 See you. See you. Yes. Yes. Go. See you. Good bye. Hello. Bye. Bye. Bye, Paolo. Bye, Damiano. OK, we are live, we are waiting a few more minutes and we are leaving. That's fine. Bye, everyone. For those who would like to, there is also live stream. Thanks, David, for sharing it. We are also live on YouTube. Yeah. Yeah. So that's all set up and then you're host. So whenever you're ready. OK, thanks. So we are going to wait just for a couple of minutes more for everybody to join. And then we will start. 14, 03, 2 minuti, 15. Ciao, Andrea, ben arrivato. Ii 5 minuti li abbiamo aspettati. Vedo ancora qualcuno si sta collegando, ma direi di cominciare a partire tanto. Partirò io a fare un breve excursus, quindi comincio a darvi il benvenuto. Grazie per esservi collegati. Anche oggi questa è la quarta sessione che teniamo come per leggere Italian Chapter. Siamo molto contenti insomma cominciamo a vedere un po' di traction. Abbiamo visto anche che la comunità comincia a essere seguita anche su LinkedIn, sulle varie pagine. Quindi grazie per il supporto che ci stavi dando. Carlo Ferrarini, lavoro in IBM tra le varie cose, faccio il punto di riferimento tecnico per blogging in Italia. Oggi parleremo, abbiamo tanti ospiti oggi. Abbiamo da una parte il team di IBM Research, con Angelo Decara, Nessendo Sornotti, che ci parleranno, Angelo ci parlerà del technical steering committee, come team, lui fa parte del proprio team del technical steering committee di Aperleger. Quindi ci racconterà un po' l'esperienza. Sarà anche un momento per chi vuole per fare domande, per entrare in contatto con quello che è il punto di riferimento tecnico, come team di riferimento tecnico dentre Aperleger. Alessandro invece ci parlerà di una delle soluzioni e delle reti che stiamo portando live, che soprattutto con il periodo che stiamo affrontando possono essere sicuramente di interesse, che è digital ad pass. Poi ho chiesto, tra vite Leonardo, che ringrazio tra l'altro, abbiamo chiesto a Piero Nessino e Luca Guadagnino di cerici e di parlarci, dal punto di vista tecnico di quello che è stato, la realizzazione della sandbox del progetto di onboarding, New York customer, che stiamo facendo in Italia, con diverse società e è uscito da poco un comunicato stampa su questo. Sono una ventina tra di attori che stanno collaborando insieme all'Università Cetif, con Socio Cetif, che sta seguendo come sperimentazione quella proprio sull'ambito New York customer. Non è la prima chiaramente, se volete, potete rivedervi anche le sessione precedente, sono tutte registrata, tutte condivise. Continuate a seguirci, la prossima sarà tra un mese, abbiamo deciso di cominciare a fare una sessione al mese, quindi la prossima sarà il 25 marzo, in cui avremo Chin-Stack con Alex Albano. Con questo, direi, lascerei la parola ad Angelo, perché non voglio rubare altro tempo. Quindi Angelo, baili tranquillamente e parlaci un po' del technical theory. D'accord, penso che devi fermare. Ecco, fatti, stupsi le sessione. OK, vediamo un po' se riesco a trovarmi. OK, vediamo se le vedete. D'accordo. Vediamo. Le vediamo in presenter mode. Oh my God, OK, quindi vediamo un po' ademi. Let's see if it works. I tried it before, it worked. It's classic, it's always like that. When you do the test, you try to put it back in the presentation, then you go, of course, there's the block. Aha, OK. I can do it, I promise. We have it ready. OK, try it. But this is not in presenter mode, if you do it in presenter mode, what do you see? OK, try to click on the display in the upper left. Try to see if you can see it. Ah, swap the display. OK, let's leave it like that. OK, how do you do it? We'll see it, we'll see it. OK, and first of all, thank you for the invitation. It was really a pleasure, especially for the opportunity to talk to the Italian community, from the point of view of someone who is inside Hyperledger, and in the community trying to lead the project, along with other 14 members of the technical steering committee, to get the maximum out of these blockchains for the Interprax. As you know, Carlo told me that you already had an introduction to Hyperledger, just to say that the goal of Hyperledger is to develop and deepen the blockchain technology for the Interprax applications. The projects are a lot, you know what? There are various blockchains available within Hyperledger, so there isn't just one. Usually when it comes to the blockchain Hyperledger, it's a abuse of the term, because Hyperledger is simply the name of the term that we use for this umbrella, under which there are various blockchains, but also tools that help, that simplify life in the management of the blockchains. The technical steering committee is a role that has been told to all the years. This year, for the first time, there are 15 members, so it has become bigger compared to last year. The elections are usually around August, but the most important thing is that I would like to say that every week, every Thursday, around 4 p.m. or 1 p.m. there is the meeting of the technical steering committee. They are called by the public, anyone can participate and eventually contribute to the discussion. So if you are curious, I warmly invite you to participate and to hear what you are discussing. In particular, in the end I would like to talk about an argument that we are discussing in these weeks to improve the advertising aspect of Hyperlegger's projects. The technical steering committee has a lot of responsibilities. I must say that some of them are quite technical, like establishing the process for the election of the maintainers of each project. Some of them are extremely bureaucratic at a certain point. Others, on the other hand, are really deciding where we want to go. What are the projects that deserve more attention? Because at the end of the day there is an investment in money from Hyperlegger in the projects, for their advertising, but also to do the security auditing, which is at a certain cost. And to support the projects during their journey. The goal is also to support the community, the community in general, organizing events and trying to gather as much energy as possible on the Internet. So, also to try to gather new ideas and new projects that can reach the horizon. I wanted to mention the names of the people to give a reality to those who are part of the technical steering committee, so there are people from different companies. There are not just IBM, but there are also Oracle, Fujitsu, they are really well distributed. Arnaud is the president of the technical steering committee, so he is the one who guides the discussion during each call. And this year we also have a vice president, who is the third, and does not only do the opposite of Arnaud when Arnaud is available, but also has a role of driving the community. I have a question, in a long time there is no difficulty in the introduction. The goal is to stimulate the discussion a little, if you have questions on the entire project so that I can answer with a view from the inside. I also wanted to give some announcements that may be interesting for the community, especially if you want to participate, there will be the Global Forum in June from 8 to 10, virtually, clearly given the conditions, and there is a proposal if you want to participate, there are still a few days, on March 12, the call for proposal closes all the information on the hyperledger links and you can know how to participate and what to put below. The mentorship program, this is another aspect that I really like about hyperledger, which is a arena in which new ideas can be found, they can find space, even a space not only, I want to say, a certain visibility because they are under the umbrella of hyperledger. Practically all the projects, maybe, I don't know if there are only the very first projects as a factory, they are not passed through hyperledger labs, these projects, let's say, this sort of initial zone where the projects are born and die faster, maybe then they can be solidified. But at the moment the process is this, you start with an initial project in a phase of incubation, usually this is through the support of mentors because they can be a member of the technical committee, they can also be a maintainer of another project or another entity that support at the beginning of this proposal, the proposal of the project and then there are different phases until we reach what we now call an active project, which has the complete support from the hyperledger. If anyone wants to ask a question, feel free to ask. No. Angel, can I... Yes, of course. Hi, thank you very much. It's a very quick question and then you decide to answer me in code so as not to waste your time. The Hyperledger Mentorship Program is available only for projects that already have a phase of design, already structured in the blockchain, or can they be projects that have the smell of being allowed in the blockchain? The goal is not about business solutions. These are not business solutions, in this sense it could be a new project of a new blockchain technology or a support tool for existing blockchains. For example, one of the last that we tried is Cactus, which is a project for interoperability between blockchains. So they did a presentation, they explained the things they had in mind, in particular they already had support from, I think, Fujitsu, Redis, they already used a Cactus prototype inside Fujitsu if it didn't go wrong, but you could make a mistake. It depends on the majority of the proposal, the easiest is the path, clearly. And not a business solution, I don't know, solving a food chain or traceability of the food, this is not the primary goal of Hyperledger. Thank you. And then there is the Hyperledger Developer in Newsletter, which is another way to have information, to have information, but also to publish news, events that might be interesting or that you might want to organize. Once again, there are a lot of races, on Hyperledger's sites, on the technical side, you can find all the links you need. I wanted to tell you, just to give you a little bit of what kind of discussion we had on the technical side. An example of a problem that we are dealing with in the last courses. There is this, let's say, the current state we are cutting with the state of the projects. The projects are either in incubation or they are active. This is quite rigid, this binary approach has raised many problems because many say, we are in incubation, but there are projects in incubation that already have a certain maturity that could be used. The problem here really comes from a fact of how these projects appeal to users' eyes. Maybe there is a company that wants to use one of the Hyperledger's projects. Or maybe it wants to use a project that is in incubation and maybe it doesn't know exactly what it means to be in incubation if there will be a support, if the project will continue or not. Maybe this project in incubation is actually very close to having a certain maturity in certain aspects. We are asking ourselves how we can improve this label of the projects so as to give information to users to decide to make decisions but also to have a management of the risk to know how many possibilities it can have and how big the community is behind this project. It seems obvious that it seems like a good idea to have what we call a badging, to add badges to the project but the discussion is rather intricate because at the end of the day it is a matter of beneficial costs. So to impose these badges to the projects these projects could make a shortcut to have a badge rather to solve concrete problems in the real world or to have problems like someone might say why didn't you give me this badge? What is it? Because yes, for me it is yes and for the other one it is not. So we are also looking to understand what are the objective metrics that can be calculated more or less correctly. I would say the colors of the regions for COVID. But imagine how much scandal there was for the algorithm that assigned the colors to the regions and how to assign a badge to a project so that no one is offended or that someone can say I think I should receive it but I didn't receive it. So we are still discussing if you have some ideas on what the best approach of this I invite you to participate in the community and also simply listen. Or maybe, I don't know this is a question that I could ask you if someone of you has experience in trying to use one of the Hyperlegger projects through all these projects and I have a question but this project will be supported what life hope who is behind this this project I have a question that I will ask in this case because this is also my last slide Surely I have to say I try to actually cut with the arrow you say this project is an incubation project incubation is more advanced the feeling is a bit that especially even when you talk I refer to when you talk with maybe clients with companies that have to start using it not only to experiment but more because maybe they have some ideas we want to have something solid so maybe to start doing it but not to do it inside but to make it in front of the outside so the idea of the badge can be useful I would see it so since there is a question I will tell you I would see it useful if you use who is outside more than who is inside to certify then I don't have to say which badge to choose how to put them how to avoid playing clearly but today for example I have to say the truth I am quite resistant to these badges for this reason for a matter of cost and benefits before importing these badges and projects I would like to understand what is the cost for them in general I don't like I said it today during the call I don't like a paternal approach to the costs where there is a group of people who have to tell others how to do it why in a certain sense if there is a metric that we can define in terms of rules we can say in the sense of that this project has this characteristic if it satisfies these criteria now if we limit ourselves to this and then let's see that companies begin to ask the projects you satisfy this metric it will be automatic so to speak an automatic incentive for the projects to say maybe it suits me to calculate this metric and to show that I satisfy this condition rather than from the top to lower the lighting to say these are the criteria these are where you have to calculate or even we calculate for you and we assign these badges so really big discussion I like this to make this discussion Angel, I ask you a question then I leave space to the others then I am always there I see the role of the technical as you there are many projects we try to give a common navigation a common route for everyone in this topic as you see it you see more divergent scenarios you see more convergent scenarios in terms of how technology is evolving you see many new things that are coming rather than a path of consolidation, of approach of various things that all the permission and all the permission maybe a half way things like that I think there is a big ferment especially for this fact that it is already a bit there is a collaboration now between the Enterprise and Hyperledger so this for me and inside Hyperledger are blockchain projects based on Ethereum technology so the bridge with a public net seems to me almost to a step I think that projects like Cactus are I have to say that at the beginning I voted against Cactus because I am in the place I would have preferred a different a different proposal but the past project and then the idea is the idea is important to have to study theory and practice to put in communication two blockchains which at the end of the day are the systems to build trust obviously two blockchains different means construction of trust in a different way I already have to say from a philosophical point of view what it means to have two sources of trust that communicate and then sometimes build new trust new trust between them it seems to me still far but this is my personal opinion a vision where there is a single blockchain that does everything this seems to me maybe we are not there yet there is still a lot of competition on the different technologies but certainly there is the push from the other side to say no one wants to do lock-in in a technology to have communication mechanisms in this moment HyperlegiconCaptus has given this signal thank you I leave to the others please tell me when is the time to pass to the others we have two more minutes to ask for answers because at 8 o'clock we have to leave so let's leave a half an hour before Alessandro tells us about an interesting project great Carlo I wanted to give my opinion which is more business oriented connected to Hyperlegger and share it with you with you with which it is also the first time we are in contact I really see the project as a bridge not only from a technical point of view but as from a technical point of view the linguistic metaphor where the technical part has its component that is in the different frameworks that have been developed that have even more projects that are carried out and on the other hand in the in the most vast community that is around the framework is developed of which we are part of the peculiarity really unique of Hyperlegger as a project I don't know what you think but it's a bit of an idea certainly this is the community one of the fundamental parts is the role of the TSI of the Technostatic Committee is also to stimulate the community to make the community grow to stimulate it to create new projects to solve concrete problems and this is a thing that I often say or I have to say during the TSI at the end of the account what is here that we have to solve concrete problems the majority of a project can be seen in the ability to solve concrete problems that companies or people have what they want but if they don't solve the problems certainly ok then I since I'm at 7.31 then we'll do too late to Alessandro so I'll leave the word to Alessandro I would like to thank Angel Angel has been really fantastic and then if you want to stay if you also want to participate make reservations even further Alessandro we leave the word thank you very much first I want to make a little disclaimer as many Italians abroad suffer from that beautiful phenomenon which is the alphabetism of return so I will speak a little strangely I will do some phrases that are a little funny, be patient and so stay away from the country and do this so what I wanted to talk about I wanted to talk about this this solution that we put in place which also started from our group of researchers here Zurigo and now has already grown a little and has been taken from the business units to also abroad the starting point was the situation in which we all find ourselves this pandemic how to return back to normal and return to normality how to do and which from a point of view from a first point of view where technology can help us and where in particular blockchain can help us now I'm talking about this but actually what I want to do is to use the context of this digital health pass I simply use it as a way to discuss what I really want to talk about which would be how to one of the many ways to solve the problem of identity management on blockchain which in my opinion is a very interesting topic that then goes beyond the specific solution here of the problem we want to deal with digital health pass so I use this as a context to talk about a story a little wider so don't be afraid I'm not trying to sell you this beautiful solution but to talk about what Fabric did for us and how we used Fabric which I see as a way to identify management on blockchain so the starting point is obviously one of the problems we hear is how we can make people closed in offices palaces, cinemas and so on and one way is to have a health pass a health passport which has many various aspects of the one that shows it among which you can have for example now obviously very important negativity positivity, a test rather than going ahead with the whole vaccine speech for example in Israel they were talking about using a very similar solution which does not use blockchain as far as I understand to allow vaccinated people to enter now beyond ethical discourses on this particular opportunity to do or not do this from a technical point of view this is a solution that allows all this discourse just to introduce the whole facienda we have a part in the center there is the individual who wants to prove something to someone and this something is not a piece of paper that loves rather than a digital token something digital now on the one hand there are on the left you see those that generate this passport that can be test centers rather than pharmacies a universe of entities that can provide these passports and on the right we have all those who want to verify these passports and we have below in yellow a list of challenges that we have a solution that wants to do this that will have to face and and now for this for this for the audience it will not be a great surprise that we are back on a blockchain network that allows us to join all these actors on the one hand we have all the issuers that use the blockchain for let's say to present yourself on the network as as you know a permission network means that let's say a closed group or not closed but anyway that has a control system access control so you can enter and start this network only if you are invited, if you are part of it so I invite you to have these issuers for example let's say a blockchain like this at the European level where each state national has its own node and so it can say ok, my minister of health rather than Emma, rather than various entities of this kind can generate these passports on the other hand we have the verifiers that are they do not have a presence on the blockchain but simply have access to the blockchain to be able to see verify the issuers data one very important thing that I want to make you notice is that the individual does not have a presence on the blockchain but does not have any kind of data that is saved on the blockchain saved for the story of the revocation that I will talk about later but this point was a point in the sense that it is very important that the individual data of people do not go on the blockchain because this in general has a series of problems on privacy, GDPR compliance HIPAA, etc. therefore it is important that the blockchain creates consensus on who are the trusted issuers in such a way that the verifiers those that verify can determine if a token a health passport that nothing else is that a a data signed by one of these issuers the verifier sees this must have a way to determine the right blockchain second place understand who this health passport and then consult the blockchain to see if this health passport has been written cryptographically in a correct way where correct is something that has been defined prior to the blockchain which therefore there can be no doubt given that blockchain gives us consensus etc. now I take a little break just to see if you have questions if the the scenario has been well introduced and then if yes I will go further to continue to discuss on digital identity I am the one who asks questions yes yes so let's recap a moment because among other things we will also see in the project of what you want with Pierre and Luca soon so you do not have individuals represented on the blockchain exactly on the blockchain it represents information only on the issuers not even on the verifiers actually only on the issuers and then other information on the side that allows to invalidate for example if I give you a QR code that you can present I know when you go to a palace to a concert where you want to go and once I have given you this cell and now I I am an honest person your test now the result is positive before the negative now you have to cancel this old passport that is still valid because maybe it lasted you 20 days but a new test has come so the point on the revocation is something on which you have to go through the blockchain and there we have made absolute attention in such a way not to violate any privacy of the individual whose certificate is revoked for the rest exactly as you said I ask just one thing because I am listening for about 30 seconds just to understand there is maybe I'm wrong there is also a system linked maybe to doracoli that allows you to manage to verify some information from outside to understand if they are in compliance then with those who have the possibility to verify or ensure so I got a great question and the answer is that the blockchain itself does not expose any obstacle but what it allows you to do it allows you to do an intermediate step add to what I have described the idea that you go to a concert of some kind and you present a health certificate now the verifier must see first of all must understand what kind of certificate it is what kind of data it contains which are the formats and must also say for example given the format of the data that you are presenting me it can be certified by the certifier that you gave me for example if you present me a vaccine certificate now I can say look I trust this vaccine certificate only if it comes from Pincopallo and in that case I expect I expect that Pincopallo gives me this whole set of information that allows me to make my decision so there are two things that I verify I must understand when you show me your certificate the first place is what kind of certificate it is and the second place is given the information that there are the type of certificate and this certificate signed by someone of whom I trust that I am in the certificate and to do this I go back to the blockchain where my organization gives me the guidelines so it tells me it gives me all this information so there is no oracle but there is all this mapping that is saved on the blockchain ok ok thank you I can ask a question just to understand how do you maintain the relationship between the individual and the certificate in terms of being compliant with a PR game certificate let me skip a couple of slides so let's see one for example this here now there is more information but let's stop on the left side this is the credential as done in practice it is a scheme where the scheme has its link which has been well defined and given the scheme the person can be identified in a different way or in a clear way or there is a way there is a way to offer certain fields to allow those who want to want to show the passport to cancel some fields that are not important for the kind of decision that the verifier has to take for example maybe you don't know what my name is but you just have to know the way to have what is called a pseudonym which is a information completely random which cannot return to my name with the men and which never changes but which allows to do some kind of tracking but does not allow to return to the person so the information is part of the credential and my health certificate will be an encoding of this information plus the signature of the the one who certified me of the issue thank you exactly my wallet in my android iphone or we also support a life cycle entirely random where then it is important to have a way to call through the blockchain without violating privacy because for example I could print a QR code that contains the encoding of all this credential plus the signature I show this piece of paper to all the travel to the blockchain to find out all the information of that need but nothing of all this will be ever in the blockchain so let's go back we were here we justify the blockchain which does not need a particular justification because we are for the institute to create consensus on what are the issuers create a global order between events such as the generation of a new issuer and then the revocation of a certificate generated by this issuer so we can not doubt if an event was a single source of truth then accountability open governance model which is very important because factories being a blockchain permission allows us to create a consortium that manages this network and this consortium can be open new members and can be protection organizations super governance that can in some way create a sense of trust towards this network and it is not a closed network but it is not even an open network where we are in a of minors which are in other nations of other geographies the benefits we have already listed so all the data in the passport the wallet application iphone android we have full we have we respect the privacy the citizen can choose to reveal the information which is strictly necessary to reach the destination if you can access an office a gym etc the smartphone is useful but not necessary we can enable every kind of governance so federal governments in America all states can participate in Europe, Switzerland at any level we can create a trust in the network adding new members and we can increase the functionality through extension of the chain code of the applications we create on this solution in particular we stopped on a couple of interesting things the first is the fact of using W3C identifiers which are part of a standard with an eye towards an interoperability between solutions similar to health pass for example in America IBM digital health pass and another state used a competitor if there is a blockchain and the identifiers follow this standard the idea is that the two systems can interoperate if I go from state to state my my trust is recognized and the verifier of the other state knows what to do when I show it so interoperability also between health pass and other systems this I will skip this to get to talk about what I already mentioned the fact that the individual has the possibility to identify in different ways the first is the second is in a pseudonym way if I identify as a pseudonym obviously the one who verifies will want to see for example my passport to be sure that I am not taking the negative test that was done today by Angelo and Angelo good friend, kind, he passes it to me and I can go to China so this is the problem that is going to be solved if the certificate contains my name in my wallet then I can show a passport to identify what is interesting is what happens if I don't want to show I don't want to reveal my identity but I also want to do to make sure that these certificates are not transferable a solution is to link the certificate to a key that is saved on my phone and that that when I introduce myself to a verifier I will have to show the verifier that I know the private key linked to the public key that is saved on the certificate and using a cryptographic protocol where I will try to reveal it with the knowledge of this private key so what is called here challenge-response based credential ownership proof so this is interesting because it allows me to insert certificates that have been requested by customers to conduct to show to have a certificate without having to reveal the name and this gives me an additional guarantee from the point of view of privacy because my name will never be saved on the blockchain but in this case also revealed to the verifier the other point that I wanted to discuss here was this life cycle scheme so as I told you the certificate is a binary data blob that is interpreted in some way and the way to interpret them is obviously very important because if we were imagine that the certificate is only a 0 or a 1 if only a 0 or a 1 to say I am positive or negative nothing else and then the result of a test now this certificate unfortunately can have some problems where I can prove to be negative or positive more than one thing with a verifier that is interested in two different questions for example if you are negative to this test this type of test or more than that a PCR test or a fast test which are two different questions that two different verifiers will do and I don't have to present the same certificate to the answer and so this has led us to create this life cycle of these schemes that describe the certificate and also give the possibility to the verifier to see if in the first place is a scheme that I accept for the verification if I expect to have all the information and in second place that this scheme contains I see if the organization I belong so the cinema rather than the office etc. tells me that I can trust a set of issuers for this specific scheme so there is a whole relationship between who generates these certificates that passes from the definition of the scheme and from the confidence that each verifier has with respect to the issuers for a specific scheme now I see that I am reaching the end of my half hour so I stop here and if there are any questions I am very happy to answer I don't know if there are any questions but I will answer very interesting also to see a practical scenario of use and challenge with the theme of the GDPR of the management of people who always challenge I dream an integrated solution in which without thinking too much for developers rather for those who have to make a solution at a certain point to manage privately and in a way to manage but this is my dream I see a lot of push now partly because of this pandemic but also to assemble public investments that are in this period the push of various states digital and the theme of the electronic identity that here between 2-3 weeks we will vote in Switzerland on EID so it is a very hot topic at the moment and blockchain is very well positioned to present a solution to this I see I have raised the person who wants to ask questions thank you very much thank you thank you thank you thank you thank you thank you thank you I will leave the word to Luca and Piero if you are there guys absolutely fantastic let's go it must be really ok perfect ok perfect thank you all yes excellent good evening everyone we are here to present also our project on which we collaborated with CETI, Fintesa and EDM and we will deal with New York Customer and the solution proposed in relation to Longboarding New York Customer with distributed digital technology ok we introduce ourselves we are the team of CERECINE I am Luca Guadagnini both for fun and for work and a few times I travel alone I am Piero Nevin I am also a developer for CERECINE and I also developed in free time in various ways but let's see what we actually do in CERECINE we have a group of Fintech and we do research and development of basic protocols about CERECINE as Ursula Liguin said writer of fantasy we will have essentially the time as our ally not as our antagonist when we work this is one the mantra of which we try CERECINE proposing alternative business models to our customers and partners to try to reinforce the transactions based on confidence and we always listen to the continuous evolution of the ecological world how do we organize usually we adopt agile methodology for technical purposes Invaluetry with Vulcan Skeleton especially we use it to do exploration and then regarding the project we have to do story mapping with acceptance tests we work in pre-programming doing extreme programming and TDD during the weeks of every morning we find those 10 minutes to understand what we did the previous day and every weekend we do a demo of our projects to understand a bit of what has been done done we start to do retrospective every two weeks to to see what has worked and how to react to these events and then there is the post mortem post mortem is a particular act retrospective particular that regarding the project finished so let's do a retrospective of all the activities and see if you liked what we did or not but let's see the soda let's see exactly what the onboarding New York Customers let's introduce all the New York Customers and probably someone knows it but you have to put it in common essentially the action that was taken during a transaction at high risk I don't know the opening of a contract a relationship a private institution and a free citizen so what happens in this area essentially must be certain information related to a person who is following this transaction with another legal entity and there must be the information the data essentially linked to the user and which are taken from a reliable source and above all these must be data with genius to the current transaction moreover the distribution the exchange of this information must follow the so-called European rules of protection of general data this is a translation provided by the anti-glofano with the audios otherwise we always continue to talk about GDTR but let's continue what is exactly the problem we want to deal with as we anticipated we want time as our ally so we try to think about the problem of onboarding to a bank for example we go from a bank of paper and we want to open a account but what happens here it is that we need to sign a certain account of scartoffia relative to privacy anti-glofano and a whole sequence of other documents in fact doing a average even in the optimal cases it takes about an hour to open an account of a bank beyond the different situations of different banks this is what happens if you go physically to a place so you need to provide your own paper information and sign all the sign obviously these times are civic and above all are all actions that are repeated if you go to another bank for example energy service provider security phone company so how can we solve this problem the solution is what you want what you want is an ecosystem based on the technology of the registered which allows agents connected to the ecosystem to be able to share the information relative to an account all these information are changed in a safe way transparent and above all inalienable is always under the supervision of the user because the information even if you study different entities different institutions are still of the user's property this obviously if we think of the physical process before and instead we work all through a secure digital system the time of response are definitely more short how this ecosystem was implemented obviously the BLT part was used thanks for reading Fabric the first objective is to let everyone know the participants of the network physical and legal people where the information of the users are studied so the users are the clients who have signed a report with more organizations institutions who instead build the data of the users all the organizations with which a client has signed a report so what happens but how do you try to know which organization is asking the data itself so here it is that essentially it is not necessary to build the relationship between the user and the entity now inside of this smart contract are only the information that establishes a relational model between a final user and an entity only which is anonymized so we do not know exactly what is the data that the user identifies we have an ID that identifies a general subject and more we have different attributes built by different entities to the ecosystem each attribute has its own identification which determines the position inside of the ecosystem associated to a custodian and to another one of custodians who needed that information another objective is to notice the business events what we inside of the ecosystem we have two different processes to be able to manage one is the transfer of the information and the other is the update there will also be the remuneration but we will talk in a second about the return we focus only on the transfer and update there is a smart contract called transfer that uses the request made by an organization in which the user tries to open a report so what happens that this request excuse me but the request does not allow to ask permission of this information from other entities the user gives consent to this transfer and once this transfer is completed the request will become a custodian of these request attributes another thing is the update and here identified the smart contract called update which instead notices the request of the user to a certain organization to be able to update the information built by this organization I will give an example to understand as I said before we have a client who has made an order to a bank and the identity card and therefore he wants to update the bank's identity card what he does is to make this request and this is simply noted and then through a process that I will explain later will update the information another challenge that we have tried to apply to the ecosystem is that here we go in the technical and try to apply the architecture pattern of CQRS Corseng I don't know if anyone is familiar with the command in which the responsibility is segregation but let's take our technical application and try to package it in two in a writing model in a reading model the command essentially represents the writing model that is all the requests that we make to our system to change the state of our application while the part of the reading is actually interpreted by the query to essentially question the state of the system so called soldiers the usual result of the command is represented by the command that is then historicized in an event store from which we can extract the information to do specific projections now we have been asked if this type of architectural pattern could be applied to the blockchain so we said we could essentially the actors like the the utility, the energy supplier of the commands to the blockchain the blockchain puts an event when the command has gone to the end and the event is captured by the other trients that participate in the network excuse me here when the end receives an event can actually historicize it and build a view or eventually react to do other operations another thing that can be done is to acquire it as we explained before and interrogate the blockchain to know the current state however the GDPR that is the blockchain with private data is not particularly nice to the European Union so what have we done we have tried to modify these behaviors so to modify the architecture as proposed so to speak trying to work a little differently the information they arrive hypothesizing that the utility sends a command to the blockchain we have to control that these commands do not have private data and in the case in which they have private data that belongs to a person they are historicized temporarily and incorporated by the command this allows to notarize a fact inside the blockchain and to put an event then the architecture of the event is then enriched with private data and consequently the agents that will capture that event can work the information historicize in a chain store the information what can also happen that the event incorporated by private data can be received by an interior agent can obtain an off-chain request for example the bank receives the event the command launched by the utility receives this event and makes a request to the utility to have updates on that information related to the event here, of course, it is then represented the fact that the utility will repeat the request then it responds to the bank and that it is not necessary to return these information but let's see what happens thanks to a fantastic demo that presents the demo with me maybe I'll give you a second because maybe there are questions there are reflections if you have any questions maybe also to between the demo phase presentation phase who wants to ask questions observations, go ahead so, Carlo, only me in the sense that I wanted to ask a confirmation so the update of the data is made of chain right? and can be launched by the utility that incorporates from the bank okay? generic case my question is more on the legislative discourse not related to privacy but related to the normative of the New York customer the product that you have developed is exclusively related to the Italian phenomenon or is it possible to adapt because let's say you can read through an algorithm also database with international legalization no, at the moment we are only occupied only by the Italian word also because we have different situations and still need to on the New York customer we are not still full GDPR compliant so there are some situations that we still definitely have to face and this this is the this is the project which essentially shows the operation of the distribution of information and how the blockchain can help us to develop the New York customer okay, no, it was just for my personal curiosity absolutely imagine that you also refer to the foreign due diligence maybe that it's a bit different yes, I'll make an example about the direct for credit of an Italian company to the foreign very often maybe there are financial products that are for commercial okay, they run on normative in Italian and in this case it would be a bit difficult especially if you go abroad from Europe I think to manage the process internally with this but in a sense it was I wanted to do it internally in a sense it was also to understand the project no, I'm just sweating our shirts to be able to satisfy the Italian panorama of course yes, the focus is surely that of Italian this project is a project with good visibility among other things from a few weeks in Milano hub which is the innovation hub of the Bank of Italy so it is surely something to keep in mind okay, is there any other curiosity? I wanted to give you a question on the part of a project what was the challenge that also in terms of implementation was the biggest challenge to overcome on which you are more focused I should say the deployment of smart contracts but I would say that from a technical point of view the challenging part was also to try to apply the QRS as we mentioned before a bit because there were with the blockchain it seemed to be almost a one-on-one relationship with the pattern but in reality with the GDPR in the middle things are complicated but they are revealed at the same time extremely interesting to be able to solve and this yes talking obviously about the development then now I speak from a personal point of view the modeling is something that is always a lot of me and therefore I lose a lot of me in software and so on I don't know what I think I agree that the GDPR was the one that caused difficulty initially but then once it was able to structure the solution there were no problems from that point of view then now I will show with the demo the application and maybe it will be much more clear how it works and everything perfect then I try to see ok as long as you share Luca I can't can you touch the subdivision at the top I can't I can't see the interface the interface is completely the interface of the interface of the interface of oh, here we are you can I will leave him a moment and come back ok a little extreme but it worked ok ok and my screen you all can see yes so now we will see I wanted to say that the chain code of this application was developed in Kotlin and the back-end has been used in the Vertex framework with Kotlin while the Front-End has been used in the framework view with the TypeScript language. All of this has been managed with Kubernetes on the PBM Cloud. As a first step, I would like to show you what the Backoffice is. The Backoffice is the interface that is used in the various entities to be able to manage the data that is inside the OQAC. For example, we are now on Entity Insurance, the security, and here we see the users we have. For this demo, I have already registered the Super Mario user on the Insurance and we will see how a transfer to another entity that belongs to the OQAC network. We will make a transfer that goes from the security to the utility, an electrical energy company that does not have Super Mario inside its users. As a Super Mario user, I would like to show you a link to this utility. I am now on the Front-Office of Utility, where we have the possibility to insert my credentials to request the transfer, the opening of a report. Here I will insert my credentials. As a second step, I will make the OTP to verify the two factors. Here I can start the transfer. The insertion of my credentials has been recovered, my identification, what is called OQAC ID. It identifies me in a way that unites me within the network and makes me anonymous. As a first step, as a user, I visualize all the attributes that Utility requires me for the opening of a report. So we can see data on graphics, tax codes, contact number, phone number. So as a user, I must give the consent to the transfer of these information that will be collected from the network and given to Utility for the opening of this report. So I select the consent and I send the collection of these personal information that are shared on all the entities of the network. In this specific case, I am in possession, as we have seen, of insurance and then they will be sent to Utility. So as a user, I visualize the information recovered by insurance. I have the possibility of adding information that may be old or that I want to be different from these entities. So I go ahead and, for example, I want to modify the e-mail address for this company of electrical energy. So I put a test, that is, chain.it and then confirm and send the transfer. So with these small steps, we have made the request for an opening of a new report through a company. So once the request has been made, we can go to Utility's Backoffice and go to the transfers to see the request. I'm sorry, the page has been opened for too long because I'm going to do the presentation again quickly. So the procedure that goes into Timeout, OK, so we said hello, test, chain.it, confirm and send the transfer. Is the demo effect always... Yes, the demo effect is always approved, OK. And there is no problem, let's try another Utility. So no more Utility, but towards the bank. So we insert the credentials. So here we have the 0WCT recovery, the OTP code, the recovery of the information, OK, I give the consent, confirm the data, I add the e-mail address, the test, OK, and we have the transfer. OK, the path went well, so we can go back to the beginning. And now we go, so no more on Utility, but on Bank, to see in the transfers the request that was made by Super Mario to open, in this case, the opening of a new account through this bank. So let's go in, let's see the confirmed attributes and then the modified attributes. So the address is no longer Super Mario, but test-chain.it. So after checking and checking, Bank can approve the request for opening the contract and then go into the user's list and go to... and see, now, very certainly, Super Mario. And we see that the user has Super Mario with the new e-mail address. OK, and this is the transfer part. Meanwhile, now let's go and see the update part. The user has the web app available, which can be via computer or via smartphone, where you can go and manage your personal data inside the OQS network. So here I re-insert the e-mail address, OK. Then we always have the verification of the two factors. And here we have three cases in which it is possible to see all of my personal data that are present inside the OQC network. Then we have another case in which it is possible to see other obligatory data but in the transfer, which are those of identification, for example, those of contact, which entities are in possession. So let's see, Bank, we have a test-chain-chain.it. Meanwhile, on the insurance insurance, we have the phone number, the e-mail address, and the original e-mail address. I can interrupt, I wanted to clarify something. This input is still part of the user, I think. The input, in the sense that... The update. Yes, exactly. There is a way for the entities to have a tracking of what is perhaps the off-chain series. Or perhaps you were working on it, in the sense that it was to know if you were perhaps also thinking about this type of hypothesis. Yes, let's say that the entities have this back-office available to manage this distribution of information. We just saw the transfers to confirm it. Then now we will see the request for updates from the user that the entity can confirm. The list of the users that are the information that each entity has in their own repository, therefore in their own database, with private data, and therefore on blockchain there is no private data, but there are only the information of the name of the attribute and of who owns this attribute. So when the user, for example, enters their own web app to see the personal data, a request is made to the network, thanks to the five metadata shown before by Luca, in which for each OQCD, therefore for each user, it is memorized who owns that attribute. And then a request is made to the entity that in off-chain mode then gives the user the personal data. Okay, okay, yes. And all this, the fact that a transfer, an update is all noted on blockchain. So then, as we also see here, the entities have the possibility to see the movements. So transfer movements that come from the network or from a user. So, for example, here there was an update from the user and you can also see the cognome name. And then also a transfer, if it comes from the network or from a user. So, yes, it's all noted, the entity has the possibility to see it, in short, it's all transparent. Okay. I hope I answered the question. Yes, yes, yes, I have another question, but maybe I'll keep it for the end to block the presentation. No problem. So, let's go back to the update. In short, as a Super Mario user, I entered the web app. I see all the personal information that are inside the network. But I need to make an update of a date. So I go to update the profile. And here it is divided in steps. Here all the information regarding the identification data. While if I continue, for example, the possibility to update maybe the number of the phone. So, for example, I want to add my new number of the phone. So I insert it here. Then I go forward. I continue until the end, until I realize it. And here I have the possibility to see, in short, all the entities of the OECD that have my data. And I can go to update with the new information that I put before. For example, I have inserted a new number of the phone. And on the insurance, then I want to replace my old number of the phone with the new one. So I select it and then I do the update. Ok, so the path has been completed. So if we go to the insurance back office, we will see that on updates we have a request from Super Mario. Clicking on it, we will see those that are the modified and confirmed attributes. So those already in possession and those new ones, such as the number of the phone. After the insurance has verified that the number of the phone is true and correct, it can approve the update from the user. And after that, in the same list of the users on Super Mario, we will see that the number of the phone has changed with the new one. So that's the end of the update. And so, so let's say the demo is over and we can move on to the questions. I think there will be another question before. Go with the question. Ok, I wanted to give you some time if there were any other questions, because it seems like we are monopolizing the scene a bit. My interest was to understand where there are cases, as I said before, of due diligence, a little deeper, because it seems like the case that you described related to an episode, about retail, the sense of users and physical people, ok? And of course there can also be business data, and maybe some cases in which perhaps related to the mission of a financial product is required, an activity of due diligence, a little deeper. I was wondering if you could link the cases so that people understand what comes to your mind, for which your product is ready to do this kind of know-your-customers, due diligence? Well, let's say that what we have developed is a sandbox, which has participated for most banks, in short, but also other entities such as energy companies, etc. And it was actually thought for the Italian market and it was actually taken into consideration precisely as users, physical and not legal, but then it could be that. But in short, for the sandbox we have obtained those not legal, let's say. Yes, yes, no, but it was just to understand exactly the application area so as to be able to imagine a let's say a month. No, no, no. The question is correct and I can also say that it was implemented a part of remuneration to encourage the maintenance of updated data within the OQV network. Ok. Ok, this is important. Then I find that there are also Davide and Davide who are connected. There are guys who are from the chat team. The nice thing about this thing here that Pierre showed us is that, graphically, clearly you see in the graphic interface also quite nice, you don't realize behind there are different different data sources, so each bank has its own source. The interesting thing about this solution is that it goes to the data source so the bank, for example, tells me, I trust the insurance that is forming the data. So the data is already verified by another counterpart. So the bank can significantly reduce the process of proper verification so that verification that you are precisely referring to when, for example, you go to buy a financial supplement. I have not only taken data and I have avoided the user to write them inside, but I have taken data that have already been verified by someone. So, while I can trust someone, I can consider them already good. Yes, I agree. It is essentially created a sort of trust through the validation of these data channels that are private channels and then buy the GDPR but in this way it is facilitated the portability for the activation of other line of business. I understand. Yes, precisely here another argument that we have not touched for simplicity, and for the limitation of time, but each entity also has its own level that identifies precisely what is its level of trust of the data. For example, a bank has a higher level, so level 1 while also the insurance because it follows high standards but already a utility therefore does not accompany the phone to a level 2 while I do not know a food company in which perhaps collect data for trust, etc. can already be a level 3 because it does not follow even less standards to certify these data collected. The difference is that if I have my data bank at level 1 I can transfer to a company of the same level or lower without problems because my data are certified by a bank so the transfer is really fast while on the contrary if these data come from a level 2 lower the bank to buy a new account these are blocked here in the transfers and the bank must make an order to go and certify all these information and once it is done can confirm them and then my data will be level 1. In fact, this is very important because then what denotes then the advantage at the operational level of the solution and ok ok, thank you. First. Well, there are the 28 and 48 I do not know if there are other questions if Luca and Piero have time or if there are other things that you want to show us I do not want to No, no let's say this was all and here if there are other questions let's leave the word So I have a suggestion let's say a little bit if because on the subject it is one of those items that I am personally looking at with attention also let's say on the international profile and if it can be of interest to see also solutions that have approached other legislative systems and maybe we will continue let's say off record and we will talk together Ok, a volunteer Ok I will change my contact Well, well, I am happy also with these events also to make some networks Well, I leave only 49 10 minutes then among other things we will start to edit you compared to the usual if there are no other questions if there are no other questions I remind you anyway everything we saw was live on YouTube and then soon it will be available so for those who want to see it take it again I found it on the YouTube channel If there are no other questions Thank you a good evening thank you thank you also to Pierre and Luca it was very interesting it is nice to see this solution let's see how it will go in the next steps Thank you Thank you Thank you Thank you Good evening see you in a month in the next episode Thank you Bye Bye