 Thank you everyone good afternoon I'm here to talk about spruce its mission sign in with the theorem and how the concept came about its being and Especially where we go from here This is my third time in this country, and I'm really excited to be in Bogota and looking forward to exploring more of Bogota Before we jump into the all the fun stuff about spruce and sign in with the theorem. I'd like to give a quick introduction about myself I am Anukriti Kaur. I'm a product manager with spruce Before joining spruce I was working as a data program manager With an airline in New York City. I'm a computer science engineer. So I understand technology a little bit and code a little bit as well I started my web three journey probably 11 months back and two months back I took the plunge and started working hundred percent in this space and There hasn't been any looking back, and I'm enjoying every bit of it so an Outside of work, I love dogs, and I'm really passionate about them and my husband and I we try to foster one dog Probably every two months because we are not yet ready for the commitment So let's jump on to the fun part now. Oh, yes So spruce I'll talk more about spruce but it's a two-year-old company and we are working a bunch of use cases of data and identity and That's the team there. We are 17 to 18 people company and I love working with these folks Okay, so this is we are All this we are going to cover today probably next 20 to 25 minutes. So Jumping into the decentralized identity where spruce functions in so just giving a quick background of what is decentralized identity? So decentralized identity is an open identity framework where you own the data and it's all open and self-controlled Think of decentralized identity as Statements about reality and these statements about reality could be on-chain as well as off-chain and They can range from anything such as where do I live which university did I go to how much ethereum? Transaction I made in last one hour. What doubt it do I work for so all day all those statements are statements about reality in some way or the other and I Said that it could be on-chain as well as off-chain and on-chain example could be that An ethereum transaction happened a signature was involved and if something happens the ethereum blockchain can attest to the state of itself and of course, it's fully verifiable and The off-chain example could be the second line is It could refer to as a json signature and an ethereum address associated with a Twitter account or a Google account so But there's a difference between the on-chain and the off-chain as said off-chain is fully verifiable And there will be cryptographic evidence for you to prove that this is true Whereas for off-chain if someone says my Twitter account is associated with my ethereum account It may or may not be true. So It all depends on who is making the claim what evidence is being provided in that statement and What how are you interpreting that evidence of? Statement so for example if I give you a driving license and you get caught by a police officer And you show that driving license it has no value So it has to be given to you by a transport authority in the US we use DMV So DMV has to give you the driving license and only then it would be a verify verifiable credential So how does this happen off-chain? So let's try and decode this diagram a little bit. So What I explained previously that it's a trusted framework who's issuing the statement and Who is verifying it? This is what happens here. So this This model is known as verifiable credential model It is a global data standard issued by W3C and if you were to work in the decentralized identity world You'd hear about this a lot So and we like to call it at spruce is issuer holder and verifier so issuer for example could be a university and Where the holder completed their masters from and the verifier could be an employer Who wants to know that whether the holder actually completed their masters from the issuer? So in this case the issuer will issue the credentials to the holder which will live in holders wallet and Once the verifier wants to see okay. I want to verify whether The holder completed the masters from particular university the holder will send the credential to the verifier So we want to move to a space of user and wallet centricity where the user decides What data to share to be shared and with whom so a small example of this is You have these social media websites and Let's say you have a page there. You have hundred people who follow you and 50 posts and you have several likes on them So that's one part of the data and then the analytics are associated that few people like every of your post One of the reels got maximum engagement. Where does this data live now? This lives on the intermediary or the social media's website We want to move to a world where you own all this data the information and the data analytics associated with it and hold it in your data vault so This is this is what is happening here So today is you are the user the application and the database sits with them but we want to move through submission is to let users control the data across the web and we like to think that if platform instead of user going to the platform and Resting all the control of the data with the platform We want the platform to come to the date come to the user and access the user's data vault And that's what's happening over there the database is with the user So spruce We like to think of ourselves as user control maximalist We want to provide maximum user control to all the holders of their data and We believe in self sovereign identity and that's where we want to move to okay, so See we see we is sign in with the theorem that solves a big problem And I'd like for us to understand the problem first the problem Not really a problem, but what is happening today the big login? So when you want to sign into a popular service you will ideally a user ideally will use Identity provider which is mostly centralized and has control of all the users identifier While they might come with a problem, but I think they also have solved for a great user experience Case in point a forgot password I use for God password on a regular basis and I'm sure a lot of people here But what if there are few users sitting here and out there who want to have the Option where they want to have the responsibility or full control over their own data set And that is what not happens with big logins as of today So we want to move from Not your keys not your crypto to not your keys not your identifier or this could be not your keys not your data as well So I like to do a quick thought experiment related to the big login. I Have a Gmail account. Let's say tomorrow. I lose all the access to my Gmail account What all will I use the access to it's not just my emails It will be everything that I use my Gmail identifier with for me personally. It could be Amazon Etsy Uber Airbnb so I am giving a lot of power to this another identity I'm at the behest of this another identity, which is controlling a lot of my data and who may or may not be incentive aligned with me all the time But if it was key management, I would easily Probably learn about key management or deploy a key management system and then I'll be able to control all my data Okay, so these are few factual points. MetaMask has done a great job Last it was seen that we have 21 million users. That's monthly active users on MetaMask But as of today, we just use the transaction the connect wallet to do the transaction The financial transactions and that's that's about it So how can we better do the connect wallet part? and that is where sign-in with the theorem comes and If you've logged in to your passport site on Defcon You have the option of logging in with your email and with sign-in with the theorem. That is what sprues Sign-in with the theorem compliant is So quick history of how sign-in with the theorem came into being I think summer of 2021 Ethereum Foundation and ENS DAO released RFP and call for proposals on and requesting for spec which included reference implementation of JavaScript and backwards compatibility compatibility mode with OpenID connect and OAuth so that people or users on the web to world can also use sign-in with the theorem and This was right after the Vitalik's talk at ECC where he talked about the importance of identity and that is when people realized There could be a bunch of use cases with sign-in with a theorem There was a call of a lot of RFP Proposals and a bunch of proposals were submitted and spruce was lucky enough to be picked up So we developed sign-in with the theorem in the open on in public There were ton of community calls. It took seven to eight months to develop these specifications and the whole core core libraries and We worked with a lot of dApps with a lot of wallets and you can go and check it out. It's called e IP for three six one that's Ethereum improvement program for three six one and It's very close to be getting approved Okay, so How do you interact with the web three world today? You go to metamask connect what click on connect wallet and you are there exploring the web three ecosystem That's about it. Nothing happens there. You are proving that you own the public key, but not verifying your identity So connect wallet you are just proving to be the account holder without any proof and that is where sign-in with the theorem comes so sign-in with Ethereum is a specification that includes both elements of identity and Signing to enable users to take full control over the data using their Ethereum profile and in an ENS profile and Of course, this is all open source and that can be checked out So see we has been going on for a while I think people have been trying to work with authentication flows on blockchain accounts since 2016 2017 and What we've done is we've standardized the message when you sign in with the theorem. It's a standardized message I can show you how it looks like in a second and sign-in with Ethereum was developed to a heavily with JSON web tokens, which is of course live in production and used by billions of users So these are the examples of what happens as of today. You see a random nonce When you sign in or probably a random hash which has no meaning to a web to user or Sign into my my website or there's a there's a small message But what we've done is we've given a standardized message and a rigid grammar which where There will be no Militia statements can be injected into this and we've purposefully made it that way so So basically we've standardized the message to give the user a great you UX experience user experience but we've also added few security features and one of the most important security features is domain binding so by domain binding I mean when you're trying to collect to a wallet and It says your wallet says that domain for example example or g is trying to connect to your wallet The wallet will now actually be able to see or the wallet has the opportunity to check whether example or g is an actual website and The request is coming from example or g This happens over a TLS connection. So the wallet can say with pretty Con with pretty much confidence that this is not a phishing site an example or g is an actual site so and This is this is the example of that and the wallet will keep on popping up messages Give will give you messages probably three or four times to warn you that this is a phishing site in case Example or g is not what it claims to be So that's how it will look like the sign in with the theorem and if you were Signing on the Defcon app using sign in with the theorem. That is what it will look like as of today So as as mentioned before we've developed see we out in the open with all the community With a lot of wallets and devs and these are our initial partners and we will be working very closely with them in coming months and weeks So what where do we go from here? See we? see we is a Basic library that will enable great user experience and will provide security features but we are trying to work with on a bunch of products where The data can be brought in by the user So you have Twitter account associated with your Ethereum account and you can bring that wherever you want to it Doesn't necessarily have to be on one side You want to go on Uniswap you can you can take your Twitter account or Facebook account with you so that's your bring your own data workflow and We are also working on core libraries and some products where CUE functionality will be enhanced and and Being able to work with wallets and apps very closely So if I were to leave you with few thoughts Silent in with the theorem provides with you with a great user experience So if you are a wallet or that you definitely want to use it because it will help the user Especially a web to user get on boarded onto your wallet or your DAB pretty easily and it provides security for the user as well So you can definitely avoid the phishing aspect and we are trying to build CUE and its components more So if you want to work with us we build in the open, please reach out to us That's my Twitter handle or feel free to reach out to anyone in the team We are pretty responsive and we'd love to work with you guys. So yeah, thank you everyone