DIN Meeting with Digital Bazar

‍

Manu, at Digital Bazaar, a co creator of many of the standards in the SSI ecosystem visited us to share his view and story. He will talk about the work they are doing with the government, real world pilot/production deployments of the technology in the US retail sector, bring up some use cases for discussion that they are working on and talk a bit about the technology behind what they are doing for the SSI community

Transcript of the conversation for search

0:06and there's manu hi snor how are you i'm good0:12how are you doing well thank you so we're just going to give everyone a0:17little second to join and then [Music] i think we can just start with some0:23introductions after that0:28sounds good0:34while we wait i'm gonna go ahead and share my screen and just make sure that you can see all this this is the the dhs0:41slide deck i said i was gonna share yeah you can see yep0:46okay0:53i'm always fascinated by meet up it's like there's 10 to 15 people saying they're0:58coming and it's it's so little accountability on meetup that is that is that platform they're um1:07i was i looked at you know the number of people it's like what like 465 or something in the meetup group1:12which is impressive i mean that's a lot of a lot of people but yeah you know1:18so there's a lot of people there and there's uh we have a network of people and um i1:24hope it's okay if we record uh because there's a lot of people to look afterwards and i got1:29a couple of people who sent me an email saying could not join now but they're always uh look at the1:35recording afterwards yeah happy to happy to have it recorded yeah1:40sounds good sounds good um so not to kind of go too overboard i1:47think we can just start with a couple of introductions um pierre1:52is new here uh if you want to introduce yourself i would love to hear your background2:01yeah can you hear me yep yep hi i'm uh research at the university2:08of australia and computational stuff neural science and the imaging2:14and uh yeah i'm just mostly interested in what's going on on the on this space yeah2:21uh we have met before i now remember so yeah yeah um yeah so this is2:28um a lot of ssi focus in norway is um2:34is also research heavy so um to the top left there you can introduce2:39yourself so mana knows who you are2:45mars want to introduce yourself uh sorry uh yeah my name is marius i am uh2:51working with ntnu in jovik in computer science department uh we've been working with sonora for a2:57while in the kind of ssi and digital identity space and i'm specializing in decentralized systems3:04and blockchain cryptocurrencies in particular cool cool uh and sign you want to have a3:11quick introduction yeah so i'm i'm a researcher at3:19western hospital i met or called marius earlier today3:27very interesting presentation mario about drugs and blockchains and3:33similarities more than the differences3:38[Music] we have met in a couple of3:44research proposals so that's my introduction to this team and this3:50group sounds good3:56then we original update about money here but you can do i think4:02we can just uh start and you can do yourself introduction module and you can share a4:07screen and i'll turn off my okay sounds good um thank you again for4:12the invitation to come and uh speak here uh so i really appreciate it4:17um uh i'm really interested to hear kind of the uh perspective from you know norway and4:24um some of the scandinavian countries um so so just a little bit of background4:32on on me um uh i'm a computer scientist um i've been involved in4:39creating global standards for around 15 years now mostly through the world wide web4:46consortium uh but also through the internet engineering task force i'm also an entrepreneur i have founded4:54founded a number of companies um the the one that is working on decentralized uh identifiers and5:01verifiable credentials and link data security and all that stuff uh that company is called5:07digital bizarre um and so we're a for-profit company that works on open standards uh5:14standardizes them and then also in parallel provides uh products to the market so5:19things like verifiable credential issuing platforms verification platforms uh digital wallet platforms5:27uh we also do fit for purpose blockchain so we have you know the capacity to build5:33blockchains from scratch using different consensus algorithms and uh things5:39that nature we we don't do a lot in cryptocurrency um just because it's such a politically5:44charged way uh that might be a stupid thing because everyone's making tons of money in that5:50area we're picking all the things that are not making a lot of money yet um but you know things where there are5:57you know there are plenty of other uses for blockchains that than a cryptocurrency and we're looking at those so6:02for example we do like a decentralized identifier uh ledgers uh things that are designed6:09to store decentralized identifiers uh there's a project called varus one that we're working on that does that6:15um so that's kind of you know my my background all of our companies uh are effectively6:22self-funded they we don't take venture capital which basically means that we can work on the6:28things that we want to work on right we've figured out ways to make money doing that and6:35part of what our companies are really interested in is i mean this sounds a bit cheesy but you6:41know making the world a better place we want to work on technologies that improve the human condition6:47no matter where you are in the world uh our primary drivers are making sure that6:53you know where you're born in the world is not it does not um disenfranchise you it7:01doesn't mean that you can't achieve uh you know what uh you you want to achieve uh in life so7:08a lot of the technologies you know the the reason uh ssi self-sovereign technology and7:13things like that are important to us is because we believe that they're empowering the people um and uh what we've really liked7:20seeing over the past several years is that governments actually agree with this as7:25well i mean their their governments even the u.s federal government um7:31believes that this is an um you know citizen-empowering technology um so anyway with that that's a7:36background that's kind of where we're coming from um we are a mission-driven purpose-driven organization7:43rather than you know your typical uh american capitalistic7:49profit at all costs you know organization um okay with that i'll i i'll are there7:55any questions on that before i kind of start kind of talking about the the work here8:01i would love to hear like what got you started because jumping um you started very8:08early uh were you kind of in the identity space when you started8:14to start jumping on the vc and did space because i think that's a very normal8:20place there's a place to start the lead but if you at least when you're kind of creating8:25the standards if you're just starting from scratch and trying to create identity standards that would be kind of crazy but yeah8:32yeah kind of got you started uh so yeah interesting question so um8:37uh we started our first company while we were in college that was a long time ago for me but8:43um uh we were our first company was a video game8:48company we we ported linux to the playstation 2 because the playstation 2 was one of the8:54first network connected entertainment devices right it had a an ethernet adapter on it9:00we ported linux to it because we thought it would be really neat if college students would be able to you know use this powerful computer that9:07was sitting in their living room and we could help deliver things like music in movies and video so9:16my my whole family are artists i'm the only i'm the black sheep in the family with the computer science and math9:21degree everybody else is a painter artist sculptor writer um and i grew up9:27uh seeing how uh i mean i grew up very poor um because my9:33family were i mean they were artists and you don't make a lot of money as an artist um9:38and i saw you know how taken advantage of they they were they they would you know spend months9:44creating these beautiful you know oil paintings four foot bite foot oil paintings only to have9:5075 percent of the money taken by galleries and and you know the galleries were9:55struggling too it was it's just not a very good you know environment but i i it came10:00from seeing artists struggle um in primarily because artists didn't have10:05a direct they didn't have direct access to their fans it was always through some major10:12corporate structure that took 75 percent of the the earnings so that's where i was going we10:18were coming from we were trying to make it so that artists and people that create things could have a more direct10:24connection with the people that enjoy the things that they create um and could effectively take more of10:31the the profit i mean it's their creation that you know and and when 75 percent of it goes towards10:37um uh somebody else i mean they're you know it's it's important the galleries and the music labels were doing an10:44important thing but most of it was a discovery thing discoverability there was no way that10:49artists could list their items for sale set their own prices connect directly10:55with their fans i mean a lot of that has changed so this was in 2000 this was 20 21 years ago right11:04but when our whole experience in the sector showed that a lot of things were tilted against11:10artists uh even today they are i mean you know you look at the you look at the itunes store which11:18really helped a lot right i mean itunes only takes 30 percent they don't take 85 or 95 which was the norm 20 years ago11:26but even today artists you know are still struggling they don't have a direct um you know connection with their11:32fans anyway all that to say all these decentralized identity11:37standards and verifiable credentials that all came from us trying to find a way11:44for artists to list items for sale on the internet and have people interact with them11:50directly right and so cryptocurrencies come into play identity and verifiable credentials11:55how do you know that the artist actually created this work right uh if you how do they list it for12:02sale on the internet so that a search engine can pick up that they're trying to sell something12:08uh how do you pay them you know for their work so 20 years later we have12:14things like nfts and verifiable credentials and dids and cryptocurrencies and all that kind of stuff12:20um so i think a lot of advances have been made but in general that's that's how we got into it12:25it came from a problem how do we enable artists uh you know to get paid more fairly and12:30have a more direct interaction uh with their customer base and and that's really that's12:36part of where decentralized identifiers came from that had to do with how does someone12:41prove who they are on the internet verifiable credentials how do you list something for sale so that the artist is saying this is how12:48much it cost instead of them having to go through you know a third party um so yeah that's12:53that's kind of where we were coming from if that makes sense yeah it makes absolutely sense it's interesting to hear kind of where13:01where it came from yeah and i mean you know a lot of people don't know i mean it's a question a lot of people don't ask13:07they just think oh we're just working with the us federal government to do citizen identity and it's they don't understand that that's13:14not anywhere close to where this stuff started it all started with you know it just would be interesting13:20like people a lot of people probably think that okay these type of things comes from people who've been13:25working within identity space for a long time and just like i know how to now i know how to solve this properly13:31but it came from something different right yeah no it didn't come the identity space is very new to us13:37um and you know to a certain degree it's it's the identity space is really weird it's it's it it feels weird that there's13:44an identity space at all you know like you go to these meetings i mean you know i in the internet identity workshop13:50is happening right now and i go to the internet identity workshop quite a bit and it's a great you know crowd but it feels like13:57um you know there's a saying saying in the us that the the tail wagging the dog it's it's it it feels like it's the14:04wrong it's it's the wrong way you start with a problem right like uh artists are not getting compensated14:12appropriately and let's figure out what technologies we need to put in place to address that problem14:17whereas the identity space is just talking about oh you know identity as kind of this first14:22the identity is the problem right it's like no that's like it's a kind of a side that's14:29it it's an interesting space but i feel like it's it's a bit too meta right yeah we like to focus more on more14:35on problems um so anyway um any questions before i kind of start14:42talking about the where things are today14:47i'm good okay i'm good all right um let me go ahead and i hope14:53it's okay if we do this a little bit let's call it informal oh please try to ask questions on the15:00way yeah please i would i would i would much much uh rather it be done that way than just15:06talk perfect um so i'm i'm i'm using somebody else's slide deck but this is a public slide15:12deck let me go ahead and put this a link to this slide deck in in the chat channel in here15:18so everyone has it um but it's publicly viewable everything i'm saying today is you know public nothing15:24uh secret um so what i'm gonna show i guess the group15:31is the the latest output from this thing called the silicon valley innovation program15:36it's run through a group called the this is the us department of homeland security which15:41is always sounds very scary right you tell people that and and you think about you know people in15:46uniforms dragging you away into a to a camp um but the usdhs is15:52it's it's a huge huge organization in the united states that's designed they're the ones that vet technology uh16:00the use of technology in government the use of technology with you know the citizens they're the ones that16:06um try and uh secure uh national infrastructure like the electric grid uh nuclear power plants16:14um they're the ones that try to figure out how to do air travel appropriately it's they they're responsible for a lot16:20of things but one of the things that they're responsible for is they're the16:26the the technology body that vets new technologies like self-sovereign16:31identity like verifiable credentials like decentralized identifiers so there's a a program called the16:37silicon valley innovation program which is really interesting they most government entities like this they only16:44fund people within the country the silicon valley innovation program in the united states will fund any country16:50any or sorry any company anywhere in the world they don't care if you're a u.s citizen or not they don't care if16:55you're a u.s company or not um they put out challenges um17:01like you know uh i'll go into the challenges later but they put out challenges and then any company from anywhere in17:07the world can apply to the program and we have quite a number of non-us companies in the17:12program we have companies from new zealand we have companies from canada we have companies from europe um in any case they're trying to find17:21the best company that's you know with the best technology and and you know uh do do that kind of17:26stuff and one of the things that they're trying to do right now is demonstrate that these new dids and17:33verifiable credentials are actually interoperable do you have multiple companies that are following the standards17:39and actually able to interoperate um so let me kind of go you know into some17:45of the use cases so one of the things that they're really interested in doing um some of you may not17:53know but there it is very easy to create a fraudulent17:58uh identity document in in most of the world so if you don't have you know card that has chip and pin or18:05some kind of digital signature on it like most identity documents in the united states uh or canada18:10or you know many many places in the world there are companies that will create18:16fraudulent documents for you for a very uh affordable rate i mean like you know18:2210 15 euro you know 20 euro you can get a very good fake and the18:29reason it's a very good fake is because the exact same um uh printers the18:36like holographic you know laser engraving printers that they use to create the real documents18:43are operating in some kind of you know other country and able to create the same kind of documents right so so18:50it's very easy to create fraudulent documents these days and they're looking at ways of18:57putting digital signatures on them putting chip and pin you know doing upgrades so that it's19:02much harder to create those fraudulent documents19:08so some of the use cases that they're looking at is citizenship and immigration status so if19:14you're a legal permanent resident there are if you're if you're authorized to work in a country or legal permanent19:20resident um they're interested in issuing a card right in the u.s it's called a green19:27card uh or a or a citizen you know a citizenship card um they're interested in issuing that as a19:33verifiable credential or a decentralized identifier um there are 40 million people in the united states that fall into that19:40category and so they're interested in you know issuing that19:45passports also fall into that category driver's licenses fall into that category19:51employment eligibility is also an interesting thing so there's a visa programs in the united states19:57um so you know if you have a skill that the the united states is looking20:03for especially if you're phd researcher things of that nature20:08that's employment eligibility essential work and task licenses so this can be anything20:13from uh you run security at an airport or your security officer20:20at an airport to your migrant farm labor um so uh you are you know come into the20:29united states to pick strawberries or um you know things of that nature crops20:35blueberries um things of that nature um and then supply chain security so you20:41know uh are when you're importing something into the united states uh do we know who the company is are20:48they in the business of manufacturing the thing they're saying they're importing uh you know things of that nature um so20:55these are real use cases right i mean these are these are things that they're actively working on and now21:01they're committed to using verifiable credentials and decentralized identifiers for21:06uh and they started funding this work six years ago right so we're very well into um you know this this21:13this uh this being used so the the specific operational components are u.s21:19citizenship and immigration services customs and border protection and the office of privacy uh they do not21:27you know one of the things people you know think department of homeland security does is they want to track21:33absolutely everyone and everything they're doing and all that kind of stuff they're actually the opposite they don't want to enable technologies that allow21:40the tracking of the u.s population primarily because if those technologies21:47are enabled they enable nation states that may not be friendly you know to the united states to also21:54track citizens in that way right so they don't want that to happen the other thing of course as21:59as many of you might know is that the united states there's a very significant part of the population that does not22:05trust the government here um it's very you know in some cases it's very different from europe22:10you know the idea of the the idea of having a federal identity card is just uh an offensive thing to you know a lot22:17of citizens in the united states whereas in europe it's kind of like well of course you know the government in norway we22:24have this thing where we are very very trustful to the government uh yeah it's almost scary22:30uh but the government has come out and said that okay the trust will shift we cannot we we're not gonna have22:37this trust for for uh very long so what they need to kind of align themselves to to be able to22:44provide services that's not just based on trusts yeah oh absolutely yeah i mean so so in the22:51united states you know the opposite of norway is like the state of texas uh who is fiercely independent like so22:57independent that they have their own energy grid they don't use they don't use anybody else's energy they have their own energy23:03grid which they had problems with you know during this latest freeze but they're fiercely you know independent um they're always23:10you know threatening to secede from the united states you know um but but that's kind of you23:17know the reality for the united states is that it's just complete there's so many different types of people23:22in in all the states that it's very difficult for the federal government to do anything at23:27a federal level and so you know it happens state by state and it just so turns out that ssi and verifiable credentials and dids23:35kind of enable that to happen they allow that to happen while still enabling you know a strong23:41identity if people people want it so yeah the idea of national databases is just it's23:49very difficult to for that to happen in the united states um which is why you know these23:55decentralized technologies are of interest to the federal government and the office of privacy right they if they protect citizens24:02privacy but enable the government to get its job done they're they're happy right24:07um so the the main things that they're funding right now are verifiable credentials decentralized identifiers24:14um and then life cycle management so this has to do with like encrypted data24:19vaults and confidential storage um the us government as you probably24:24know is is getting ready to file a series of lawsuits against uh the social media companies and the24:31companies that are tracking people without people's consent um they're looking for technologies that24:37enable people to protect their data even when it is with you know a service provider so24:43encrypted storage and transit and at rest only decrypted ever on the client uh with the24:49you know the consent of the the individual um selective disclosure24:54of information um you know herd privacy these are all things that they're interested in25:00in you know providing um [Music] the other thing that they're trying to25:06do is you know they they want they want to make sure that all of this stuff is built on standards25:12but they very much understand that just having a standard isn't enough25:18you actually have to demonstrate interoperability and as many of you know for a while now there have been companies25:24that are that say that they use the standards and they don't actually25:30um or they say they're conformant with the standards when there's not they're not even close like you look25:36at the technology and it's totally not a verifiable credential but they keep calling themselves you know verifiable25:42credentials company and so the the department of homeland security in the united states has25:48basically said look um you can't just say that you're conformed with the standards you have to25:53pass interoperability test suites on a nightly basis you have to prove that you interoperate26:00with other vendors in the space and the way the united states does this is they fund multiple companies and26:05award multiple companies contracts they never they try to never26:11just pick one vendor uh or one you know contractor right so it is26:16always this fight between vendors um and if the vendors can't get along26:22uh and they can't find a way to interoperate then the us government just shuts the whole program down and doesn't fund any26:29of them right so there's a strong um incentive to not only say you follow the26:36standards that's the that's the most basic thing you have to do but you have to actually demonstrate that you can issue a verifiable26:42credential from your infrastructure another vendor can you know verify that26:48verifiable credential and then they can issue a verifiable credential and your system can verify their26:54verifiable credential um and that's how we actually get to provable objective tests on27:01you know interoperability yeah and and i think uh aries has been really early27:08early there's community has been really early about hey we are in dropable and they built the test conformance suite but it's very27:13very close into the ares so i think it's very important to kind of notice that all these different27:20platforms they're either self-built or have some shared components based on the standards27:26yeah yeah and i think that that was the biggest a lot of this came out of the27:31you know what what the aries community was doing which was they were just reusing the same software library for27:38the longest time there was no actual interoperability there is just a lot of just27:43reuse of the same software library the same crypto cryptographic components at the base um27:49and that is not true interoperability right that's a software monoculture and27:54so the the difference here with this kind of ecosystem and this is still you know verifiable credentials and decentralized28:00identifiers is that each one of these companies has built their own software their own platform28:06now some of them do share some of the underlying components but the you know us federal government28:12is telling them you can't do that you have to you have to actually have truly interoperable implementation so28:18that there's no single point of failure um you know among among all of you um28:24and so that's what you know we're we're doing here is that we have a bunch of verifiable credentials that we issue28:29through this vc verifiable credentials http api and we have in-by-end vendor28:36interoperability tests where all the vendors not only have to show that they're totally interoperable with one another28:41but they also have to point to the software libraries that they're using and if it turns out that all the vendors28:47are using the same software library then you know nothing goes forward until that's fixed right28:53um so so that's that is that is what true like interoperability is is29:00are these kinds of tests and the the us federal government is really trying to push uh this kind of you know vendor29:07interoperability does that make sense on kind of what they're trying to do29:12absolutely and i uh i i really think it's important to kind of29:18get that going yeah because early like it's easy to say that29:23as long as we build zombies the case we can making things in trouble if you just provide the same software kit to29:29everyone uh but again it's standards and sdks can work as like a29:34a demonstration of how it should work but we need more people to build the software29:40from a different thought but follow the standards yep absolutely yeah that's that's exactly29:45the the the point um and you know this is really uncovered a bunch of29:51um things that are troubling in the in the ecosystem right i mean there's still a pretty big gulf between the indie29:58software stack and the you know the vc uh you know http api and software stack30:06as well right so like the us and canada are are starting to demonstrate30:12interoperability but there's a big i think a big gulf between europe and the united states and in in30:18canada right so you know there's just a big gulf between the indie stack and you know everyone else um uh30:27anyway so so that's one of the things that this kind of testing uncovers is like oh it looked like everybody was all30:34following the same did standard the same verifiable credential standard but there is a very strong indicator now that that's30:42not actually true they're too pretty there's a pretty big rift between the technologies um but most30:50recently the good news here is that it you know most recently i think evernim in you know the indie camp said that30:56they're going to support the bbs plus signature stuff which means that at least from a31:01verifiable credential layer both of these kind of groups are going to start interoperating at least at that31:08that layer right yeah it's it's really interesting and and one quick question i wonder31:15what made america wanting to fund something like this because this31:21is totally capable of everyone every country in the world to do this but we don't have to go deep into history31:27but it's just like very interesting to see like why why america went ahead and like let's let's just31:33make sure this interoperability thing is working and the countries are organizations from all over the31:39world yeah so the in the united states in the 80s and the 90s um the u.s moved from the federal31:47government building solutions to private industry building solutions so it was a big privatization push that31:54continues today and when that push happened they didn't understand31:59standards and vendor lock-in right and so they awarded massive contracts massive multi-decade32:05contracts to large software vendors like microsoft for example microsoft right and32:14you know if you remember microsoft software in the the 90s it was not the greatest software32:20right everyone used it but it was riddled with holes in in in microsoft was absolutely gouging32:27the united states on even the smallest security upgrade and things like that so they had single tracked vendors and they32:34got vendor locked in and they got contract lock-in and in the 2000s the us government basically32:42said forget it we're not going to do that anymore we're never going to award you know sole32:47source single vendor contracts where they just sell their proprietary technology to us32:52we want to you know do open standards now not every u.s government32:59entity has learned that lesson there are still organizations that continue to give sole source proprietary33:05contracts that are multi-year to people but department of homeland security through this you know through33:11this is trying to show no this is the way you should do it if there's not a global standard33:16in there aren't multiple vendors that can demonstrate interoperability then the us government just doesn't buy33:21the software right um so so that's that's a bit of the history it's it had to do with privatization33:29uh of uh you know the the technologies that the that the us uses uh there was a bad part33:36of that in they're trying to fix that that's why they're funding it and and that now they have they have plenty33:41of data to show that if they just spend a little bit of money upfront on33:46standards uh in interoperability that it has massive cost reductions for33:54the government you know later on right because then there are multiple vendors the vendors33:59are competing on price the government can just buy off the shelf technology instead of special34:05you know contracts uh just for a particular piece of technology uh it just helps uh to reduce the cost34:12of of the of of government operating did that make sense34:17yeah absolutely yeah um okay so so you know we have interoperability tests these things34:23exist today uh this is for the credential handler api so moving things uh through digital wallets we have test34:30suites for that where we can demonstrate real interoperability um every year we've done a plug fest34:39uh so this is an interoperability test in the may of 2020 we did like jason ld and34:45link data signatures and did resolution and like there's a lot of stuff that that we end up demonstrating interoperability on34:52the second plug fest which just closed up um last month um we tested things like the vaccination34:58certificate vocabulary which is you know global kind of work item uh35:04fips compliant cryptographic primitives this is this is stuff that you know governments uh have approved of35:10certain types of cryptography so uh revocation heard privacy35:16didweb you know bbs plus signatures for selective disclosure and then the next plug fest we're going35:22to be focusing on like qr codes and cbor lds this is for things like printable digital signatures on a piece35:30of paper like for a vaccination certificate um uh credential refresh you know rich35:36mobile client walls anyway each one these happen you know every year and we're trying to get them happening faster and faster35:43in basically the federal government's u.s federal government's position is that if you can't pass these test suites35:48we will not buy software from you right um if you can't interoperate with all the other vendors35:54and there are eight of them at this point um well actually they're 15 they're eight in the program right um36:02if you can't interoperate with these 50 and other vendors then you can't sell software to the us36:07government right and i think that's a very good thing right it keeps them protected uh from from36:12being vendor locked um so again some of the use cases each36:18one of these companies is funded to do a different use case with the us government so steel importation so36:24this is a supply chain these are supply chain use cases so uh the steel use case is about36:30do we do you know where the steel is coming from uh what grade is it who manufactured it um believe it or not36:38there's a lot of steel fraud in the in the world so countries will36:44manufacture steel in certain countries and then secretly ship it to another36:50country and say that country produce the steel um and that allows you36:55to get around uh import tariffs and things of that nature right um and in some cases well anyway without37:02getting into the politics there there's some countries that are trying to get around import tariffs37:08um and you know there's these trade fights that happen between multiple countries so37:14knowing where this deal is coming from is very important um same thing for electronic commerce um you know where uh you know where is37:22this um where the good the electronic goods coming from um there are you know all37:30there are places all around the world that manufacture you know chips and things of that nature37:36and huawei is an example where you know they were found to37:41uh have some questionable practices with some of the electronics that they were putting in security devices that were then being37:48installed in people's homes in the united states and around the world and um there was just a concern around37:56things people were buying in the dangers of installing that device in your home38:02right so for example there are some devices that have been found that you know they record all the time38:08and uh sends that audio stream you know to other countries um38:15in agriculture knowing where your food came from is important you know if there's a salmonella outbreak you know38:22traceability uh use of verifiable credentials for traceability for oil and gas there's a lot of trade that happens38:28between canada and the united states through oil and gas pipelines um38:35and you know when they put the oil and gas in the pipeline it's really hard to account for where it38:41is or who's drawing it or you know that kind of thing um i didn't know this i had no idea this38:48was this was kind of a neat thing um oil when they put it in the pipeline38:54uh crude oil uh moves at walking speed so when they put it in the pipeline it's39:00as if like imagine just walking beside the pipeline that's how fast the oil is moving through the pipeline39:06so it can take weeks to months to get down to texas right it's literally like imagine putting a backpack on and you just walk39:14from alaska through canada all the way you know down into texas or from the oil sands of39:20of um canada down down to texas it takes months and so they have a hard39:26time accounting for who's putting what into the pipeline now ideally of course we all want to go to solar right39:33this is you know we think it's temporary but there's you know it's a huge part of the all economies run on oil gas now and39:40understanding what taxes and tariffs to pay there is of interest to customs and border protection um so39:46those are so those are some of the use these are these are again these are real use cases that the39:52us government is paying companies to develop verifiable credentials and decentralized identifiers for39:59not as re not as a research and development not as like we might use it or not but40:05they're they are going to be using vcs and dids to do this right so this is paying these companies to40:13take these use cases through to a production deployment let me stop40:18there see if there are any questions on like some of these any of these use40:23cases let's not be so norwegian you know40:29ouijas are very known for not asking questions40:36i mean i guess the question is do these use cases make sense like do is it is it fairly straightforward40:42why you would use verifiable credentials for this or would it help if i took one of these and kind of broke40:48it down and talked about the types of verifiable credentials in it uh yes i'm curious i'm curious like how40:55how oil please gets to apply i know if it41:02seems a bit interesting to understand how that one plays out sure um so the oil and gas one is41:09interesting let me let me try let me see if i can find and you'll have to forgive me this is not my use case and it's definitely not my area of41:15expertise um but they had a really good slide here that kind of showed41:21um you know what uh they're doing there's a steel one41:29ah here this is maven net um so this is a company called maven that they're out of canada they were funded by the us41:34government uh to work on the oil and gas problem um these are all the verifiable41:40credentials that so these are all the oil and gas pipelines that flow through canada and the united states so41:45this area in canada is so has so many pipelines because these are the oil sands41:50in canada this is where a lot of the natural gas and and uh crude oil you know comes from41:58in each one of these one two three four five you know all these numbers um are uh uh verifiable credentials that42:06are issued along the way there are changes in you know um anyway so so you know the42:12first thing is you know the the crude oil is is pumped out of the ground42:17um and they need to record they need to basically say we pump this42:22out of the ground at this location uh in depending on where you pump this stuff out of the ground42:28it has very different properties it needs to be uh refined differently it has different42:33things in the in the crude um but there just needs to be a record of where it was produced42:39um then you know it's usually pumped to a refinery a first stage refinery at that42:45point where uh you kind of upgrade it uh to kind of a different different um uh42:53you you you kind of categorize it and uh you put it into different categories43:00so uh you create things verifiable credentials like the upgrade record the waybill document an origin document43:07right so you give it more than just it was pumped from this well you kind of classified a bit and and43:14basically say where it's going right so you've gotten some kind of order for it and you say where it's going um then you43:23uh inspect it so you do a quality inspection so there's a verifiable credential for the inspection record43:29um and then you know it goes on the market so it's bought sold um and you depe43:36and then you kind of determine which pipeline it goes in so you know are you sending it down to texas for refinering43:42refining are you sending it east uh to the great lakes where it can be loaded43:47onto a tanker as crude uh or does it get you know refined so this this one i think you know takes it43:54um through uh and this one looks like it might be going to europe right they're gonna they're44:01gonna load it here and and ship it uh east uh to europe um so they44:06you know there's a uh you know trade and transport so people create finance documents they44:12they bid against it they buy it and uh you know um they they create kind44:19of a proof that it was bought that's another verifiable credential and then in five this is where it crosses44:25the border from canada to the united states u.s customs and border protection um44:31border control inspects the the crude coming through they they try to make sure that it's44:37you know coming from where they thought it was coming from going to where they they thought it was going to um44:44what sometimes happens is that again in an eff in an attempt to get around44:50tariffs um people will um pull oil out of the ground44:57let's say in the middle east put it on a tanker i mean it's a massive thing like45:02put it on a tanker secretly get it to one of these pipelines and dump it in the pipeline45:09right i mean can you imagine like trying to sneak i mean it's done it's done it's done quite a bit but like45:17you know it it boggles the mind that there's that kind of you know activity going on in the world45:22but that's what's because in the whole thing but is because you know they're trying to avoid a tariff they're trying to get45:29around an import restriction right and so one of the ways to do that is to pay some45:34you know not so um upstanding people some money and dump it into the pipeline45:40and get paid you know uh for oil that they never should have gotten paid for right and then it's it's45:47imported legally under some other company's name like a shell company's name45:52um so anyway that's why border control inspects this stuff they want to make sure that45:59for the oil that's coming in they know where it's coming from and it's coming from a legitimate uh company you know it's stored for a46:05period of time uh this one goes to a refinery in chicago uh it looks like around46:11um uh uh chicago and uh you know they create a record of46:16the final product so this is refined like gasoline or something like that they arrange for transportation and46:23retail which is another verifiable credential and the transportation document is46:28another verifiable credential and then they finally deliver it here right so it looks like they've46:35um delivered the final product here so i was i was mistaken it's not going overseas it's just going to be consumed46:41here you know so anyway for for oil and gas that's what it looks46:48like i mean you know you think that oh it's just an oil pipeline you just dump oil in one side and it comes out the46:53other but there's a lot of verifiable credentials that are created you know as they as they46:59flow through that um you know pipeline did that answer your question47:05yep yep thank you okay um so that's just like one of47:12the you know supply each one of these supply chain use cases is has like that47:18amount of complexity to it it's it's a pretty interesting you know thing and all of it's done by paper today it's literally human beings47:25looking at at pieces of paper in in many cases uh some of it's automated and is digital47:30but a lot of it is still you know paper based um okay just noting the time moving on47:37their digital personal credentials here is the other one uh so this has to do with citizen identity47:43um and so some of those verifiable credentials here the idea here is we're going through uh lewis's journey47:50of becoming an american citizen um uh and in becoming a naturalized citizen47:56right so he starts off as as someone um you know outside of the country48:02um in order to get his uh appointment to get a permanent resident card so he wins48:07the lottery there's a lottery in the united states to become a permanent resident um so he has to prove that he's48:14vaccinated first to enter the building to have his appointment so there's a proof of vaccination48:20credential um he can become you know and then when he gets the vaccination credential he can go in in48:26in person uh do the entrance interview he gets his digital permanent resident card48:32he uses that digital permanent resident card to apply for a job and then gets another verifiable48:38credential that's an employee credential and then to celebrate you know becoming48:44a permanent resident and getting a job in the united states he wants to celebrate and order some champagne and48:50cake you know online but it's the middle of the pandemic so he's got to get it you know delivered to his house so he48:56gets this over the age of 21 digital credential to prove that he's over the age of 21 so that he can order online uh champagne49:05and then when it's delivered they check to make sure that he's over 21 using this digital credential not49:11using his permanent resident card because it has too much information on it they just need to know whether or not he's over 21.49:17um and then you know his his permanent resident card is extended so he it it updates it49:25they expire every two years or so but he gets an extension for another year um49:31uh and then he finds out that you know he um is is uh going to become a49:37naturalized citizen he goes on vacation using the digital vaccination certificate to49:43you know board the airplane along with his permanent resident car to identify himself when he goes to fly um and then becomes49:50a naturalized citizen right so the appointment credential is another verifiable credential49:56the permanent resident card is revoked because it's no longer valid and he gets uh you know a citizenship uh50:03card um so that's how we're looking at like this is a different you know cohort50:08that's looking not at supply chain but individual citizen identity and again50:15this is this is real the us government has decided to move in this direction using decentralized50:20identifiers and verifiable credentials this is this is a reality they're funding this through to50:26production uh today so let me stop there any questions on this kind of flow50:32that's really cool though but like uh are do we do we need all these credentials or is does this all this happen in the50:38background that we don't really know about um some in the background some we're50:44trying you know we're trying to move as much of it to the background so you don't need to worry it just shows up in your digital wallet50:50but there's certain cases here where you need consent from the individual50:56right the individual needs to consent to pulling the card into their wallet they need to consent to providing data to get one of these51:02credentials and so in many cases there needs to be consent and the51:08individual needs to be involved in the process51:16there's one last thing that i wanted to kind of cover on the the how retail the retail industry is51:22adopting the technology but any any questions on kind of this this overall flow51:28or or any of these credentials i wonder if signica or or brenda soon51:36has any comments on you see this in a norwegian51:48context so i'm john eric setzers from uh from signicat51:54um i mean as you said we're high trust and we you know gladly share you know pretty much uh52:00everything about ourselves uh to to in in this part of the world and52:05of course that's going to change so that there is a need some time in the future for this kind of52:11thinking yeah for sure uh so and i think this is a good illustration of some some really good52:18use cases one of the things that's sort of been on my mind the last half year is actually52:24the binding between the physical person and the credential52:30we see that now in a change in the in the norwegian finance regulation which puts more52:37liability on a bank if you only use the bank id because somebody else could be using your bank id and i was just52:42wondering is that something that's being discussed in this forum the difference between the owner of the52:48credential and the one who's presenting it right now how how do you do that binding yeah that's an excellent52:56question and it is something that the us federal government cares a lot about as well53:01um the way that the binding is performed is is you know when you when you do53:07something like get a digital permanent resident card you have to show up in person in front of a u.s federal employee and53:15um the idea here is that when you do that they will bind they will53:22verify some of the private key material or sorry they'll verify the public key material53:27that you use so there's always a challenge response there's always a digital signature not53:33only from the issue of the credential but there's a digital signature from the person that's presenting the credential53:39right and and so basically let's say that i i want to give my53:45you know i want to give my permanent resident card to you when i give that to you i am going to53:51digitally sign that exchange that one that one exchange that we have together53:57in what that does is it proves to you that i have some device that's capable of54:03generating a digital signature and i'm using the same device to do that then54:08the the the people that issued the permanent resident card to me in the first place had so there is a54:14physical binding that happens um you know at times in in that binding can be checked time54:20and time again uh you know or updated or if the binding changes they can revoke the permanent resident card like let's say that54:27they i haven't proven that to the federal government you know in five years they'll just54:34revoke the card until i come back in and prove again that it's bound to me right54:39right but and and of course i mean it's the same we have when issuing a bank in norway i mean there's some some level of physical presence uh54:47where you can question if it's good enough but at least there's some you know check so binding the you know bank id or the54:53credential in this case to the person that binding is you know pretty good54:58but when it's the time of use whether it's you or maybe somebody in your household that would be able to55:05know by accident or actually you share their credentials yep yeah you can't i mean there's no no55:13there's no technology on the planet that can prevent that right i mean i think people are looking for that55:19solution and it's there's just not a solution for that i mean the only way to do that is to do55:25biometrics of some kind that's you know automated um and there are plenty of new systems55:31that are coming out like you know intel's uh you know55:36biometric camera now will do biometric checking uh but guarantee like you encrypt your55:43biometric template to the camera so there's no one that can look at the template55:48while it's traveling to the camera and the camera tells you know the system that is connected to55:53whether or not the biometric matches you know or not so there are all kinds of privacy preserving ways to do55:59biometrics that are coming on the market um but those are just very experimental right and all the all they are supposed56:06to do is basically replace a human being physically looking at your face and56:12physically looking at a card um you know it all depends on the transaction and the level of assurance56:18that you want right so if if the transaction that you're doing isn't safe to do over the internet and56:24the web it won't be done over the internet and the web you'll be required to come in in person56:30and do the transaction in person right and see all the cryptography you know and there'll be guarantees cryptographic56:36guarantees on the data that's exchanged but some part of the process might include56:43a human being physically looking at you and physically looking you know at the56:48image that's associated with your identity card that has a digital signature on it from56:54your government right um so all we're you know the the i think the main thing that we're trying to do56:59here is to get around a lot of the fraud that's happening today right um with these plastic cards um57:07and get to a better level of assurance there's no there's never perfect assurance there's57:13just you know better assurances than what we have today did that make sense yeah no i mean i i57:20follow and i know it's a challenge you know that's that part so that's why i was asking you know whether this is57:26something that has been discussed that you know difference between the owner and the user of the credentials at a given point in time57:32yeah yeah just a quick question uh so the the57:40backup of the credentials that are issued is kind of kept uh by the government right57:47the lost device or something like this not not it it really depends on the57:53government department it the the general idea here is they don't want to hold on to57:58any of the information right if in a perfect world the the government all they want to do is validate information and give the58:05information to you they don't want to hold on to it because it makes them a giant target for you know hacking and breaking in and58:11all that kind of stuff right so so ideally what their ideal scenario is you show up to the u.s federal58:18government with a bunch of different pieces of paperwork they will look at those pieces of paper58:24or those digital credentials they will determine something about you like whether or not you are eligible for58:34social security for example in the united states and they will give you a credential saying that you have a right58:40to this government service and then they will destroy all of the information right because they don't want to store58:47it because if they store the information there's a chance that someone might break in and get all the information so that that58:54is their ideal scenario and they're trying to figure out how to you know how to get there they don't want to be the issuers of59:00identifiers like the social security number in the united states is a terrible identifier it's been59:06abused it was never meant to be used for what it is you know today and they don't want to be59:12the issuer of you know identity again because people in the united states there's a59:17certain subset of the population that is fiercely anti-federal government um they're okay with having a state59:24id but they do not want to have a federal id right um so so the idea here is that59:30the the federal government all they want to do is really vet that your that you have a certain right59:37give you a credential that says you have that right and then destroy as much information as possible59:42not store it um because there's there's no need for them to do that um did that answer your question59:50at least to a terminal that that that makes sense uh that yeah i was wondering like what59:55is the attitude towards this sort of a centralization of data storage and also that um the1:00:01solution for um yeah like the practical aspects of recovery but that has to be solved1:00:07somehow you know in some other ways right yeah yeah they don't want to have1:00:13big databases it's a liability to them it's you know it's it's a political liability it's a1:00:19you know it's uh you know when you when you lose when you lose your citizens data in a in1:00:25a data breach it doesn't look good right and so they'd rather not just not have the data so that they1:00:30you know lose it now there's a there's a counter argument to that where they do have to keep some amount of data1:00:36right so let's say that they need to revoke your credential there's a certain amount of data that1:00:41they need to keep to revoke that credential right but if they need to reissue the credential they'll just go through the1:00:47same process again with you right and the federal government really doesn't need to prove to themselves that1:00:52they did a good job as far as they view it they always do a good job they don't need to prove to1:00:58themselves that you know they they vetted you properly um and so if there's ever a question about it they'll just do1:01:05the process again they trust their processes1:01:10question regarding that i mean is this a us thing where you have this split between1:01:16the federal and the state government i mean uh a country or you know sort of1:01:22would want to know who the citizen are because they need to pay their taxes you want to have statistics to be1:01:29able to do planning or building housing and education and that sort of thing and sort of handing all that data out to1:01:35each and every citizen would make that sort of impossible so1:01:41yeah there's something i'm missing here maybe no i don't think you're so there is still a certain amount of1:01:47data that they have to collect right but ideally the way they collect that is in a privacy preserving way like for1:01:54example the the latest uh us so there is a definite split between the federal and the state1:02:00governments um but i mean it's kind of like the split between like the eu in each individual state right i mean1:02:08france is not going to do things exactly like you know norway or1:02:13or germany there's a certain amount of national uh you know um uh1:02:19i don't know what to call it but you know there's a difference there like i mean you know norwegians are different from1:02:24the french are different from the germans and that's you know going to and it's the same way in the united1:02:30states every single state you know they uh is different from you know many of the other states so1:02:36i think this this split is normal throughout most of the world they just come under different names um1:02:43and there is information that you need to keep for planning purposes like the eu needs to play in on an eu1:02:50scale and norway needs to play in on a norwegian scale and each one needs different sometimes it's the same data sometimes1:02:57it's different data so to give an example of this the the united states you know does a1:03:02full census um every uh uh a couple of years i1:03:07forget the frequency but um uh when the the latest census that we1:03:13did though um use differential privacy when we collect the data and so differential privacy means that1:03:20they're they're you you know you you mix the data together so you get the statistics that you want1:03:25without being able to re-identify individuals when you collect the data and so that's1:03:31what a lot of um the the the federal government is going towards is1:03:37provable privacy for citizens when they collect the data because if they do it that way there1:03:43will be less lawsuits by the states against the federal government i mean frankly like texas will sue1:03:50the federal government if uh they they think that they're collecting information on texans that they1:03:57shouldn't be collecting right and so if the federal government can prove no no we're doing this in a privacy preserving way1:04:04they eliminate the lawsuits that are going to come from the states that that are ruggedly independent right um1:04:11so that's kind of the dynamic that that's happening and i think that's you know i think that's true in in in1:04:17many parts of the world maybe less so in in europe than the united states um1:04:22and and certainly less so in like you know china versus the the united states um1:04:30and i know that from a couple of books i read that switzerland has has become pretty independent trying to1:04:37avoid that this federal central centralization um but i don't have a lot of details on1:04:43it but it was just mentioned in this book that they have gotten pretty far in their way of thinking about how independent1:04:51everyone is and not have this centralized source of distribution basically1:04:58yeah yeah it really is i mean so i think the the the interesting part about1:05:05some of the self-sovereign you know identity technologies verifiable credentials and decentralized1:05:10identifiers is it works for um kind of both both um1:05:18both mental models right so if you want if you have a government and you trust your government and it's fairly1:05:24centralized then decentralized identifiers and verifiable credentials are still useful um but if you have on the other end of1:05:31the spectrum you know uh very little to no trust in government but you still1:05:39want the economy to to work or you have a a federal system and a state system1:05:45then you can use decentralized identifiers and verifiable1:05:51credentials to independent you know to to operate independently of one another1:05:57but still achieve both the federal goals and the state goals right um and so the the technology is1:06:04very flexible in in that sense and and the benefit there is that everyone's using the same1:06:09technology um even though their political philosophies you know differ1:06:16right it's just like the same thing it's like you know everybody uses the the web regardless of where their1:06:22political affiliation is right and that means that society gets to use that technology1:06:29and everyone gets to benefit um you know with that regard for their political leanings which is a you know i think1:06:35hopefully people would argue that that's a good thing1:06:42absolutely uh we're living over time um so i just first want to say thank you1:06:48for for taking time and i appreciate this conversation and i would like to continue if if anyone wants to continue um1:06:56and i don't know how much time you have money i'm i'm good for another 20 minutes or so1:07:02yeah so i'll stay on it and talk about uh things and everyone can stay on and ask1:07:08if they want but now the at least the time is over i what i just want to to hear about is a1:07:15little bit your guys's digital bazaar's particular participation in in the in svip project1:07:23um sure yeah and i can talk about one of the retail deployments nationwide retail1:07:28deployments that we've done i think that one's interesting because it's not gov it's a non-governmental1:07:34non you know supply chain uh use case so let me let me see if i can let me1:07:39share my screen again and um kind of get to that uh1:07:45let's see here um i want you guys to hear about1:07:51vocabularies is is are you did you write a part of the author for jason md or1:07:58what were some more jason ld for vcs uh well sorry1:08:04what was that respect for jason ld how was have you been involved with that why did we why did we create jason ld no1:08:11you you're part of the the creation of jason ld spec yes1:08:16and i was just commenting we saw vocabularies um in the screen here and then just saying1:08:21that jason ld is part of that uh really importance of of how1:08:28linking semantics to the data instead of having semantics and data and in a very1:08:34that's right a very separate manner because in norway we have created this big project called1:08:40the data book which has which is an api documentation and links to all1:08:47the different sources you can fetch out the data it's it's it's very separated1:08:52it's it's just rest right um but using json ld and verifiable credentials1:08:57you are able to tie the semantics to the data and start to talk semantics rather than1:09:04rest apis which is very nice yes that's yeah that's right i mean that it was it's basically a question of layering1:09:11um so you know i i think hopefully it's a given at this point that1:09:16um if you architect systems properly and have very good distinct layers1:09:25you can innovate faster you can test faster you know the the speed at which the1:09:30technology can be improved and deployed is much faster1:09:36than building a monolithic system in there are lots of examples of bad1:09:42monolithic systems that we've had you know in in the past um and so what what we tried to do with jason ld is1:09:49separate the semantics from the uh syntax so separate like1:09:56you know um be able to describe uh for example a vaccination certificate1:10:03in a semantic way where you don't care about it being serialized in1:10:08xml or json or cbore or any other format right so you talk about the semantics at1:10:14one point that's the that's the vocabulary part of it you under you get that data model correct where1:10:20where you shouldn't have to care about how it's serialized it'll just work in all the serializations um1:10:26the other the other thing is you know for digital signatures so um uh that's why we worked on the link1:10:34data security and the link data signatures work is because we wanted digital signatures1:10:40to be done over the semantics of what you were talking about and not the serialization traditionally and this is this is1:10:46through the 70s 80s 90s and 2000s um i think the biggest mistake that had1:10:53been made was tying the signature directly to the serialization so you could digitally1:11:01sign something in uh you know like the old asn.1 dr1:11:06encodings this is like x 509 the 90s you know 2000s technology and then the1:11:12next wave was jose where you could only digitally sign something in json1:11:18right if you want to digitally sign something it had to be in in json format and then if you converted it to cbore or1:11:24xml the digital signature would change completely the new generation of link data security1:11:31things um you can convert you can take the semantics like a vaccination certificate1:11:37you can digitally sign those semantics and then you can express that digital1:11:43signature um in the same way in xml and json and see more1:11:48in json ld and all these other serializations so that's what i mean by doing the right1:11:54layering you separate the vocabulary from the syntax and you separate the digital1:12:01signatures from the syntax and if you layer them in those ways then you start getting these1:12:07really amazing benefits like being able to automatically translate a json ld1:12:12verifiable credential into a seaboard data structure automatically instead of1:12:18doing what we typically do which is spin up a working group to work for two and a half years to1:12:24create this one-off bespoke format for you know a vaccination certificate for example1:12:31um hopefully that made sense i don't know if i i did a good job explaining that1:12:36i got it but i've been in the space for a long time so it's uh yeah yeah it was it was clear1:12:44to the to the extent without having to explain every certain detail but it was clear to that accent yeah i think that the takeaway is that1:12:51it is very important to separate semantics from uh digital signatures from the syntax that1:13:00you're expressing if you don't separate things in those three layers you jumble everything together and it becomes very difficult1:13:05for you to innovate on those layers independently of one another um so that's why we talk1:13:11about vocab what we're so basically what we're trying to do is make it so that all the technology to do the digital1:13:18signatures and the representation in the syntaxes uh is just there in working and you1:13:23don't have to think about it and the only thing you have to think about is the data model and the vocabulary that you use to express the information1:13:30so we hope and by doing that hopefully we enable the world to1:13:35innovate at the vocabulary layer without having to worry about the digital signature or the syntax1:13:41layer right so ideally you know the the perfect future and it's happening right so i1:13:47mean these these vocabularies were just like they were created in the matter of like three months1:13:53right and and they were working in three months and totally interoperable within three months whereas usually you would have needed to1:14:00have a two year incubation cycle at w3c or ietf1:14:05followed by another two year standardization process and at the end of it you would have like1:14:12a vaccination specification that would only work in json only using jose's signatures1:14:18and that would be it right um so anyway that's just a really quick thing on on1:14:24you know why it's important to layer technologies um the the other thing to kind of speak to1:14:31is so you had asked um uh what you know what are we working on right1:14:37now um there's a retail deployment of verifiable credentials and decentralized1:14:43identifiers that is in in pilot slash production now right so this is live in stores across1:14:49the united states it's using uh verifiable credentials and decentralized identifiers1:14:55and so if you know anyone ever asks is there anything you know large scale in production with1:15:00vcs and deads this is one example of what's here so there there's a there's a group1:15:06in the united states called the national association of convenience stores so this is1:15:12every uh gas station in the united states every bodega every small1:15:17shop um corner store you know that kind of thing there are 152 000 of these stores across1:15:24the united states so every single black dot that you see on this map is one of these convenience stores1:15:30right so it's like there are a lot of them uh across the the us um they1:15:38handle around 165 million transactions a day so this is people1:15:43walking into the store to get their morning coffee uh you know walking into the store to buy their lunch uh1:15:49and then walking into the store to maybe buy a bottle of wine or a six pack of beer1:15:56before they go home right so people use these stores a lot just for convenience1:16:02these stores sell a lot of age gated products so anything from in the united states1:16:09energy drinks are age-gated you have to be over the age of 18 16 to buy an energy drink lottery1:16:15tickets uh vape uh products and cigarettes1:16:21uh in alcohol wine and beer liquor all those things are age-gated products you have to show1:16:26your id prove that you're over a certain age and they do 50 million of those sales a day so every single day 50 million1:16:33people come in and buy those types of products and they have to check you know id the the problem of course is the us is1:16:39being flooded with fraudulent ids and the people that work at these stores are not experts at detecting fraudulent ids1:16:46and even if they were the experts can't even tell the difference these days so they need to move they really needed1:16:52to move to a digital identity mechanism um and if you sell to a miner in the1:16:58united states it's a two and a half thousand dollar you know fine 12 months in jail you lose1:17:04your liquor license in in these businesses remember our this is um middle-class businesses in1:17:12the united states so these people don't have a lot of money to weather that kind of financial1:17:17shock to give you an idea of how cutthroat1:17:23competition is in this industry if you have a store so middle class families own these1:17:28stores in the united states if you have a store that does uh one and a half1:17:33million dollars a year in sales your profit on that store is around1:17:40twenty thousand dollars so razor thin margins so one and a half million dollars goes through your store1:17:47all you make is twenty thousand dollars which means that most middle class families own a number of these stores they own1:17:53four to five of these stores to be able to just make a a regular like you know middle class1:17:59living so any kind of loss of liquor license jail time fine is1:18:05it i mean it's it's it destroys their lives basically right um in on a regular basis the police go1:18:12in and enforce you know age checks they go they we literally have you know we the the1:18:17police go out and find minors that are you know 15 16 17 years of age they give them a fake id that's1:18:24obviously fake id they send them into the store and if they sell to them they sting it's called a sting operation1:18:30and they they find the store so they're fraudulent ids you know1:18:35clerks are fallible all that kind of stuff and so the national association of convenience stores wanted to basically1:18:41take the clerks out of the mix give people strong digital identities you know all that kind of stuff so1:18:47um we built this program um uh that effectively uh puts vcs and dids1:18:55at the point of sale so that you can come in and prove your age like today you have to show your1:19:00driver's license but here you can prove your age doing providing1:19:08basically a qr code and the qr code is a digitally signed qr code issued by the national association of1:19:15convenience stores saying that you were age verified at some point so all the clerk has to do is look at1:19:21the picture um you know that pops up on their screen and look at you to make sure they match and they know1:19:27that every other part like the the point of sale system does all the other calculations if you're over a certain age um1:19:35if you're allowed to buy some of the products that you're buying you know things like that um so this is1:19:40called the true age program in the united states and this is someone using their their physical id so it's1:19:46backwards compatible with physical ids and digital ids so they basically hand their id over1:19:52they can also show the mobile phone you know it's scanned then they scan you know the product so1:19:59in this case you know these this individual this is a live transaction is buying cigarettes and beer1:20:05um they do the age check uh it shows that they're clear to buy you1:20:10know all these age gated products and they go on their way so that was a real1:20:16purchase using real dids and real vcs uh deployed in the united states um that1:20:22that purchase happened in january of this year um and it's you know it's1:20:27going out to restaurants and venues and things you know of that nature um so that's kind of a retail case1:20:36there's an online case too where you you know order alcohol online so you can use that same1:20:42credential this digital credential on the website so the website says prove to me that you're of the age 211:20:48you just provide your over age credential you don't provide your driver's license or1:20:54anything else that has like your name and address and all kinds of information you don't want to1:20:59share right so it's privacy preserving so the website has a1:21:06record that they did an age check so it removes their liability1:21:11and then when the delivery person shows up to the house they have to check your age too they have to make sure that you're over a certain age1:21:17and they and you can provide a different token you know an age token to them they scan it they can now prove that they did the age1:21:24check and then they give you you know your champagne uh you know to to celebrate1:21:29so this is an example of like these digital credentials being used in the store1:21:35uh and online um to do you know age gated uh purchases and like1:21:40i said that's uh deployed across the united states uh you know right now1:21:46uh in in 152 000 stores so let me stop there see if there are any any questions1:21:52um on any of that oh yeah has anyone raised any concerns1:21:59about like what's the biggest concern for fraud in this pipeline like um1:22:07so that's that's an excellent question um so there's a balance that we're trying to1:22:13meet with this um the the balance is oh here's another important thing1:22:21about the program the national association of convenience stores um1:22:27is they pride themselves on making sure that the transactions they have with their customers1:22:33are private transactions right they don't want like the customer doesn't want their information being uploaded and shared1:22:40with the industry or shared with a third party which is very different from the way like facebook and google operate right i1:22:46mean they so so they do not want that kind of feature the other interesting thing about the the industry1:22:54in the united states is that amazon is trying to destroy the industry they i mean you know amazon has their1:23:00convenience stores now you basically walk into the store you pick up things on the shelf and you walk out and they have tons of cameras around the1:23:07store that watch you as you're doing things tally up your basket and charge your card right it's very convenient but it is1:23:14going to put these 152 000 stores out of business and amazon is going to use that data they're going to1:23:20mine it you know as much as they can to to um uh to increase you know profitability1:23:26and things like that so the national association of convenience stores is basically saying um you know what1:23:33um we care about our customers privacy and we're not even going to ask you you1:23:38know there's a point in this process where we're not even going to ask you for a driver's license or any kind of identifying information1:23:44and every single token is a single use token meaning that it's the second you1:23:49use it it can't be spent again it can't be used again right um and so these qr codes are1:23:56dynamic qr codes that are digitally signed but all they say is you're over the age of 21 and when they're scanned at a1:24:02point of sale um they uh they don't have any of the age or or any of that other1:24:09information um now there's a good good question in the chat channel who makes the1:24:14enrollment for true age government department or the store so the store association does the1:24:19enrollment um the other thing that the store association does uh that's interesting is that1:24:26um they can they they're ways that they can detect fraud so there's1:24:33fraud can still happen in the system it's not you know because we're privacy preserving and we're not tracking every single1:24:38individual uh perfectly because we're using differential privacy there's a chance that fraud can happen1:24:44in the system so for example let's say that somebody takes a screenshot of this qr code1:24:51and they put it online um on the west coast right of the united states and then on1:24:57the east coast the person goes in and uses one of their qr codes well the system will be able to detect1:25:03behind the scenes the system will be able to detect hey this same individual we don't know who the individual is but the same1:25:09individual used their mobile phone on the east coast and the west coast1:25:14within uh two hours of each other that couldn't have possibly have happened physically it's physically1:25:21impossible for them to be in both of those locations so their account will be flagged and the next time they go into the store they'll1:25:27be asked to show their physical id right in and it'll be a warning like please show your physical1:25:33id or you don't have it that's okay next time you come in we need to see your physical id we think fraud might be happening someone might1:25:40have you know cloned your uh you know qr code um1:25:45and then they're able to do that three times before they're just locked out of the system like no you have to show you know your1:25:52physical id or you have to show multiple forms of id at this point um and so they're doing this to try and reduce the number of1:25:59you know underage purchases that are happening um or fraudulent purchases that that are1:26:04happening um so so the the national association of convenience1:26:10stores onboards people into the system they manage you know um you know uh1:26:16the the validity of these accounts and the main reason they're doing this is to take the liability off of these1:26:22middle class stores so that all the middle class you know the person running this store um has to say is1:26:30look i have proof that i checked right and it said they were over 21 i have no liability so the liability1:26:36shifts to the national association of convenience stores who is better equipped to fight you know1:26:42uh certain types of uh lawsuits if they if they you know happen so it's about liability1:26:48shift it's about enabling you know better uh age checking at the1:26:53point of sale um and it's you know fundamentally to try and help these businesses1:27:00while at the same time making sure that these stores don't start building a massive tracking1:27:06database of every single customer coming into their store the reason the tokens are single use1:27:12is to make sure that they are not tracked as they go from store to store at a national level so that's where we1:27:18use differential privacy and and uh prevent these things to be they1:27:23prevent these things being used as tracking cookies or tracking tokens1:27:28did that answer your question first yeah yeah thank you very much very clear1:27:34yeah very impressive it's it's really nice and it's also i guess because you guys have this in1:27:40dropability suite uh you could come with whatever wallet from those uh other exactly actors so that's that's1:27:47kind of where you get to sp the spectre of hey you have private companies contributing to this and you're not1:27:54going to have this lock-in effect that you have to have a true age wallet exactly yeah yeah exactly and it was a1:28:00requirement so the national association of convenience stores has also felt the pain of vendor lock-in1:28:08and they said absolutely not we we really like what the department of homeland security is doing we are going to align with them and the1:28:14other reason they want to align with with the us federal government is because if there are these digital identity cards1:28:21then they it's much harder to create fraudulent versions of those digital identity cards especially issued by the1:28:27us federal government and if they if they get that then they can1:28:34make their onboarding process much more secure so you're providing a digital identity1:28:39card issued by the federal government with a digital signature over what you look like uh you know so1:28:46the so you know that somebody hasn't photoshopped you know a different picture on a on a a1:28:52driver's license um there are all kinds of benefits that they get um to make sure that the people that are1:28:58buying their age gated products are actually over the age that they're supposed to be um1:29:04absolutely good uh thank you for sharing this case as well1:29:10i think based on your last comment that your time is up now um1:29:15and uh i really appreciate it and um a lot of people also think this1:29:21is very impressing and i hope that by us in norway also getting this mindset we are able to1:29:29get ahead because we have a very safe way of doing bank id it's like easy to make a service based1:29:36on a trustworthy digital identification uh but it's it's not to to the level of1:29:43what you see with true ages yes like oh yeah you can log in with bad guy indeed and get yourself1:29:49that data you need but it's just that right right yeah yeah so there has to1:29:55like bank id becomes the central source of every transaction everything you do in in norway yeah uh1:30:02but it's not even in sweden and denmark you have this thing called bank id but they're not that's not directly1:30:10transferable because we're using national ideas uh identification number and it's a different national identification number1:30:16in sweden yeah not to use my bank id in sweden directly yep yep yep yep yeah it's a it's a challenge but i mean1:30:23hopefully you know the the good news here is that you know their technology is being put in place and these are global standards1:30:30so you know the ability for you know norway or you know denmark or sweden to pick these1:30:36things up and just reuse them um you know it's it should be a fairly1:30:41easy lift right versus creating your own you know national program to just do digital id yeah1:30:49absolutely i'll stop um live stream now and then i will sit1:30:55there for a little while if anyone have any questions but i think we can stop for now and then1:31:00thank you a lot for your contribution manu uh i'm really happy you came and talked uh and thank you1:31:06thanks thanks for the invitation always always happy to to share and yeah happy to you know if1:31:12there are any other questions um you know happy to answer over email or you know the public credentials mailing1:31:18this the credential cg uh is a good place to to ask questions as well1:31:23i'll share these emails