RIF recently hosted an expert panel discussion on the topic Understanding Self Sovereign Identity.
Below is the transcript of the event.
Moderator: Raul Laprida, IOV Labs Senior Researcher
Raul: Ok, welcome everyone, my name is Raul Laprida, I'm a researcher at IOV labs, and today I will be moderating the RIF expert panel and the topic today is understanding self sovereign identity. First of all I'd like you to introduce yourself, I'll start just in order, maybe Milton would you like to introduce yourself first?
Milton: Ok. Thanks Raul, happy to be here with you guys, my name is Milton Berman, and I’m product owner at RIF Identity, which is the RSK infrastructure Framework and the identity products are related to building a decentralized identity and using all these standards. I have been in the past CTO of DIDI project that is another project that is used in self sovereign identity models for financial inclusion.
Raul: Ok, thank you. Next Pelle do you want to introduce yourself?
Pelle: Sure. Im Pelle Braendgaard I'm the CEO of Notabene. We help blockchain companies manage risks surrounding transactions, in particular about the tying identity to big transactions. I was previously co-founder of Uport the decentralized identity platform from ConsenSys.
Raul: Thank you. Last but not least, Alex.
Alex: I have worked on a couple of other things like SSI Meetup which is an SSI community thing that we are doing, and we are also publishing a book together with Drummond Reed hopefully in the next couple of months about SSI which is called Self-Sovereign Identity which will be published by Manning, and yah, we are trying to share as much as possible what all the things that are moving in the SSI space.
Raul: Great, thank you. Now we start with the questions, as I mentioned before, it is going to be directed towards one person, but the idea is that you all join and share your thoughts. The question is: How has the internet evolved in terms of visual identity?
Milton: I really liked the example off the wallet, I think I read some blog, I don't know if Drummond wrote it but it's pretty clear to explain what happened and what is self serving identity right now. But I also wanted to add, something that i saw in a presentation from Alex, and I use it now a days, that is, something that said, Kim Conner from Microsoft that internet was built without any identity layer, so I think that's where the problem started and that's where the problems came, and that's why any specific service tried to do whatever they wanted without any standard, and then this huge amount of different ways to log in to websites, to create digital profiles emerged, and I think that luckily where in a point where we wanted to find new standards and we want to show new ways to do this and in an easier way, but i guess that was the problem that started this. I don't know what the others.
Raul: Yah well that related without spoilers, to the second question, which is; I ask to Pelle, and it is: Which will be the main problem of these traditional digital identity solutions
Pelle: So, either, there are several problems with the traditional digital identities that stem from one of the biggest problems, that there are so many of them that we all interact with, like, some countries have digital identities systems like, you know, managed by government or banks that you use for interacting with their official services and you pretty much everyone in the world now a days has got a google identity or more yah know, I probably have about 5, with all the different projects im involved right? I'm sure I'm not the only one. And there are twitter identities, facebook identities, there are your bank identities, each of your cards has- like bank cards is essentially a digital identity. There are so many different digital identities, and what's true for all of them is that the identifier is issued by someone that is not you. And they can issue this identity, and they can also take it away. And that is from a fundamental kind off, human rights… if you want to look at it from that point of view, it's problematic, because… im am uh, I am creating this, i have this identity issued, but the real value to that identity is actually what i do with it. And the data that I create and bring along with it, the reputation that it gifts me, and if someone can all of a sudden take me away, just delete my access to my data, because they control this identity, that's problematic… that's in many cases the big problem for me as an End user, but there's also another problem, that is a problem for me and for businesses, is that each one of these digital identities is a silo, it's a silo for specific use case. It's very different- difficult in many cases to be able... for me to take my data along with me. To start sharing information that I have from this- that the other kind of thing to be able to get some new value of some new kind of service. And that's actually also a problem for businesses, for the consumers of the identities, or the identity data- uh its a problem for governments… these silos are.. You know, very very large identity silos are very beneficial for the people who manage and control them, but for the consumers of data from these silos, it's also a problem that these silos exist. So if we just strictly talk about government identities you know, if you are.. Like im danish, but like i live in Switzerland, i just moved to Switzerland, i just went and got myself a new swiss identity. You know, and uh, yah i have my danish passport and all those kinds of things, but everything i have in my danish bank identity is completely unrelated and useless down here. Right? My facebook identity… well, not sure i really want to start sharing my facebook identity or activities, all of that kind of stuff, with my bank or government or any off those kinds of things, but the idea is that you don't really have a good way of managing data, so the actual consumers of the data from the business or government point of view... They are also- they have this problem that they actually have pretty bad data. Unless its- and they are reliant on the management and control of that silo for data. So there's so many businesses that relied on for example facebook or google for managing the identities of their users and customers, but now they are actually in a position also where they start losing access to their- rec relationships with their customers right? And this is just- its very very big problem with the way the first and second generations of digital identity systems were created, and really one of the fundamental issues that we are trying to solve with self serving sovereign identities.
Raul: Great, thank you. If anyone wants to add something, please don't wait until i ask you, you can just add something. If not, i will continue with the next question which is very related to the previous one, this one is directed to Alex: how would you explain self serving identities or SSI, to someone new to the concept?
Alex: Yah I think Pelle, covered a lot of - uh- well i think Drummond is the first person ive seen that took out this example and can do a combination, what Drummond usually talks about is that if you take out your wallet, i mean, i have my wallet here and then you open it and see the credit cards, drivers license and everything like that. If you take all that out and you can make all of that digital, which is basically your credentials and that is basically what you have in the physical world. And then you can combine it with what Pelle just said right now, if you take facebook or any social network for example, we have the 10 principles of self serving identities that Christopher- Alan wrote about a couple of years ago, which he basically said, in summary that you need to able to be able to control your identity, you need to be able to transport your identity , you need to be able to know what has been done with your identity, ecs ecs. Basically, identity, the more you think about it, it becomes really really complex, so i think what Drummond approach on passports… use this good one were we talk about the down to earth stuff, which was like, ok i can have a virtual driving license and if i go on a trip i can prove that i can travel because i can identify myself, i can take credit because i can show i have a digital passport, and i can open a bank account with the bank account, and rent a home ecs ecs no? It's really infinite. And touching upon the part that Milton made before, and just because of the kind of organization you are at IOB labs, when you think about Internet it really lacked 2 items you know? Like it missed the internet of identity and it missed the internet of money. And it's also something that we write about in the book that we're working on with Drummond. And money, that's a very popular subject in the bitcoin space, or in the crypto space in general, and that clearly was missing because in the seventies when the entire boards develop that was something that needed to be considered because it was more than anything else- uh, we saw sharing networks for academics and military people. And as the commercial internet developed we had David Sharm and other people that started thinking “Oh how can we create this digital money” They did that approach at the time. And a couple of years later, other people started thinking hey, we think that this identity layer and Kim Cameron is one of those examples, who started thinking about those terms, and Drummond was already part of that whole movements like 15 - 18 years ago, hehehe, he's really seen the whole revolution.
So, yah, we been, I done really late, in relative terms in 2017, that i learned a lot from people like Drummond and other people like Pelle who has, for like- Pelle is like the old time guy from a Crypto perspective, yah know i mean like he's been- hasn't maybe not that long in identity but he's been very long time if i remember correctly like since 1999 or 2000 in the Crypto-fying space, correct me if i'm wrong Pelle. So yah, so i learned a lot from all these people , and i think this is kinda the combination of all those items.
Milton: I can say i learn a lot from you Alex, so it's like a chain! But i would like to add to the SSI concept, something that i think is important, that nowadays in the digital world is difficult, that is the Trust, how can you trust in something digital? Without these physical items we have today, and that is one of the most important things the SSI movement is trying to bring and to differentiate to the traditional digital identity. And the other one that I care a lot, is about the privacy. It has to be, more privacy, has to have privacy by default. Has to build, be built that way, because there are many issues and that's why people don't trust much in digital systems because everyday you hear about a hack or password or private information, and i think this is something that the SSI movement is trying to tackle. I don't want to- I know that there are other questions about that, but I think that it's one of the most important concepts that is the privacy.
Raul: We can seize your comment and introduce the next question which is: For you, and basically that, what are the main benefits of SSI above the traditional identification methods, and how SSI tackles privacy?
Milton: Well great, so i introduce myself to this, but yes, the main benefit has been told by all of us today, but i think one of the… besides privacy, one of the most important is that you should be in control of your information, there shouldn't be any information silos as talked by Pelle. Where, if you're in control of your info you have more possibilities to avoid your info to be leaked or possibilities for you to be… i don't know, do things that you don't want to be done with your data and that comes to the privacy thing, because nowadays- all the information is managed, is in the opposite of a privacy enabling way. And because… i don't know, whenever you sign your terms and conditions with google or facebook, you are giving away everything, also with other banking institutions or governments. They have full control of the data, and you can be exposed and expelled from this system whenever they want, your data can be sold or misused without your consent. And even if they want to do the things right, they are silos, they are single points of failure, so whenever a hacker is on those silos of information they can get everything from you and then expose it and use it against you… so i think that this is really important that you have more control over your information. Privacy is a human right, that is difficult to explain when you are talking with someone who doesn't care about that, somebody will tell you “i don't care, i have fun with TikTok, i have fun with Instagram, i don't care if the government or any country is looking at what i do because i having fun and that's it”. I think that, we always need privacy, and thats why its a human right, and if you tell to that people ok, you can have the same instagram or the same tiktok but with the privacy feature, i think that the people will chose it, because it gives you freedom to really, to be private, to have privacy. And another- i think one more, i don't want to miss this is the minimization principle of SSI is really important like whenever you share digital information, you share the very minimum, you don't have to share everything whenever you connect to a service, for example if you have your… i don't know in other countries but in Argentina your national identity card whenever you show that ID to a police man or to a digital service or whatever, you share a lot of information, you share not only your name and sur-name but even your document number, your blood type, whenever you were born, where you were born, a lot of things that maybe that digital service only wanted to know if you are you, to validate your identity, but you are giving away a lot of data, and the SSI movement is for this minimization principle to avoid that.. If the digital service only wants to know if I am above a certain age, then that's it, i will share only that tiny information and it should be verifiable.
Raul: And another question I am just thinking about is, we just talked about the owning my data and being more private, but what about security? In my case, in my opinion I'm more concerned about the security, how securely is my identity handled? Is that something that SSI is bringing to the table? Increased security for our identities? What do you think? Not just you Milton, anyone.
Alex: What i would add to that- as i said before i'm quite familiar with Drummond’s thinking and im quite a fan in these couple of years. From my point of view- look, i've been in the current space for like 7 years now? In the SSI space for 3 or 4 years now… and i think in both cases, both movements come from an ideological, idealistic point of view and utopian view about how the world should be. I've become much more critical over the last 12 months about how to approach both of these, or try to be more objective and- this, identify myself with all these things, and to be honest, we've talked these things with Milton in the past… I mean most people they don't really care about privacy, I mean yeah we can talk about it and say “uh it's really important yah people need privacy” but no one cares. Hehehe. If you give them things for free, they will take it and they will give away, I don't know, the names and all the data of their families and salary and everything, whatever I don't know. In the same way as bitcoin is still highly experimental and whatever people might like to think “Oh its the future payment system” yes its all cool but can you get the whole world on it? Don't count on it, because it will not work, and the same goes a little bit with SSI. I mean i love it, i love the concept, i mean it's why we are writing this book. I think it can be much more powerful than bitcoin eventually, but it's highly experimental still from my point of view, very very early stage. And I think what people like us sometimes miss, and I count myself as part of those people, I'm just trying to distance myself, is that: the reality and practice- practicality of the world is very much more based on power structures . And i see what is happening right now, at least in identity space, i mean you see a lot of movements, in the european union, american space, whatever - wherever you wanted, what is really like- you have these idealistic people from like SSI space that initially started this whole thing like “Yah i'm going to make the world a better place” and then you have the pragmatists with money and they say “Oh yeah its really cool that you created something that we think we can monetize now” and that will allow us now- like the famous example with the chinese that will allow us to control our society and drive it in a certain direction the way we want. So these kinds of things that we initially hope and believe that might be just wonderful for the world, is bitcoin-like. Some people might not want to look at it that way but bitcoin was born to be like a more decentralized type of money blah blah blah but hey, how many people- what is the big- probably like very few accounts will hold the biggest amounts of bitcoins and you can almost do this with any crypto currency. Just for bitcoins probably is just the most distributed one, and even that is not really that distributed, but hey you can say the same for the US dollar and any other type of money so maybe it shows somethings about humanity too. And with SSI we have the same challenges so yah, just to show another point of view for you guys about where i see this going.
Pelle: Yah i do think- i agree with that and there are a lot of similarities too usability and security of bitcoins when it comes to SSI because there are a lot of potential security benefits but, and users- people have a lot of power, but they also have a lot of responsibility in the SSI front, and just as we are seeing in the bitcoin space, it's not all users who want that power and responsibility, because- they actually feel scared of some of those aspects, so there are- this is where the experimental part, i think in many cases the technology is, it's mostly usable… i think… Drummond hopefully you'll just laugh when i say this , but love is a work that happens in the standards, like, a lot of this stuff- the development… I mean, I think a lot of the things that are kinda stalling the progress of SSI is that there is like 20 competing standards who are like, instead of just moving forward, are trying to get to an agreement about something that in theory should be somewhat simple to do. I think that's the problem, but it is also important that that work gets done. But i do think SSI is broadly usable today that are definitely um, many of the same problems that bitcoin has is that most end users they don't necessarily want to be responsible for controlling all their data, they want something rather- whether that is an evil company like google or apple- when i say evil , like yah know, as perceived by a lot of people in the identity space “evil”, uh that kind of company actually managing and securing this particular data , probably a lot of end users would be fine with that particular aspect of it. I also do think another big problem in this space is: when it comes to use cases, and my favorite pet-peeve in the use case is a use case that I think about 3 of you just brought up right now which is the use case of proving my age without sharing any other thing. Yah its i mean, it makes complete sense and it's a good story but it doesn't provide enough value that anyone is going to roll out a huge massive identity infrastructure for that specific- it doesn't really provide any real benefit- its like one of these kind off things you know like: “is it a vitamin? Or is it a painkiller?” and that's definitely in the vitamin department. It's like you know, Yah this is kinda nice but am i gonna change everything up just so i don't sho- share the bouncer like my address or my eye color or whatever… probably not. So i would actually invite… to call ourselves jokingly “The Identiraty” to find other better use cases than that particular one, because i don't think it's helping the adoption of it because we need to focus more on real use cases where there is real value. And don't worry there are plenty of them, there are plenty of use cases where there is real value in SSI.
Milton: It's also… i take 2 things of what you said Pelle and Drummond, its difficult sometimes to communicate or too sell Self serving identities or what does it- why it is good because it has so many potential benefits, its difficult to focus on just one, maybe all of them will be great and will work in a day, but it's really difficult to make somebody understand because their is so much information there, i think that's one of the problems for it to be understood and want to be used by anyone, corporation, government, whatever… and i want to add another use case that is the one i worked in before that is the DD project, that is interesting, is taking SSI in another way… it is a hypothesis, but now the project is working, it is live. I was always told we were building it, but now the project is live and this is targeting something, i haven't seen much of this type of use case for SSI that is population that live in formal neighborhoods in latin america, africa , all around the world, they have their identities, its uh… what you know about each other in your day to day basis, but those populations don't have any digital account of any type, only facebook maybe, or whats-app, but never a bank account or in some many cases not even a national document. But they all have a reputation and they know each other if they are truthful people, if they- when you give money to them they return it back to you or not. But the institutions, the traditional financial institution does not bother nowadays to gather information about those populations because, i don't know, it takes many much money for them to do it, and maybe they don't have much return, so that its kinda excluded of the relation of the issue of that system. So this use case is trying to build this reputation without those typical intermediaries. They will be able to download an app and interact each other or even with micro credit institutions that they act as informal validators typically, but they will be able, and they have just started issuing verifiable credentials about the people that take micro-credits, more informal micro-credits in the vulnerable neighborhoods in Buenos Aires. So the people are starting to build a self serving identity profile, they are starting to gather verifiable credentials, they are starting to use it also too- because this institution- if you are paying your credit and you are not how do you say, delayed on that, you can take free medical consultancy or free lawyer or free dentists, so actually now a days they are using self verifiable credentials to determine if they are paying their credit, and they are able to have these benefits, so this is a short tiny use case, but the other hypothesis is that if they start to grab their- this verifiable credentials maybe one day, one bank, will see at that information that they can verify as something important to give a credit score, that in the past they couldn't have got. So this is another use case I really like, and it's live right now in Buenos Aires.
Raul: Now i need to change the question a bit because off this context, we need to introduce the verifiable credential because we named it a lot, so if anyone wants to give a short introduction of what a verifiable credential is, and maybe we can join it up with the next question which is; how can we address the issues of people forgetting their password or credentials and which could result in just losing their digital ID. So, that question was originally addressed to Drummond, so if you want you can start, the idea is if we can all explain what a verifiable credential is that would be awesome because…
Milton: Can I ask something to Pelle? I don't know if youve been part of the specification of the JWT verifiable credential standard at Uport?
Milton: that you can talk a little bit... of that concept.
Pelle: Yah so verifiable credentials i think are super important because they are reusable, they are cheap to issue, unlike the plastic cards on the wallet they are extremely cheap to issue. You can- there's uh like uh… i mean you could easily issue tenths of thousands of verifiable credentials, we use them as the core for our source at NOTA VENNE, most people have no clue that they are verifiable credentials- within there we are issuing, i don't know- i have no idea the specific amount but A LOOOOT, a lot of verifiable credentials every day within there. Because you can use it for any kind of data record, that you might do in a more traditional web2O kind of context, you can create these verifiable credentials. And for JWT like i really like the JWT version of it because it's a very simple standardized form and well understood- data piece with there very- there are no real requirements, its self contained there are no real requirements of linking into a bunch of external kind of things and there is good support for it umm… so its a very… it's a very useful, useful concept. And you can have a verifiable credential that maps the content of your national id card or much better , you can have 10 verifiable credentials that- that by issued by whoever issued the national id card who issues a specific credential about each data point on that particular card because since there is no need to have everything in one credential now it makes much more sense and then we naturally get this data separation part of it that we like- data minimization part of it. So i think verifiable credentials are great and decentralized identifiers which is another big concept for SSI is also a really great concept… umm… a lot of people think you only need one identifier per customer, but you can't, i mean you can have tons of different identifiers and then you can selectively link these together through verifiable credentials to each other, and present only what you want to do. This is actually- i think it's a good approach for people to start using verifiable credentials in a way where… you don't like- as a business if you want to start using this kind of technology, you don't have to go in and wait for a bunch of people too ------ bunch of customers to come to you, who have already had their verifiable credentials issued, you can start using them internal, just create a customer identity on behalf of your customer, they don't need to have an app or anything like that right now. You can create a new identifier for them, issue credentials- manage within your service and then at some point, then you can have them take full control over into their data. So there are many ways that you can start gradually moving on to this kind of technology and build your business up in place to be able to deal with it once it becomes more widespread, and it also allows you to get going now and do the right thing, even if it's only like the first step. Right?
Raul: Milton i want to- were running out of time so i'll try to skip some of the questions …. and … Milton, should we try to make SSI as decentralized as possible? Or should we always rely on human custodians , such as Sovereign stewards model ?
Milton: I think that there can be some grace- uhh there can be a scale as some all of you have mentioned … i think it's really difficult to have the full decentralization model that… uhh people, in some cases are not comfortable with that. In other cases it is difficult to use it that way, i think its not fully centralized or nothing, i think there are different flavors you may say, um and it happens for example there is a - i think one of the most complex issues with a fully centralized way of managing self serving identities , how you manage or how your private keys and how you recover them is one of them most important issues there. And there is an interesting way to solve that is the social recovery thing that were you can have your private keys stored in tiny parts of it with a cryptographic algorithm with people who you trust, your guardians… and then whenever you lose your phone or you haven't written your trust words or whatever way you did it, you lost your hardware wallet , you can talk to 3 out of 5 of your guardians and if they sign some message then you have your private key recovered. And that is really nice because it have the perfect user experience , really simple. You don't have to write anything in paper and you don't have to store passwords anymore , those exponents of the 2.0 and 3.0 world, those problems are solved. But the problem there is that you get an issue : if nobody uses SSI, who will be my guardians? So if i install a wallet that has social recovery, then i ask all of my friends they don't want to be my guardians because they don't have the wallet and they don't care , so what do i do there? Ok no i cannot decentralize this i wont use it , so that's where the trade offs come and i really like what Archen Wallet did and Etherium wallet that uses social recovery there , and they do something that - ok you don't have any guardian , any friend that wants to be your guardian there for social recovery , you can have us. So, trust us, give us- we can verify your phone and we can verify your email , and if you verify it again i will be recovering your private key- so this is something that is usually done with the traditional services, and you will say Ok so this doesnt change anything, but whenever this gets adopted you can have youre friends or your family or other entities of trustees... and become decentralized a little bit more, but you needed that centralization from this argentine to start with this so, i think this is something well be seeing in a use case basis, its not that simple, its all in or nothing. Thats my point of view there.
Raul: Good, yah i was thinking about other solutions… maybe incentivising the adjusties… but regardless, we are running out of time and i want to finish at least some of the questions , next one is for Alex; How governments and enterprises could be encouraged to implement SSI solutions?
Alex: Well i personally believe they are highly encouraged to do so, like if you take the european union , they are all happy trying to set up a notes in each country where they will run identities for everyone in the european way but of course- i mean, from a decentralization point of view that's not really very decentralized because you have all these different governments running those nodes and so it goes with corporations or china and so on… but i honestly think they will the big brainers of this whole thing , because i see that they want to a distance with the “evil companies” as Pelle described them like Google and Facebook and Apple because they tend to believe they they… these big tech companies they have been taking up far too much power and we need to get some of that power back, and this is a great tool we can create to rules like GDPR and all kind of other things so we create a little castle and protect our little market here. Which does not have to be necessarily wrong i think you have companies like Korea and China that have this model in a very very successful way, the only question is: what does this mean in the long run? What is the price all of society will pay, so we don't know the price tag for these things- and that's always um- it reads for the short term and pain for the long term eventually so we don't know. But I personally think this is where SSI will go to in the short term … mid term- and yeah I think this is really happening it's just like corporate and government money is usually very slow to move but i think they clearly recognize this as pay ground.
Pelle: Yah i tend to agree with that, there are so many use cases for governments in here in particular for transgovernmental kinda groups such as the EU or the inter american development bank also who is also doing a lot of work on SSI as well. So in the EU they have this new AEDAS SSI project which is um… built after i think their previous project AEDAS bridge became slightly more problematic which was based on the old federal identity model, i think it was all based on open ID connect or something like that. But the fact is that every single government in the European Union has- either has their own national identity system or they have a philosophy that they do not want a national identity system and... Like in Denmark and Sweden banks run what the de-facto national digital identity system right? And um… so you can't just have a one size fits all model and SSI really helps really well into that, again for this whole concept of like lets get rid of the silos… also in the european union they really want to be able to take your university credentials or medical records or whatever with you as your moving to Denmark to Spain or the other way around that kind of thing. So SSI actually works really really well within that, i have to say, 5 years ago when i started working on SSI i came from a completely like “Hey i'm a big coroner, i'm a Crypto guy and you know, screw the government's all that kind of stuff, this is like we can all take control of it , we don't need governments and all of that. And like within a year, I saw governments pitching to me why we need SSI and like completely buying into the whole particular issue. The first time i ended up pitching it too a unnamed latin america government, they told me that their biggest problem was identity silos within government where each ministry had their own national identity system and each state level had their own identity kind of system, and from a central government point of view, they couldn't get anyone to agree to give up their issuance of identity so there was no way for them to go in and start creating like kinda of systems for citizens to kinda unify some of that. But come SSI- SSI kinda solves all of that because now its user-centric, its focus actually around the user who can just individually tie together their- you know all their each little yah know little silo um silo run by a specific um you know head of department who does not want to lose whatever power comes with this particular credential. Governments love it. Oddly
Raul: I think Pelle is still with us just without video, moving on to the next question, interestingly we haven't mentioned blockchain yet and the question starts with this: Could we have this standard of SSI without a blockchain- i know we haven't mentioned blockchain yet but…
Milton: I like how SSI moves because it started maybe like everything has to be on blockchain because it seems that blockchain solved all those problems that Drummond was saying, but then people started to realize that for many many parts of this standard there was no need for a blockchain. You could do that with Cryptography that we have for 20-30 years running and you could avoid many costs for that so i really liked how it evolved, the movement - it evolved uh… I think it also very important to have a verifiable data registry , like a blockchain or something similar. Because it enhance and it helps in some of the particular issues if you want to avoid centralization in some points uhh… its important- interesting at least to try it. For example uh… i think there was a problem in the 90s with the PCP where if you lost your key or you wanted to revocate your key there was no easy way to do that in the past. Because you had to centralize something and that was the whole point of doing PCP not to centralize… but with blockchain you can have a possibility to avoid the problem that PCP had to revocate or delegate a key for example … and others are using it for- also for anchoring or time stamping data but i don't think it's even necessary for that. It's an interesting part, but i like how it was taken out from the SSI movement and now it's used whenever it's necessary.
Raul: Great, thank you and we have 4 minutes for our last question is for everyone: Where are we with the adoption of SSI? How long until it's used mainstream? And what do you think?
Pelle: So I say there are kinda two approaches to the adoption of this kind of technology, one is top down, that it's being imposed from above. And if you just go in and do a… and want to get people to use SSI for a whole bunch of different use cases that may practically be the… be the way to get there… and i think that's what we're seeing a little bit with ADA’s SSI in Europe or with the inter american development banks blockchain project in latin america there's a top down approach of helping to build out some of this infrastructure, but there's also a… to actually start using it now we need to take a more- because the top down will take longer. I think it will get here but - then we need to focus a lot on the bottom top approach like the project that Milton’s been involved with in Argentina uh… we were happy to work with you on some aspects of that at Uport uh… its exciting because it's one flavor of bottom up- here you take a very small regional area and try to build up the infrastructure for use within that. So that's a very exciting approach to that and actually i want to learn more about the status of that and how its been going uh… the other approach is just finding very specific business use cases for it - and just going for them rather than just trying to sell SSI as a feature you find the specific use case where you can plug SSI into it. And particular use cases where your end users already have a wallet- or have it like- they have a wallet or they have an app or something or other that could you know- where you can essential like add an SSI functionality to it so it's part of whatever the business use case of this app or service does, you can add SSI functionality to it - itll just be for a particular use case . So we are working a bit on those kind of things of what we call non-custodial KYC aspects of it for blockchain applications where we are helping wallets integrate some lightweight SSI functionality within their...like when we say wallet- Crypto wallet not SSI wallet. Adding some lightweight KY- uh, SSI functionality to them to be able to handle data around managing their identities for a particular use cases. So that's another approach towards- but- its really really difficult- and this is not just related to SSI but it is also like one of the things that kind of steered off the original vision of open ID back in the day. It's really difficult to sell identity to end users unless they have a really really really REALLY good reason to do so. So you HAVE to give them reason to manage this identity- i mean open ID was- i remember the early days of it, it was basically the exact same story about user controlled identity you know, because all we need to do is: on your blog, you add some open ID functionality and then you can log in with your blog url over everywhere and the overall goal is to have everyone was going to have a blog of course, and using your blog with your open ID that you run in your own website and your own domain. You can manage your identity and log into all of these kind of services and essentially have user controlled identity. Because it didn't quite really take off, even with avid bloggers. And just from a usability - cuz I remember logging in and using my blog for a long time… it was a pain in the ass right? But this same exact technology then got kinda taken over by two fronts like the google facebook group and then the enterprise kind of group. So we need to, rather that try to get end users to manage their own identities and like- there is many different things you can use it for- No, let's focus on the things they can use it for and then expand outward.
Milton: Yah and i like the way that something- i have to say because this was organized by Alex-
Raul: yah, Alex needs to leave , thank you Alex for participating.
Milton: and i can wrap up with this uh, something we are building in IOE labs is the riff identity log in that is- uh and we will tackle it as you say Pelle as a “Trojan Horse” because you will be able to- if you have any crypto wallet or even a 2.0 website or digital service that you could integrate this and you will have automatically connection with SSI with verifiable credentials, decentralized identifiers and then there will be many use cases as we know… but we will try to do it in that way like… the people not knowing they are having that future… that uh i think then we have you talk Pelle hehe because of that…
Raul: Thank you Milton, well uh we are yes- we don't have much time left so thank you very much for participating in this expert panel talk, and yes, we conclude this talk now and thank you very much.
Pelle: thank you.
Milton: Thank you everyone.