 Yeah, thanks. Okay. I'm happy that you're still here. It's in the late afternoon and really happy to be here again at blockchain for science con and Yeah, let me Ask you first if your uncle would ask you tonight. Okay, please Explain me the self-sovereign identity thing. Please. Yes. Would you feel a little bit confident to be able to explain this? I want to show see hands show of hands Only very few hands. I'm happy about this because otherwise, okay, I would be screwed great So Yes, and ah and how about decentralized identity if your uncle would ask you to explain decentralized identity What about then would you be confident to be able to explain? No, hardly. Okay. Good. Great So, yeah, let me just skip across The intro of tib. I'm a librarian working at the German It's a Leibniz Information Center for Science and Technology tib if you are more into that kind of stuff Look it up at tib. EU You find more from my current or day by day working things on Twitter. I'm Lambo on Twitter and and Let's dive right into the the topic so so as you know identity on the internet is really fishy and it's really it's really a heart And a very persistent kind of problem, right? So normally the proponents of self-sovereign identity Put it this way that we have kind of three Subsequent generations of tackling this problem The first one so represented here was a classic New Yorker cartoon on the internet Nobody knows you or a doc. You all know that one It's represented by the approach That you have services normally sitting on some dot-com website and they allow you to establish an account with them So prove that you are there Somehow on the internet is that you have this account so that you share some secret with that Side or service the downside of this is as you all know who of you uses a password manager Please show your hands Okay, that's okay. The rest of you. Please get yourself a password manager. I'm not joking here It's important, but but it's a mess. You know that right so and The thing is This is really not sufficient and people have been aware of that pretty early on So they moved to another generation of things and that is Identity as a service so you Have an account only with one or no not actually not only one, but this is another part of that problem But only with very few big Providers of identity like for instance Google or Facebook and Then you reuse that information that is sitting the personal information that is sitting about you with them when you want to enter another service, right and So the common way the web 2.0 was framed is this famous time person of the year title of 2004 where they said Okay, the person of the year is you because you create all of this content and you are highly active all over the internet But in reality it looks like more in this collage where these identity Providers become Tremendously powerful and by the way small footnote. I don't need to explain that to you It's very convenient not only to you But also for the surveillance state because there's only one or very few providers who know Almost all of your whereabouts and what you do on the internet And then we have the third generation so the story goes of the Self-sovereign identity people and please please don't don't believe me But rather have a closer look on the seminal blog posting by Christopher Allen from 2016 about self-sovereign identity. I don't put the link here. Just Google it. You will find it and That third one is to say Okay, I want to own My personal Information the person about what I do what I'm allowed to do and so on This should continuously stay with me And I should have full agency and and the power to control where I apply it We're not and and this is basically this concept here like like like in the old physical days and To this audience here. I don't need to Explain you why the concept of what a wallet also applies to the digital world, right? So that we have a similarity I'm not talking about cryptocurrencies here, but it's still a similarity We have in cryptocurrencies this Slogan not your keys not your coins, which is very true and very important to understand this concept And the same is true for credentials right and So so it's moving from here to there obviously Okay, now let's dive into what happens in the background if you want to make this true the idea of credentials in an Identity wallet app running on your smartphone or so And the last few years Within the W3C but also within the decentralized identity foundations a couple of very interesting Standards were formed mostly around the concept of decentralized identifiers or DID for short and Verifiable claims if you don't know these standards yet, please look them up Super interesting you will be impressed by how far they have come already although Even here in this very specialized audience many people have not that much out of it now super important stuff and So I will very very roughly very superficial here of course because of time reasons Go through the terminology and the basic concept of decentralized identifiers So the idea is that you are the holder with your wallet of some credentials You will receive them by an issuer and you apply them Against a verifier so you for instance if you apply for a job You take that credential that you received from your university that proves that you have some diploma So it's can be easily automatically processed by the verifier And it's it's not up to you to prove this again and again every time because the credential is digital and cryptographically secured from the get-go and What happens here is that every time so now we are into the DID standard, right? every time I receive such a credential I Establish a unique connection to the issuer by setting up a cryptographically secure pseudonym So I receive a credential or to be more clear a number of very fine grained verifiable claims about my person I Put them to my wallet and at the time I want to show them to a verifier For instance in this case. I made up with a job application. I Establish another pseudonym to pseudonym relation to the verifier So I make sure that the verifier knows only About me what I essentially want him to know or her to know and even if that same person receives This kind of information about me from different sources. They cannot correlate because of this pseudonymity thing so this is pretty interesting and then in every case of Digital certification you would ask okay. Do how do I verify the digital signature? With my verifiable claims and how do I make sure that the issuer can revoke can even revoke these credentials at any time And therefore I need some medium that allows it without interference of any third party to make sure that the basis so for instance a digital signature key is gets stored on the long run on that medium and that it is has a very good uptime independent of if the Issuer is willing or is able to to give that data to any third person and When I describe this medium and that way you already know what I'm talking about It's a primary prime use case of a blockchain, right? Best it's a public blockchain So and the interesting thing is that it is a very highly modular use case of a blockchain So there are people who say okay. We can just Scrap the blockchain part we can still apply the standard, but instead we use just a Distributed file system by IPFS or so like IPFS, but it's but it's a pretty good use case It's pretty interesting and there are not so many other use cases of blockchain This is already telling and a little bit interesting where the w3c has already is already Supporting this development of standards and it's a very very basic question I mean, I just talked a minute ago with Garrett another librarian in the audience librarians and about the proof of existence approaches and Garrett Was saying that this is all very nice But without identity many of the use cases of for proof of existence are somehow broken Because you would only prove that something was there in the past at a certain time point of time in the past but to relate to some piece of information is Has a huge additional value in many use cases. So you need identity in many many cases So went now as a usual Advertisement block in between we are running a Horizon 2020 funded project named quality chain where we apply all of these concepts in higher education And just to hypothetically you spoken how many minutes do I have left? 18 I have left. Okay. Okay, great So I can slow down and No, just joking. So The thing is In the US, it's pretty common I mean Michelle would know more about that I guess that if you apply for a job, you do not have to give away your gender or your ethnicity So for instance, maybe not even your name, right? Because you can derive certain things about that and with this kind of technology that gets much Orders of magnitudes easier and this is beautiful because an employer is hurting itself when when when he or she when the employer is sorting Applications by gender and so so this is a huge benefit to to have this in a very simple digital way underpinned by such a concept or Imagine you are Zürnke you you are a very micro provider of Scientific events or learning educational events and you want to Allow people to take this credential away Back home to their employer that they visited this event here. So There's a prohibitive barrier for Zürnke to give out certificates because this would require so much additional Biocracy, I know that he has enough to do already with this event, right? So it would be great and this is typical for digitalization all of the time to have this more common easier just a wallet app. Yes, if Zürnke would have a Decentralized identity app that would allow him just with a click on a smartphone to give all of you as a credential I would be sure he would just happily do it, right? And and this is the underpinning for this kind of applications where you have like credentials on a micro level Yes issuers on a micro level or small contributions to a project things like that or Imagine you are a student from Tehran, right? And maybe you have even some digital certificate about your university diploma But then as it happens you have some globally operating provider of certification infrastructure of diploma and then Since it's sitting in the USA the USA decides. Okay. No We feel not not good about this We don't we do not want to provide this kind of service to to Iranian universities. What do you do then? right, so therefore again this Medium that allows you to make sure that everybody can verify your credentials without interference of such even such a big important third-party than the US government or Last last last things very subtle very subtle here, but maybe interesting You learned a lot from Michelle about GDPR if you happen To want to make sure that your decentralized identity solution is really strictly GDPR compliant You will be super interested in these standards as well and we in our community We tend to go over these GDPR requirements a little bit like with ah, yeah, okay Let's see how we get away with that right, but maybe sometimes it's serious and you should make sure that it is really That it is basically at least possible to be compliant, right? Sorry Yeah, yeah, yeah, and sometimes people ask me, okay But but but wow why is it so important to make sure that a diploma is not forged somehow or so and in the context of Germany, maybe it doesn't happen that much, but this is not the thing. I mean to have Diplomas and stuff like that in higher education or even smaller things like like credentials about that you Contributed a peer review in science or so to have this digitized once in a very robust manner Make sure that things can be processed in a much more efficient way It's not about the the the probability that one particular credential gets forged by somebody, right? You get me so and and to have this level of automation You you want to make use of this of the possibilities of blockchain here so and now another Little bit subtle thing Although the ID is all about exchange and show social relationships. It is not actually about Decentralized autonomous organizations or tokens. Let me make this clear. So if you Let's assume we are living in a smart city and Our employers certify the Microfact about us that we that our workplace is in a certain part of the town and Maybe we have some homeless people. They don't have an employer, but their shelter Provides them the same credential because it's almost free. Why not? So then we would have a latent community of people who can prove that they live in this part of the town and the local Authority could easily ask them about a certain decision that is to make right so this is a neat example of Latent communities of people who relate to each other to certain very particular credentials they share and this is Immensely powerful if you think about it you can do a lot of this with this and There's a lot of this disruptive potential here, right and of course now you could say Therefore the ID could also be a super interesting building block for a DAO or some other Civil-resistant kind of peer-to-peer network you get me right so with this kind of stuff You could basically basically come up with a proof of individual personhood or something Super interesting, but let me let me challenge you a bit you you have all lots of blockchain related ideas or even running initiatives and projects and Ask yourself I would challenge you to ask yourself is blockchain for what I do really necessary because often we Put a field that we know about from our own experience For instance research because we are researchers or work in a library or so we Put on top of this some new social mechanisms that we just introduced by using a blockchain so we introduce some incentive system or so and Often in many cases This might be valuable and interesting right But we need to take care if we really need these kind of stuff and as you Hopefully have as I have shown you here for having an exchange between Psoidonymous self-sovereign borderless Identities You don't need that much of a blockchain so in some way. Yes, it's it's it's it's convenient, but It does it doesn't have anything to do with incentivation mechanisms or monetary value transfer or things like that think about this It's I think it's really useful to be analytic about this and and think about where we really need new incentive mechanisms, so I After Dave gave his talk about Artifacts somebody from the audience asked okay Are you introducing some new incentives and Dave's answer was super interesting and super reflected and I liked it a lot Because Dave said no we don't need to because it's already in place and it's citations So whatever we do here for artifacts We we would just allow people to apply the concept of Citations that is already there to more stuff and this is very reflective and very interesting. Okay enough of the propaganda let's go on and so How how will it look like and the real world and I would say just look on Korea That they are really it's really amazing to see what is happening there because okay It's a fine print. Maybe look look it up on coin desk. It's it's from from a few weeks ago But it's an unfolding story from the last month that You know many of large attack firms like LG and Samsung are sitting in Korea And you have the telecom providers the banks the educational sector These IT companies and then some more players And they agree that they want to start Kind of a self-sovereign identity landscape For everyone for everything in Korea and that is this is pretty exciting because with these large new concepts You always have you know this very well this kind of chicken and egg problem, right? So it's it's only fields valuable and interesting if you have issuers holders and Verifiers right you need to have everybody on board and that's kind of hard So therefore this is super interesting to have a nation where this is sitting high at the top of the national agenda kind of Let's wait what happens there, but maybe a little bit more hands-on another example is what is happening in British Columbia, which is a province of Canada as you might know and There you have already lots of things running in their github repository look it up They had this idea two or three years ago that if you have a startup in Canada It should be much easier for you to go through all these Bureaucratic bottlenecks right to register your business and therefore they came up with a landscape of self-sovereign identity tools that allows us and They even have so-called recypes. So you after you have one step ready With your new business you automatically go through the next authority and get the next permittance or whatever and It feels almost from the user experience side of things like a wizard But actually there is no not one centralized website that that Stores all the information about you, but it's completely different authorities operating under different rules national law and local law and so on but With self-sovereign identity and identity wallet apps and so on it becomes pretty easy and this is a pretty convincing example and At least when you look at this you come to think okay, when does it happen in research? when would would it be comparably easily to to Maintain your own identity as a researcher online and Okay, yeah, yeah one footnote to the last examples They are operating with the sovereign blockchain which is a permission blockchain We heard a bit little bit about another permission blockchain today blocks back and As you know With very good reasons you might be Doubtful about this approach, but I can tell you help is underway. So this is a decentralized identity Foundation is working on something that is called Citree protocol where you have so this is these standards are very modular and they take care that you can That you can verify Yeah, certain DID documents that are stored on a distributed file system against Bitcoin or Assyrium whatever you want. So this is a drop-in replacement with an open public large blockchain and yeah, if you like that better Just have a look on at their GitHub repository decentralized identity foundation Yeah, and and not not forgetting to mention Microsoft is on this as well. They are working on an implementation of that protocol Which I think is pretty interesting to have Microsoft in this area and But now we are not there yet. We have still Identifiers that are maintained in a more centralized way like orchid still I would ask you not to ignore them It's important to understand that they are already geared towards more researcher autonomy and I think we can grow together and and and Yeah Last year we had I think there was somebody from orchid who gave a talk I'm not sure if I remember this right, but it was mentioned. So they are also interested in developing themselves and Okay last slide And so I like the 1990s and I both liked a lot Microsoft and Carter. Yeah, I even bought the CD I was that dump and I also liked the wiki wiki web from what Cunningham and in retrospect this was a pretty similar situation maybe because What Cunningham was was just a single agile developer was toying and playing around with html And what else you could do with these new standards, right? And you all know what happened later six years ago or so later somebody said, okay, let's set up another Interesting little game. We call it wikipedia and try on based on this simple html based open thing Or kind of thing to establish an encyclopedia and at the same time Microsoft started in Carter and you know what they started with 25,000 articles and multimedia and it worked I had it on my windows 95 system I remember this very well and So on the first glance you would say this is super successful and interesting Because you have the entire ecosystem created all at once While this is totally lagging behind and why would somebody would find this interesting, but it shows that focusing on standards Setting some building blocks allowing people to come up with new things by themselves and toy around with what you found out On the wrong run can be much better That's all Thank you Topic in this nice approach you need to hit once and then you understood it at least you can like if you go Okay, maybe one or two questions. Oh, yeah, yeah, yeah, exactly. Okay. So one or two questions So we don't need to bring our driving license anymore. We can just prove it to the Yeah, it will it will become a super interesting information market There is a lot of monetary value in there, right? Because the Department of Motor Vehicles or so will give you maybe some credentials and you can reuse them in Unpredicted ways because at some other place you might Use them to prove that you are above 18 years old or so. Yeah So how if I do verify some claim from some user, how can I verify that this? Claim was issued by a how can I trust the issuer? Anybody could have been the issue Yeah, that's a very good question. So so in fact you end up with this. This is also another 1990s reference. That's nice anybody remembers PGP and the web of trust totally okay, so that was the decentralized decentralized approach to Have a maintain a public identity on a key server and collect Verifications of other users and we will end up with something like this and you can also do this Yeah, I mean you can have a mixture right you can have an infrastructure that isn't nearly unbreakable because blockchain and so on But you're talking about a web of trust basically Right, okay, it can also be used by government authorities for instance, right? So this will be an interesting mixture and interesting to see you will have a very open layer of information for Verification of signatures and so on and still you can have old governance models That use that layer So to say yeah, thank you no more questions and thank you again