Å løse digitale identitetsproblemer er også en virkelig vanskelig forretningsutfordring

Å løse digitale identitetsproblemer er også en virkelig vanskelig forretningsutfordring

See orignial podcast site here: https://din.alitu.com/episode/79ae0f6a-f675-416b-a63e-e3df6ea96559

Det er en stor glede å ønske Dr. Carsten Stocker velkommen til vår podcast i dag. Som en fysiker som har utviklet en lidenskap for teknologi og business, har Dr. Stockers brede kompetanse gjort ham til en svært interessant gjest. Å løse digitale identitetsproblemer er også en virkelig vanskelig forretningsutfordring, og vi er begeistret over å høre Dr. Stockers verdifulle innsikter om dette temaet. I tillegg ønsker vi å takke våre sponsor, Signicat, som har vært en uvurderlig støtte for oss, samt våre medlemmer, som har bidratt til å bygge opp et blomstrende fellesskap av identitet-entusiaster.

Iløpet av episoden ble det diskutert viktigheten av digital identitet, spesielt nå med AI som løper løpskt, da har vi skrevet en støtte artikkel rundt dette.


[00:00] Speaker A: You.

[00:02] Speaker B: Hi.

[00:02] Speaker A: Join me and my guests for another exciting episode of the Digital Identity Nordics Podcast. Our mission is to provide insights from identity experts worldwide and gain a clear understanding of what the future of identity will look like. We are proud to interview with some of the top identity experts around the world and explore with their unique perspectives. Before we begin, I'll to thank our sponsors Cencat for their invaluable support as well as our members who has helped us build a thriving community of identity enthusiasts. To learn more about Cenicat and our members, please visit our website. Joining us today is Dr. Carson Stucker, CEO for Spherity, a physicist turned tech.

[00:46] Speaker B: And identity expert with a wealth of.

[00:47] Speaker A: Business knowledge to share. We are honored to have him here with us today and we're excited to learn from his diverse background and expertise.

[00:56] Speaker C: Hello Snobber.

[00:57] Speaker B: Hello.

[00:59] Speaker C: Hey. That's great.

[01:00] Speaker B: You hear me and I hear you.

[01:02] Speaker C: Yes, loud and clear. Sounds good.

[01:04] Speaker A: Perfect.

[01:06] Speaker B: And you just let me know when.

[01:08] Speaker A: You feel ready and we can just start.

[01:10] Speaker C: Yeah, no, I think we can start. Maybe my son will come home in a couple of minutes and we need to interrupt.

[01:16] Speaker B: No problem.

[01:35] Speaker C: Great to have you.

[01:36] Speaker A: A kushan. Why don't you tell me a little bit about yourself?

[01:39] Speaker C: My name is Karsten Schtucker, I'm a physicist and I basically worked for a couple of years with Accenture, almost 13 years. Did a lot of large scale system integration projects. Then I joined the utility and a big German utility. And at utility I joined their innovation team. And in the innovation team I worked on technology driven business model innovation. And this was around 2015. And at the same time in 2015, Gartner published a thesis. They basically introduced the idea about the programmable economy and a programmable economy with on demand markets with dynamically defined value chains and programmable economy where transactions get automated on the one hand side on the other hand side, a programmable economy where in a digital age everything is connected to every other things. Where a lot of bots are in the internet and start to distract you, that want to transact with you. Is it a good bot, a bad bot? Who knows? And then they also introduce the idea of the reputation and attention economy. So in the context of the programming economy and that's interesting because attention is basically how can I find an actor in the internet? How can I get the attention of my partners, my customers that's on the one inside? So it's about discovery. So how do I distinguish myself and all the bots, all the bots on Twitter, on LinkedIn? And then they're also talking about the reputation economy. And both attention and reputation is pretty much linked to identity because now I need to build a reputation. A reputation that I am a real human. A reputation that I'm a physicist, a reputation that I work for severity or as a company. I need a reputation that GmbH or that I'm authorized to do something that I have license to operate. A TIFF certificate. An ISO certificate. And this all kind of creates credentials that I can use to build up a reputation so that other people can discover me and then check my reputation. Basically check my credentials. And then we are in the middle of digital identity and that basically was caught my attention in 2015. Then I did a lot of experiments with electric vehicle charging. How do I know the car car A is charging pole is a charging pole? How can I automate transactions? How do I know the car as electric vehicle has a specific supply contract with another utility so that I can kind of, let's say provide the energy and charge it to the supplier energy, preferred energy supplier of the car. And this has a lot to do with identity, with authorization, with provenance. And I did a lot of work with peer to peer energy trading. Like I have energy, I would like to trade with a neighbor, I would like to trade it in a virtual grid, in a micro grid. How do I know the provenance of the energy? Is it green energy or let's say brown energy? And that's again related to identity. And at this time we started working on what's being called the collaborative utility and that's one of these programmable economy concepts and sharing economy concepts. You can basically with software and code you can basically spin up your own utility and then kind of use algorithms to acquire customers and use all kind of communication channels and then again use the community and algorithms and knowledge sharing and sharing economy to do also the after sale support and automate all the other process. I think this was very kind of let's say visionary at this time. What Gartner brought, what let's say the utilities did in the peer to peer energy trading market. But at least this was a good exercise to understand what will happen when digitization is moving forward and why identity is of such fundamental importance. And now we are moving in the age of generative AI, of generative agents and the topic is getting even more important because now a lot of content is being created. We will be over saturated with content and how do I know it's authentic, it's whatever it's coming from a trusted source, from a qualified writer and these kinds of questions are getting more and more important. And this is how I kind of, let's say got engaged with identity. Yeah.

[06:42] Speaker B: So basically you've gone as far down the rabbit hole as possible and kind of found that, hey, there's a really critical piece here that we currently don't have well enough in the infrastructure of the digitization basically.

[06:58] Speaker C: No, absolutely. So I think as utility this was perfect because I had the freedom and the resources to do all kind of, let's say, fancy research. But now, when we founded Severity in 2017, the key focus was to find the product market fit, to put the fancy research stuff aside and to really find the needle in the haystack. Find the needle in the haystack where there's a product market fit, like there's a complete minimum viable ecosystem, there is a use case where digital identity makes sense. There's legal requirements that are already in place. I don't have to wait for the already wallet legal requirements. There are other legal requirements that are already in place. And digital identity helps to automate compliance. And the use case must be simple. It must be kind of able kind of to retrofit existing infrastructures and maybe even identity proving has been done by another party. And if these ingredients critical success factors come into place, then suddenly there's a needle in the haystack where you find a use case, an ecosystem, and a domain where you can start applying the technology today and bring it into production for real life business use cases. And that's a bit what our focus is today. And we might want to kind of elaborate this a little bit more over the next couple of minutes.

[08:28] Speaker B: So basically, you're a physicist. You enjoy research, but during your time in the companies, you also gather yourself a good business background to be able to execute this in fairly, right?

[08:45] Speaker C: Yes. I think this is really Accenture. So I worked for this almost 13 years for Accenture, and I worked in a team that was called strategic it Effectiveness, a fancy name. And the idea was basically to engage with customers and to identify transformation projects like there's a big problem, and then, oh, my God, how do we solve it? We have to restructure, to retransform. We have to do mergers, acquisitions, whatever, and then kind of to basically kind of find ways to do this. And I think this was really kind of, let's say kind of destiny, because when I worked for Accenture, this type of work was so called cost industry work. So I engaged with a lot of different industries, and at this time, I got a bit of business achievement in different industries, and this clearly helps now as well.

[09:41] Speaker A: That's cool.

[09:43] Speaker B: It's nice to have you here, Carson, and it's a really interesting background you have. And based on what we kind of talked about now, would you try yourself on a small summary of where is digital identity today? Because I've seen a lot of people, they're satisfied with Google login, right? They're satisfied with in Nordics, they're satisfied with bank ID, and we're happy we can identify ourselves on the internet. But as we're talking and you're mentioning now, there's so much more complexity that we currently don't understand, but you're working with. So what would you say that today's identity what are the main problems with today's identity? We're not thinking about?

[10:35] Speaker C: I think most people would maybe answer, let's say control of data, my identity data and privacy. I think that's part of the problem. And here kind of in federate system, decentralized system, there's always areas for improvement, to improve control of data, about data and privacy. I think that's one thing. On the other hand, when I look into, let's say this so called dynamic defined value chains, and that's not only a fancy, fancy concept for an industry, for the force nurse solution, it happens also. So when I as a person, let's say I fly from Germany to UK to London, and then in London I would like to rent a car, I would like to whatever to access a building. And if there is no kind of, let's say common identity and trust system in place, then it's really difficult to do the transactions online in a digital way that someone can check my driver's license or can check whatever my authorization to enter a building in England. And that's also dynamically defined value chain because no one in England knew before that I will show up today and would like to do something. For that reason, there are always processes to do identity authentication and authorization and these problems are always kind of changing. So when there is no common identity and trust network in place, if you then think beyond human identity use cases, enterprise identity, object identity, digital product passports, supply chains, then the problems are even getting bigger and there's even more dynamic. I think a human is kind of, let's say, how much do we have? So we have a couple of ID cards and driver licenses, credit cards, student cards, whatever in our physical wallet today. So it's not really much data. Maybe then I kind of credentialized digitize my diploma. But when you then think about enterprise identity use cases and then enterprise identity, of course you have legal entity Identifier, what Clive is doing with Leis. Then you have annual reports, you have sanction list, you have political exposed persons, you have export control credentials, you have TIFF certificates, you have machine authorization certificates that the machine can transact on my behalf as a company. Maybe I will issue birth certificates of products. Products have a lot of provenance, they're a lot of master data. Then the products themselves, they have a lot of IoT data. You might want to protect the integrity, authenticity of the IoT data by signing them with Verifiable credentials. And then other systems would like to fully machine automate it, process the data. And then suddenly the problem is much much bigger in terms of size, volume, diversity of the data, requirements for schema, and these things compared to human identity and these types of use cases. When you think about supply chain, the different credential types that are possible there and the sheer amount of transactions if you do product passports for billions and billions of objects. If you would like to have huge credentials to prove authenticity, to verify an elite pharmaceutical product, a manual, operating manual for a big machine, a safety data sheet or birth certificates, you name it. Then the problem is getting bigger and bigger and bigger. And you definitely need an identity and trust infrastructure for this. And all the solutions have been built for humans that kind of work in a small scope, but not in an open ecosystem. They will completely fail when you go more kind of, let's say, in the force industrial. And for that reason, there's a big need for new identity and trust solutions.

[14:56] Speaker B: We have written a little bit about this new customs app or system that the Norwegian Customs has built. And mentioning Transmute, when they kind of work with their schemas and they kind of try to build all this supply chain data models, are you guys also part of that ecosystem of work?

[15:21] Speaker C: Yeah. So basically we have also worked with the US. Department of Homeland Security on the so called Ecommerce use case for global trade. And you can basically think about a US citizen and then ordering on an Ecommerce platform, an Ecommerce product such as a Pyjama, let's say a kids Pyjama, and the kids Pyjama is then produced in China. And then the process starts. First you basically have to register the intent to sell of the platform and of the manufacturer. And then you have identity of the Pyjama, of the batch of the Pyjamas, and then you basically ship it to the United States. You have a packaging list, you have a manifest. And in the end, what the customs organizations would like to do and where the US. Department security was extremely early and also very visionary. They basically said, hey, why not use Verifiable credentials? Because they have all the data. As Verifiable credential a big customs data lake, and our algorithms can verify them, the quality of the data is much better. It's linked data. It's much easier to develop algorithms that can check whether a product is illicit or not illicit, whether the proof of origin for this product is okay or not, whether it's being shipped in an area where a lot of people live that maybe consume drugs. And we might want to expect drugs in the ecommerce shipment weapons or other illicit goods. And I think today that's a big, big change terms of available data and quality and kind of to bring this to the next level, digitally signed data in a format such as WCC, Verifiable credentials. So it's a big improvement. So DHS is doing this. I think Transmute is continuing to work with DHS in US on these use cases. When you think about this Ecommerce global trade, it's a super complex ecosystem and use case. I think that's a little bit the adoption challenge. For that reason, we focus on other use cases, but also the European Union, they have a similar approach. They basically have the idea they have a policy called Eco design for sustainable products and in the policy of ecosystem sustainable products, they introduced the concept of Verifiable digital product passports which means if you would like to go circular and everything is more sustainable, then you have to have proof of provenance and Verifiable proof of provenance. And for that reason people thinking about Verifiable digital product passports which is an identity for product, not a human, not a person, but for product it's Verifiable. And then you can register the products at the customs registry and the DPP registry is also something the European Union is looking into. And these are very important use cases, especially customs use case, can really drive adoption. However, having said this, the global trade process are pretty complex the change for the use case.

[18:46] Speaker B: So we're mentioning a lot of interesting use cases and ways to kind of use this technology. We both know about Verifiable credentials and DIDs just to confirm there is nothing that is in production right now, right? There's a lot of proof of concepts and something might maybe in pilots or do you guys have anything in kind of high level production?

[19:15] Speaker C: Yeah, this is what we indeed achieved Nor and we're very proud of this. And this is what we are doing for the US pharma supply chain and that's called authorized trading partner. And that's interesting from a couple of perspectives. First I would like to highlight a lot of people are saying hey, I'm doing central bank digital currency, I'm doing tokenization, I'm doing whatever cryptocurrencies and now I would like to move it in the institutional space. We need regulation, the regulators, the policymakers must move faster to do stuff. And I hear this all the time, even when I think today or yesterday started Hanofa Mesa, which is a big industrial trade fair in Germany. And then there was a survey and people said oh my god, digitization industry for all is failing, industry for zero is failing because there are too many regulatory boundary roadblockers and policymakers must resolve them. And that's interesting because if they start resolving it takes long time and you cannot sell your product. I think it's always important to find a use case where there are legal requirements already in place today that demand kind of identity digital signatures, Verifiable credentials. And when you use these technologies, you can automate compliance, make something more efficient, improve your processes. Make, for example, patient health. Improve patient health because your supply chain is much more secure. And that's basically what we did. We didn't ask anyone kind of to come up with more legal requirements. I think of course this is in some areas it's absolutely needed, but it doesn't have a startup. For that reason we looked into use cases where there is legal requirements already in place today. If not in a best case scenario, the legal requirements should have been written ten years ago because sometimes it takes ten years until a law is being in place a policy and then takes ten years to the interpretation to adopt it in ecosystem, develop technology, test it, validates the technology and the post takes some time. This is what we found when I talked at the beginning about the needle and the haystack. So we found a use case where legal requirements are in place, where a minimum full ecosystem was already in place, the ecosystem was fully educated. And that's important because when we as a startup find a use case but there's no ecosystem, then we can waste two years to build an ecosystem. If the ecosystem is not educated, we can waste another two years to educate the ecosystem. And from us. For us, the critical success factors are also that the use case is simple, and that the people have a business case, and maybe even that there's an easy retrofitting strategy in place where I develop a simple API, I plug it into existing, let's say, ERP or supply chain systems, and then I can start using the wallet. And last but not least, it would be preferable if someone else has done the identity proving in this large ecosystem. And that's what we found in the United States with the US Drug Supply Chain Security Act. And the US. Drug Supply Chain Security Act was from 2013. And the key idea of the US drug Supply Chain Security Act is or the policy goal is to make pharma supply chains much more secure, to make sure that to avoid that they're illicit online pharmacies. To avoid that there are ways to inject fake products, counterfeit products, dangerous products into farmer supply chain. And that's so called Drug Supply Chain Security Act. And drug supply chain. Security act has a couple of components. First, identity of the farmer packages. They must be all serialized. So which means they have a product Identifier, a batch number, a serial number, individual serial number that I can scan. And then when it's being scanned, a system can automatically process the data. Then there's a product verification requirements. I scan the package and then have the product number, the batch number and the serial number. I send all of this data to the manufacturer. The manufacturer does a lookup in the database and then the manufacturer replies with whether it's a serial number, alleged serial number in this database, or it's a fake illicit serial number. And that's, by the way, very interesting because in whatever supply chain you are, interior and farmer, you must provide tools, or you should provide tools. In some case you don't need to do it, but you would like to protect your brand and your products so that other people can check the authenticity of your products. And the most simple check is random serial numbers. So which means I, as a manufacturer, put a serial number, batch number, product number on every package, and then I treat the serial numbers as a secret. But when any customer comes to me, or let's say wholesaler retailer, they can basically scan it and ask is this legit serial number or not? I will look at my database and send it back. And protecting product authenticity with serial numbers is one of the very basic security features. And of course it's one of the security features. When you print money, then you also have random serial numbers. I, as a money faker, would need to invent serial numbers, or I just put the same serial number all the printed money nodes. And this is an easy to detect. And that's what they did. And now there's cybersecurity coming in because not everyone should send product verification requests to the manufacturer. Let's say I'm a big pharma company such as Johnson and Johnson, and when people start sending me product verification requests, let's say there are some state actors, cyber state actors that would like to disturb my farmer supply chain. They can send fake product verification requests to my API. And then I have fake fake serial numbers in my system. And this would be a disaster for the compliance processes because then I have to check, oh my God, is a real product or not? Who sends it? Do I now have fake pharmaceutical products in my supply chain? This complete disaster. For that reason, the Drug Supply Chain Security Act introduces the requirements of authorized trading partner. Check. And authorized trading partner check is basically check whether supply chain actor has a license to operate, let's say wholesaler has a wholesaler license to operate. To wholesale, my pharmaceutical product has the dispenser, the pharmacy, do they have a license to operate. And then by law, I only need to respond to request where, let's say a wholesaler or pharmacy has a valid license to operate and if not, I don't respond. And this has to do a lot of this. Compliance at the one hand and on the other hand has a lot to do with cybersecurity and with protecting my API endpoints as a manufacturer so that only authorized training partner can send a request and everyone else can't send a request. And that's where cybersecurity meets compliance. And that's basically where digital identity has the biggest value in these types of use cases. That's what we're basically doing in the US. So with the big pharma manufacturers, but also with small manufacturers, wholesalers and dispensers. And the entire ecosystem is between 60 and 80,000 supply chain actors, which is pretty nice. One final thought. The use case is super simple. We have just one Credential type. We have two Credential types identity credentials and authorized training partner credentials. We don't have more credentials and we don't have complex diplomas with very complex semantics and structure. And I think that's my advice to anyone who's kind of listening to the podcast. If you think your use case is simple, it's not simple enough. And a critical success factor to bring something to adoption right now is the success facts I've mentioned, but also simplicity of the use case. It must be simple and then it can be kind of, let's say, put into production and scaled. And that's why we say we had been lucky. So we found a needle in the haystack where the technology could have been brought, reported to production today without waiting until the European digital identity wallets is there. This takes maybe another two to five years. And for that reason, it for us was important to find these needles a haystack where technology can be applied today.

[29:08] Speaker B: Yeah, that's really interesting story. I think you guys have really hit the nail on the head here. And I think it's far too easy just to go and say, I'm going to solve all the identity problems out there with this solution that is yet to even exist in the ecosystem. There are standards and there are ways of testing it out, but it's not ingrained because identity is so important for everyone.

[29:39] Speaker A: Right?

[29:40] Speaker C: Yes, absolutely. Some fun facts. Maybe some of the listeners have heard about Silk Road, this Internet market in the darknet. And I think Will Ross was the guy who kind of set up single handedly, single handed the Silk Roads. The Silk Roads peer to peer marketplace for buying and selling drugs. And he basically said, hey, we can't trust the government. We need to set up such a market. It must be anonymous. And let's let's combine tour with bitcoin. Yeah. And then put a peer to peer marketplace in the Internet and then people can do a transaction pay with Bitcoin and the other guy then sending the drugs via US mail to the buyer. There's not 100% correlation with the US Drug Supply Chain Security Act. But what's interesting morphine metadone for hard drugs, all of this are so called controlled substances. And today, I think people who are doing the what's the name of the drug in English?

[31:05] Speaker A: OxyContin.

[31:08] Speaker B: Is there a painkiller or what kind of drug?

[31:10] Speaker C: No, drugs that's legalized in some countries. Weed or yes, absolutely, the weed. And that's also controlled substances. And what's interesting so at this point, Bitcoin enabled and blockchain enabled the peer to peer market in the darknet, the Silk Road and now, today. So we have to use drug supply chain security to avoid that. A second Silk Road can happen with all the controlled substances regulations on the one hand side and on the other hand side, we're using decentralized identity, decentralized technologies, kind of to make the supply farmer supply chains more secure, to avoid that such a second Silk Road can happen. And I think I find it an interesting story how it kind of evolved from, let's say, a pirate kind of idea to see with compliance technology. And that's a bit of a fun factor.

[32:08] Speaker B: Yeah, but that's really cool because I always say that we think we're super digital. We got everything on a mobile phone, we got a computer and everything has a website. But the digital world has it's existed for a long time, but we haven't been on it for about more than 20 years. And we have so much more to learn, so much more errors to do. Now we're seeing, like as you talked about earlier in the podcast, the importance of identity and how the Internet has.

[32:41] Speaker A: Missed that part as a core infrastructure.

[32:44] Speaker B: And how it plays into all these problems we have seen, and how you can say that it can solve a lot of our core problems and not let them repeat themselves.

[32:59] Speaker C: Maybe one more thought. You mentioned this. I think now we have kind of the idea of digital infrastructures, and we are digital, and we have this ecommerce internet and do transactions, all kind of stuff, but identity is missing. There's also the other idea of digital product passports or digital twins of products. And this also came up in the German industry in the late 1990s, if not before, with General Electric, I think was General Electric guy, I guess, General Electric who had defined digital twins in the space industry. The problem is, okay, we need to twins. We have industry for all the ideas are also 25, 25 years and older. It's not brand new ideas, but still the infrastructure is not there. And this shows how demand is there, but the infrastructure, legal requirements, the trust frameworks are not yet there. They're all evolving now. And for that reason, if you engage in digital entity, the timing is the most critical success factor. If you're too early, it's a mess. Then you have a lot of depth and you don't survive it. If you're too late, it's clearly a first mover market, especially when it's regulated. If you're a first mover and get a product market fit, get adoption, then you make some revenues, and then you can scale your business. You can afford to do all these security checks and certifications and validations and common criteria and you name it, and afford to do it with your software because you approved the product market, you have the ability to execute. But if you're too late, then the barrier of entrance hurdle is so high, you don't make it in the market anymore. So timing is super complex. I think there was Uber before there was Uber. There was airbnb before there was Airbnb. But the real Uber and Airbnb, they succeeded because they basically built up the momentum at the top of the financial crisis, where all the bankers kind of needed to drive taxi was good for Uber. And all the real estate owners, they basically had a problem with their financing of the real estate, their apartments, and then they put them on Airbnb. And I think this timing for digital identities, you have to look in a domain, because timing is different domains. But I think finding the needle in the haystack, visa right timing, that's super critical. Whether you're. A startup, a venture or big corporate that wants to invest into it. And that's also a little bit our expertise and experiences kind of to understand what factors can you influence, what's the probability to be successful at all today?

[35:56] Speaker A: Absolutely.

[35:57] Speaker B: Thank you. We're going to round off here with a couple of questions I want to ask you. How long will we see this first mover window? You believe in different I'm not saying that you're going to now look into the glass ball and basically define everything, but how long of a window do you think we will have to be able to build in certain domains? What's your gut feeling on this? I talked to the Norwegian government and they say that we're not going to be able to release this EU wallet that everyone is talking about until 2027. That's a couple of years until so I wonder what's your gut feeling about how long will this window of opportunity be there?

[36:44] Speaker C: Yeah, I think if you talk about the European digital dental wallet so we are, by the way, consortium member of the European Wallet Consortium, which is led by the Nordics. And we are looking into organizational identity and looking in and leading a work stream about Credential issuers the authentic sources the company registries in Sweden, in Germany that's been what we are doing there. But I think the winner of Opportunity especially, let's talk about human identity. There are hundreds and hundreds of startups that are basically kind of, let's say, looking into human identity, all led by the idea of the Cyberpunk Manifesto for an Eric Huge who basically said, hey, we need to have identity and cryptography and privacy. We need to fix it. And I think all the startups will disappear when the European digital lenti wallet is there for humans. And to get into this, that's a huge compliance, whatever hurdle, as we discussed a couple of minutes before. And then let's say in Germany, that's not kind of, let's say, a secret. You can also read it on the Internet that, for example, Deutsche Telecom is investing with a team in building something that's its European identity wallet together with Verimi. Verimi got a funding, as there's rumors. I think this is huge funding. Maybe I shouldn't repeat the number because I don't know if it's true or not, but Verimi is kind of, let's say a lot of big companies, german dux companies invested into Verimi and both of them are now building a wallet. It's just one wallet from the German government at the OIT wallet for humans. Maybe this window of uptrend is already closed in Germany. Maybe who can compete with this? There's one of our competitors that just filed for that focused on human entity only and they just filed for bankruptcy because there was no business model, no product market fit. I think to answer this question for the OID wallet, maybe this win of opportunity is already closed, but in Germany, not for about other countries. There will be not much players that get authorized to produce such a wallet and offer it to the people. But of course, then you need to connect an OID wallet with a special purpose wallet for given domain and then there are other opportunities there. Yeah, I think the question can only be answered for a given domain. What's been opportunity? I think in the supply chain, I would expect at least there's an opportunity for the next three years, depending on the jurisdictions and the domain.

[39:32] Speaker A: Cool, thanks.

[39:34] Speaker B: Thank you for your insight. And it comes with good weight based on your experience from Accenture and business thoughts. And you are running a startup now, so really appreciate it. One last question will be we just like to hear what are your company's preferred standards when you're now implementing these identity standards across your product and projects?

[40:03] Speaker C: Yeah, so we primarily use, of course, decentralized Identifiers. So we work with did ESA? We like Did ESA a lot because we believe that smart contract based technologies offer a lot of opportunity for public registries. And it did. Basically, if you use DLT technology, then It did is being kind of, let's say in simple words, did documents being stored in a public registry. But also, if you think about trust lists, if we think about revocation lists for publicly available revocation data, then smart contract based blockchains are very good. For that reason, we look a lot into Did ESA, but we also look in did key for the humans did web for some ecosystems where DLT is not so relevant. And in the German industry, people work a lot with Did Indy because there have been a lot of first movers and started with Did Indy. On the Credential formats. I like the JSON ID because of all the schemas, especially in the industrial use cases, you definitely need schemas to interpret the data or to check constraints. You can even kind of, let's say, apply some checker shape constraint language to check constraints in your credentials. And that's extremely powerful for these types of use cases. And on the Credential Exchange format, we of course, like a lot for human identity. The Open ID for Verifiable credentials and Verifiable presentations, which is also part of the European digital identity wallet. And on the other hand, also did common errors protocols. That's a blend of technologies we are working with.

[41:58] Speaker A: Yeah, cool.

[41:59] Speaker B: Thanks a lot for that update. I really appreciate the conversation, Carson, and I hope to see you again at any of these events that met before. I assume we're going to so you're not taking IIW this time?

[42:15] Speaker C: No, unfortunately, I've never been at IIW, but my team went there last year and I love the IOW. I've participated in the hybrid meetings in the past over COVID. Yeah, I need to go there. Definitely. That's really a pity.

[42:30] Speaker B: They're now launching this European version, though. Dice yes, it might be worth catching on and I think I will try to get there.

[42:39] Speaker C: And of course, I would like to make a little bit of I would like to do some advertisement on the Rebooting Web of Trust.

[42:49] Speaker A: Absolutely.

[42:49] Speaker C: Rebooting web of trust will happen. Mid of September, I think. Third week of September in Cologne in Germany. And I think especially for the European audience of this podcast, I really can recommend going there. It's a fantastic event. A lot of global hundred global experts from all over the world will join the Rebooting Web of Trust event. It's an unconference. It's not like, hey, I have a monologue on stage. It's really working with content. It's sharing ideas, building upon each other's ideas, creating new solutions. Yeah, I think for technology oriented people, but also for non technology oriented people, I think that's a lot of opportunity, a lot of fun. And if people would like to experience this, I highly recommend to join the Rebooting Web of Trust Twelve in Cologne, Germany in September this year. And maybe, Snori, you can put a link to the event and to Rebooting Web of Trust into the notes of this podcast. Absolutely.

[43:52] Speaker B: I will do that. I was actually going to mention that event as well, but you got there first. I really enjoy that event myself, and I hope to be there as well.

[44:04] Speaker C: Absolutely slow. Perfect.

[44:08] Speaker B: Thank you for the conversation and then.

[44:12] Speaker A: It'S been a pleasure.

[44:14] Speaker C: Yeah, thanks for having me. What was really exciting, having the conversation with you, ******, and looking forward to meeting you next time.

[44:21] Speaker A: Yes, absolutely.

[44:22] Speaker B: Have a great day.

[44:23] Speaker C: You too.

[44:23] Speaker A: Bye. Bye.

[44:24] Speaker B: Bye.

[44:28] Speaker A: Thanks for listening to the Din podcast. Keep on following us to find more great content with the Din Found Day subscribe and get in touch with us if you want to join in for a conversation.

[44:40] Speaker B: Have a great day.