that, we've got verifiable credential app that's on iOS and Android, and we have a gateway protocol is what we call our DID solution that's on a variety of chains.

Nadja Bester: 55:54

Philip, thank you so much. Love this idea of reusable identity. Then, Markus, then you take what are you guys working on?

Markus: 56:05

Well, we're working a lot on the on the boring, foundational, low level infrastructure. So we're not building end user apps or wallets, but we're implementing the DIT standard from W, 3c and some of the other technical specifications to just make all the basic foundation work. And one, one focus that we also have is interoperability between some different technologies, because they also different types of DIDs, different types, different data formats when it comes to identity documents, representing identity and using different data formats, data models, things like JSON, LD, linked data and so on. So we're also interested in in building things that building abstraction layers and building modularity so that this decentralized identity system can also work with different underlying infrastructures to really enable cross border communication and interoperability. But, but, yeah, it's relatively low level, we're building libraries, some open source code and things like that to enable other things on top of that.

Nadja Bester: 57:29

So Markus essentially the type of technologies that the Gen Alpha generation might not know was needed but will be using. Thank you so much, Mike. You've been building glue for a really long time. So what is the problem and how has this problem evolved?

Mike: 57:45

Interesting, and thanks Nadja for hosting this event. So Gluu leads a Linux Foundation project called the Janssen project. I'm the benevolent dictator, or the BD, of that project, and it has a number of sub projects for to implement an identity stack for a business. And glue sells a commercial version of that to enterprises, and those enterprises include banks and healthcare systems and universities and governments, and so that that sort of as part of the Jan project. You know, we're we see that the primary one of the primary components issues assertions. So these are basically signed documents. So in the decentralized identity ecosystem, it's very natural that the existing infrastructure would be the issuing or the issuer of verifiable credentials, but we also consume verifiable credentials. When people log in, they might present an identity from their wallet, so we'll also have to support and there are new standards for how end users will present, but basically we're helping enterprises deploy infrastructure at scale and globally, and this is just sort of a piece of what we do.

Nadja Bester: 59:19

Thank you so much to all three of you for spending this hour with us. I think this is an incredibly important conversation that is not being had enough in, certainly in the spaces that I move in. Very happy to have had you. All of you on here tonight, if we can leave the audience with one thing, if they take only one thing away from this conversation, what would that be any one of you, please, go ahead.

Mike: 59:47

Don't click on that email, that's like that. Don't scan a random QR code.

Mike: 59:59

What? It, yeah,

Nadja Bester: 1:00:03

Mike, I don't think we've ever had a better takeaway from a show on the show. So, yeah, brilliant. If I can't imagine the amount of times that this needs to be said to all of us, but yes, that is absolutely the most important takeaway, I think, from any conversation, is just don't click on that link. Don't download that attachment. Stay safe out there. To all three of you, thank you so much. We are definitely following along with what you are building and looking forward to whenever this future is going to show up, knowing that they were very, very dedicated people building these technologies and these solutions over many, many years and even decades. So to all of you, thank you. Have a wonderful week, week, and to the audience, thank you for investing another hour in your own education, and I will see you again next week on another episode of the Future of NFTs. Cheers, guys. Thank you.