 I can't get a little sense of which direction I should go, maybe ask how many of you consider yourself very technical engineering background versus like in finance and others, like technical maybe with your hands? Okay, so all of us, that's good. My talk was prepared for 45 minutes, then I realized it's only 30 minutes, so I'm gonna try cover everything in the very end. There is some case studies that we could cut some of those, maybe that will be a way to cut time if I run out of it, but I will try. Okay, so just a quick word by myself. Wenjin Chu, I'm a senior director for technology strategy at the Futureway. My so, internal job function is to drive strategy for metaverse, web3 and trust, so everything sort of altogether. And in that capacity I've been involved with a lot of our open source projects, currently working with a group of companies trying to start an open wallet foundation. There was a mention earlier by Gabriel, it's gonna be based on Europe, so he's very much involved. I'm also in the steering committee for trust-over-IP, it's another Linux foundation project, work on specifications for trust and trust architectures, et cetera, and WS3C, the worldwide web, so you're probably all familiar with. So with that background, I will probably get started. It's, we're gonna talk about architecture, and really it's three things. One is a general purpose open source digital world. And I think a lot of the time I want to emphasize the first phrase, the general purpose. The second one is universal in probability, and what does that mean, why it's very important, and then finally we can talk about how to achieve that as a architecture, and there are a few case studies, like if we have time, we'll go through those as well. So, and I hope to get your feedbacks, opinions, and potentially interest in involvement, so that that will be my purpose of this talk. I'm gonna start with the general purpose portion of it, and so there's a so-called specialized, and we're using crypto as a example, because a lot of people automatically think about that, but so I list a bunch of them, but this is, you know, like I'm not as super familiar with it, but there are a lot of different wallets out there, and there are many different types people talk about, whether you have custody, or it's actually a proxy to another account, and you can even imagine whether the money's actually in your wallet or stuff like that. But, you know, the way I think of it as a specialized is that it's only for one this particular purpose, versus on the right, I'm using this Wikipedia picture for iPhone, you have essentially a container for lots of stuff, and these are digital assets, if this can be money, it can be cars, you know, passes, and IDs, and can be essentially anything, like why not, right? Anything that you feel important enough, you want to be there, you want to have a very personal control of it, so think about it, yeah, it seems like it will make sense to have a general purpose one. The other way to look at it is this crypto wallet, especially at all, so I copy this from, I think it's like a tutorial from Money Magazine, right, for layman's terms, but essentially what is this wallet anyway? It is just place to keep your secure code, or if you fancy, you can say, well it's the owner's identity and account. It's just a UI so that you can reach an account which is actually elsewhere, not in your wallet. And if you think of that way, then it's no different from my bank app, which is basically a little app which allow me to log in, get authenticated, which allow me then to access an account actually not sitting on my phone, but in some bank's infrastructure. So in that case, this crypto wallet is no different is that I think most of them are very badly designed and therefore there's a lot of trouble with it. So the other concept want to shift to then this proprietary or close versus open source and open standard and we, I think in this country, we familiar with iOS and Android all have this concept of a roughly general purpose wallet. And so there's a lot of companies that really want to see the need for open source implementation of a wallet but also that such a wallet app is on open standards. So this openness, so if you think about a credit card, you have, these are, which is in a way a consortium and which bank offers, the card doesn't really matter in terms of openness or interoperability as long as it's visa. And so in the similar concept can be applied for any other asset, which some organization or some industry may define a standard and as long as all the parties use that same standards then that will be interoperable. In addition to that, the wallet itself we may, for a general purpose wallet we may want to standardize how it behaves so that any person can access or interact with that wallet or build that into their applications without essentially have a gatekeeper. So we will have a standard type of wallet, the gatekeeper is all of us rather than two giant corporations. So that will be another purpose I think for to achieve all of this and I think it's a very important and very timely thing that we think about this. So to summarize I think that digital water is a very critical piece of technology and we need to ensure it's openness and the level playing field and with interoperability. So that is based on open standard and open source that can solve a lot of problems that we don't have to reinvent all these solutions in different industries. So you can think about someone like a DMV issuing driver lessons versus a bank who want to connect with their consumer and access their accounts or a crypto or a university want to issue a diploma. Why do we need all these different verticals to come up with a solution again and again? So that's the concept. I will say a little bit about the Open Wallet Foundation is still being formed, not formally launched yet. So this is the press release back in September when really the discussions and appropriations started. We hope to be able to announce the formal launch pretty soon. And there's some of the, I think the key was here about the mission, why we are doing this, right? And naturally we are talking about Wallet very loosely strictly speaking, this would not be exactly a wallet but a engine or a, you know, that for someone to build a wallet. But this wallet, it doesn't matter which one built into their product, they will all be based on the same sets of standards and be intervalable. So you have a wallet that different kind of cars can be, a different kind of asset can be added into it and the asset will behave based on whatever that particular vertical standardization says, you know, it should be so. Anyway, so that's the concept. And there are some examples of these assets we're talking about. Again, these are currently because the Foundation hasn't really been set up yet. All of these are simply early discussions and there's a lot of people interested in payment organization based on EMV and so that, you know, naturally the credit card companies are interested in that. I also, MDL is the mobile driver license. I think there are three US states already supporting it. The W3C, Verifiable Credential, is a decentralized way to do credentials. So the Verifiable Credential is really, even though they use credential, it's basically data that's verifiable. So you define any kind of data you want and the verifiable simply means that you can, independently, without reaching out to a centralized server to be able to verify the data's validity and I should say authenticity of that. Anonymous credentials are another type of credential that allow people to do zero knowledge proof. So you can do selective disclosure, sometimes even combine information together and so that's giving you a lot of privacy control to the consumer. Underneath here are many of the related organizations, either work on specification or open source. So I would probably skip the introduction of others to save some time. So the question comes to, how do we achieve universal interprobability? Now, I'm gonna jump into more engineering times and talk trying to maybe walk back about the internet principle or the architecture of the internet. And there are many ways to summarize this, but for today's talk I'm gonna talk about protocol and layering. You may also hear so-called N2M principle or hour-glass architecture or universal reachability. Basically in the very beginning of the internet, actually internet was a small rebel against many much better funded and established alternatives. But internet in the end won because it followed a very simple idea, which is to make sure that we maximize reachability or we want to be able to allow internet protocol to be supported in almost any devices with a minimum effort. So it naturally does the least. It has a very minimum functionality, very little, but it trying to create this network effect, right? Now it's a very common idea now, but at the time was it very revolutionary and it was proved very successful. So unfortunately in that minimum set of functionality in the internet, the authenticity or some people will call security is not one of them. They are not in it. And so we've been trying to sort of live with that decision ever since and we are trying to again propose a new architecture which will add the authenticity or security of it, but without with the same kind of universal accessibility. So we want to make sure any device and with the minimum set necessary to achieve trust and then use different layers or higher layers to add new functionality on top of it. Okay, so this is a very common picture. People start with this dark cartoon and so I have a very general purpose picture with two entity interacting with each other through technology, right? And then if the Bob on the right side receive a message like this, what do you do with it? How can you trust it? What do you trust? What do you even mean trusting it, right? All that issues and so it's a very complex issue but the picture itself is relatively simple. And through many, many think organizations and studies, we found out that financial requirement itself to solve this problem is actually pretty simple and we use the word authenticity which is to mean the authentic identification knowing the source, knowing the source or you can say knowing who you are talking to, right? And so that can be divided into two components. One is a verifiable unique identification identifier so that eventually becomes your ID. And the other one is some autonomy on your computer. Autonomy or some control over your environment. And with these two, you can achieve authenticity. So this whole set of quite a mature algorithms allow you to achieve authenticity with relatively minimum amount of effort and using very mature algorithms and crypto protocols. So without going into too much of a detail, I would make a claim that this is a necessary but it's also largely sufficient. So we found this minimum set that can be the foundation of universal trust over internet. And all the other features we can actually can be built on top of this foundation and this whole set of minimum features are simple enough that we believe all devices on the internet today can support them. So that goes down to, I think this is one of the earlier session talking about low cost feature phones or at least low cost smartphones can support these IoT devices, smaller battery run devices can support this. So we want to really be able to go achieve a universal reachability for this. Okay, so as we walk up, before we jump on that, they say a way of sort of like how do we actually support these? And I'm going to use the autonomous data. Data is a phrase that W3C uses for decentralized identifier. I like it, but the concept are saying if you replace a different ID, you would need to essentially achieve the same kind of a resolution and a functionality for your ID. But I'm going to use the data as an example here. And there's multiple ways you can actually have a system to support these kind of a setup. And on the left, it's our current system. So you are either on a centralized identity system today or a federated system like OpenID, for example. Or you can have a decentralized system like what the data wants to do. There are other examples like Web3 or some people call Web5 now, quite similar. And there's another class, people tend to use the word web of trust, which are sort of awesome peer systems. There's a set of algorithm called Autonomic, which is even stronger in the decentralization or allow the individual to make decisions. But all of these can support the same authenticity requirement we propose here. And therefore you have a identifier and you have authenticity guaranteed. All we need is a little simple protocol between them. And so that we call it a trust banning protocol. And so this protocol very much is similar to IP protocol. You can think of a data as an IP address and this protocol simply talk very simple based on that address. And they are fully authentic messages between them. So pretty straightforward. The protocol only need to support asynchronous messaging. It doesn't really need too complicated. And especially if you, because we don't need to add too much of anything on top of it in this particular layer, the messages you need to send up pretty simple. So you can have a very authentic messaging layer quite common. And then I think we can start to talk about interesting stuff. Then you can do identities. You can do credential, do authentication, authorization, payment, money, crypto. All that can go in. A lot of people are interested in doing authentic media. Like how do we make sure photos are not doctored? How do we solve fake news problems, stuff like that can all go in, right? So in general, it's really any kind of data. So the only difference is how do you define these data? What kind of data you define? And I know in earlier sessions, there's a lot of a data model defined in the financial industry and you can just plug in and these whole set works for you. Okay, so just a quick summary. These will be the proposals we have in mind of this four layer structure. And it's again, very, very similar. If you look at, oh, you know, like a TCP IP stack look like. The ideas philosophy are very similar. And I think that will help us to not only solve these problems, but solving it in a very principled way so they are universal or applicable. So we don't have to reinvent the same stack again and again. And so that's the idea. Okay, so I'll probably skip a little of that slide, but then come back to the wallet, right? What are we talking about the wallet? So wallet comes in, maybe we are directly doing this on the phone, but a more general purpose scenario is where the wallet is really the connection, the three-part connection between a computing device, a wallet, and the person. And so the wallet helps to bridge the gap of, you know, a person have a convenient and interface to manage these sensitive data. Not only you have, you know, more likely to have physical possession of it, but also give you a relatively convenient interface so you can actually start to do actions on it, manipulate and do, you know, signatures, approve things, send money, right? So it solves multiple problems here. And again, this ties down to the rest of the architecture. Okay, so this is just a quick summary. I think we don't have to repeat them again here. And the, so the more sophisticated features, and many of them already have mature protocols, I just don't have time to go into it, but those features can be built on these basic authenticity layer, and then, and you know, I like to think of them as reusable trust tasks. And the task pattern itself actually, like a transaction, it's really can be abstracted, not necessarily require goods to be exchanged and payment, et cetera, but can be abstracted and be applied and used in other industries too. So those are reusable trust tasks that's built on top of this layer. And the good news is that most of the implementations that we've studied today already supported. They do need some kind of refactoring out of much form of generality. So typically, these layering already exists in some fashion, but it's not very principled. The interface are not clean, right? And so some refactoring are required in many of these implementations. And therefore, we need to sort of sit together and agree on exactly where. In principle, they all can support them. The layer is already in place, but the exact details of that need to be worked out. And so they need to be then conformed to a common, I should say, set of common standards. And by that, those are some of the standards that you see already exist as well. So let me see. I think my time is still okay. Yeah, I still have some time. So I'm gonna go through some implementation examples on this. So the current state is these, either central or federal systems, open ID, vital. And the fundamental setting in these kind of systems is that you have a server. So this is shown as a server with this web or doesn't matter what kind of server. The server has a certificate, has a CA issued a certificate and can be identified using quite good asymmetric identification systems and the kind of science stuff and there's a lot of things happening. But the user doesn't. The other side is not. So they are not what we would call peer-to-peer or they are not decentralized because you have one entity is clearly have a lot more resources than the other. In this system, I think the classic one will use ID and password and ID and password will show up as a data entry in some kind of database in the server which is not very secure. And we hope I don't have to preach that but there's tons of problems with all these, et cetera. The federations model allows some kind of a slight improvement. So in this case, you introduce a provider like people commonly use, maybe like I use Gmail which then act as a, you will have an authentication of course so you log into this particular service and then you authorize this service on your behalf to go log in here and also authorize them to release your user information. And that's the improvement but it's not a huge one I would say and the cost of doing this is that then you release your user information not only to the person you are talking to but you also release that to the middleman as well. And the middleman happened to know a lot and so it is to me like not very private arrangement. Within this scheme, you can introduce things like FIDO which allow you to do mobile as well. So the user may feel like you are already doing all of this so you can do your login, authorization, everything on the mobile phone that bonds those three units together but still back behind the scenes your information are still going to some big aggregator. This will be the first example of decentralization so this has happened to be based on a hop-ledger project called Ares and Indy. So in this case, you have a wallet and it doesn't have to be this particular kind of blockchain or even blockchain at all. It's just some kind of database are needed there and then this would allow the two sides to establish a relationship. So it's like a personal relationship but you only need to authenticate them once. Once you are known, you exchange your keys and in a way you are known forever and you know a way to authenticate that as long as you know until your next key rotation. So it is a way all to find and you only need to reach this database or blockchain once in a while. I don't know, maybe nowadays six months, three months will be sufficient for key rotation but even those rotations are automated in a way. So most of the time you now have a very secure channel point peer to peer and again you can see from the picture clearly that two picture are completely symmetric where the two sides are symmetric. So that allows the very secure channel between these wallets and be able to actually establish trust and then build much more sophisticated functionality on top. There's another example for, this is from Block. So they are doing digital payments and also sort of crypto to many exchanges between them too. And so one of these things people would think about is KYC, right? And so like a variable credential will be a perfect idea of a KYC requirement because it essentially checks all the ID you want, whatever the loss says you need to check and these IDs are based on a digital variable credential and the credential can be established so that the customer can be essentially validated or as much as whatever the regulation is. So this clearly with the data and variable credentials and IPFS based replication system, these give you a pure, I guess, web 3 or peer to peer way of doing the transactions and fully, can be fully compliant with any regulation we have today. The last one is the most, so this is sometimes called autonomic but basically these will be a purely web of trust model. Again, I don't have really time to do justice to this but you have instead of a, people think of a blockchain, I need to be in one place, here you only need a so-called witness, sometimes friends for example, in some of the social media systems, you can do that if you forgot your password. You can pre-designate a few person friends which will be able to then vouch for you to recover for example. And so it's a very similar idea which is designed with the more rigorous protocol behind it. Okay, so hopefully I convinced you that there's a lot of work going on, many of these implementation, I think all of them are open source other than the first one of course. And then they essentially follow very similar model and so within the open wallet foundation and some of the trust of IP as well that I'm being involved with believe that the whole industry can come together and really follow a more rigorous structural model in these layers that allow us to basically have this benefit to any device on the internet. And the industry doesn't have to be in finance, doesn't have to be in any, we think of like, oh you need a security. I think authenticity, if you think of it, I need it all the time. I want to be sure like who I'm talking to. And so that's our proposal. And I will quickly summarize the key takeaways. I think digital wallets is very, very critical as an infrastructure and we should make sure it's open. So we give everybody a level playing field. It's not overly centralized into a few small number of companies. And I think we can achieve all of this by a architecture very similar to the TCP IP. So I call it the trust task layer slash TSL will be the trust spanning layer similar to that nature. And so you have a very specific trust tasks and these tasks are built on top of a common and minimum trust spanning layer. And so we think that's the good way or a good path towards this universal interoperability for wallets. And so I would invite everyone to get involved and I want to hear what do you want to see as a priority for open wallet. And for that, I'm open for anyone's suggestions and comments or questions. I believe some additional information you really want to like dig down deeper. One is the specification, the other two videos of the deeper talks that I've given in the past. Yes, any comments or questions or opinions? Yeah, so whether it's centralized or decentralized, fundamentally it's look at whether the two party has a symmetric or asymmetric relationship. So there are many ways you can avoid the password, which is nice I think, it's very convenient for us. But without fundamentally changing the underneath protocol, you don't really change the issue there. You do improve because I would not have to pick that password. I don't have to write down, it will improve. I'm not saying those are not significant, but they don't fundamentally change the real situation here. So we believe that both sides need to have strong authenticity guarantees that allows all of us to have trust, therefore we don't need to rely on a giant third party to voucher for us, right? So you may notice that open wallet foundation is going to be created in Europe because European Union are legally mandating a Europe wide identification. And so the EU ID, it is think to be launched next year and that would create a very big bucket place for this. So naturally many of the EU services tie to these IDs so that includes like medical travel and between all the financial services, telecom between EU countries, so that's one big incentive. And you probably hear a lot of cross border problems, right? Because each one's different and that's another reason we need these kind of interoperability. And there's numerous similar drivers in US as well. And so a lot of these adoption I think currently are in the niche market, in niche areas. But I think we should aim bigger. Aiming bigger is not to delay this thing but to really see the snowball rolling because a small area usage does not, it's a lot of cost to implement a new scheme. But if you're only looking at the one slice of the market, it may not be big enough, people may not want to. But once you look at a larger scope, then I think it will have a much stronger incentive for people to do this. Correct, yes, yes, yes, yes. And so this, yeah, yeah, yeah, yeah. Sure, yeah. So losing the device or how the device, how do you recover, et cetera. So you like in iOS, they have a iCloud backup, right? And the key is really, you do the backup. The key is how do you hold the key yourself? So in the end, you can see that you need some kind of a web of trust solution if you don't want to ask Apple to hold a key for you, right? So those are all quite related. Now, even if you hold a key for you, there are schemes that you can say, well, you can just recover one key for me, and not really the data itself because from there you can then recover the rest of it. And so that is also possible, basically minimize the amount of information you have to share. The key word is really, currently you have no option. Yeah, yeah. Correct, correct. Yeah, the protocol exists today too so that you don't have to at all. And but the user convenience is a critical problem. And I think one of the, I think one of the early work for Open Wallet Foundation is to this, we call user experience, how we can interact with this system, right? That's critical, yeah. Yeah, so there's a, one is, so if you lost your phone, the current setup, because this will require some kind of a biometric authentication for your, so a similar kind of system exists to the wallet you would have in your iPhone or Android phone today. So that requires a physical biometric mechanism or it is a cum-delayed lockup mechanism so you can immediately lock it up for you so that data is now released that way. And that's the, there's quite a lot of new work being done today. Some are very futuristic with the AIs and potentially can do more and more get to that. But yes, that's one way you can lock this up more. And the other is related to an earlier question about, because there's always a cloud backup copy somewhere and when these two things happen, it's not exactly clear yet, so I'm not claiming these are all perfect solutions yet, but that's still to be worked out. Yes, okay, okay. Do you have a question? Oh, yes, it is. So we are a IND division or subsidiary in US and we are relatively small, I think now under 400 people. Most of us work on standards, open source and ecosystems, so we don't have like developers or product groups here. And part of the, so part of the reason that we strongly support this kind of system is because we want to see a ecosystem that allow people to compete openly. So we're not tied to a particular, because right now in Android, the Android system require you to sound contrast, right? Instead of a protocol like a TCP IB protocol or HTTP protocol, you can define API and have open access to it and that's the big difference. This is true not just for us, for any licensee or other, or the Android based phone manufacturing companies and other devices too. So any times we get into like the apps you probably hear a lot of the apps want to do payment in the app, but you may be quite to use Apple Pay, all those things are locked up because it's not a standard based system. Not in this space, because the issues we deal with are universal, it's for, so all the companies involved do have very concrete and similar concerns. The European Union, as I mentioned, and many countries in UK, in Canada, and many states in US as well have similar issues. And so it is a, in high level, it is a, I think one is an access issue whether you have an open standard for, whether it's competitor or you're actually your own customer too, where they can innovate and build a product around. And the other is relate to the silos, because the silos just slow everybody down and so both of the issues show up in all the regions and at the moment the area that's pushing harder than others I think is in the European Union. So that's why I think a lot of these initiatives are being driven there, and that's why we started this foundation in the European Union. So obviously you're coming up with a protocol. Oh, so whatever I present today is my view, how this could be done. I think we believe this is the right way to go. The foundation hasn't even been established yet. So I cannot represent the foundation self naturally or any other company that may have other solutions as well. So, but hopefully the message is quite clear. We have no issues. We have a lot of people who want solutions. And so we are working on as part of a bigger community how to reach the most optimal solution. And this is a proposal from us of considering. A lot of these, if you look at the specification document is actually coming out of a trust over IP. So that's another members foundation group that's writing specifications. Many many organizations and while we're just one member in that organization. So these are very I think well known and studied approaches. They're not exclusive naturally. There's a lot of different ways you can do this. Any other questions? No, thank you very much. Come find me. Oh. Thank you. Thank you.