 Morning drum. Thanks for waking up early. Not a problem. I woke up super early this morning Darryl. It's just Got a few people in already let's give them a couple minutes to Go and I suggest we start at like two minutes after the hour not that way the normal five-minute drum I had to wait the normal normal five. It's all good. And And and you know, I can do video anytime if you want to do any video just let me know perfect I'm just setting up the Keynote Hey folks for those who are just waiting for the webinar to start just waiting a couple of minutes Not going to do too much past the top of the hour because Drummond and I have a fair bit of content to go through We're aiming to start at two minutes after so 10-02 Eastern 7-02 sorry drum Pacific and Lord knows what other time it is in your time. So talk soon last time round drum. I had a Countdown timer going on on top of my face. They just Didn't didn't go through that today. I Like to count down timer just remembered it. I'm like next time next time. I'll do that again. Yeah. Yeah Alex Walts, so I has a Nice little timer set up. Oh good. Just let go. I'm I'm just a beginner Yeah, and that's why you have such a rudimentary camera rig there Darrell, you know, that's cuz yeah That's a COVID thing man Yeah, well, I've lived through COVID too. And I still have the same camera rig, but just looking to see what the numbers are at I'm sure people are trickling in still or not a few more still coming in Looks like we got people from all over the planet. That's pretty cool. All right, Drummond What do you say we we kick things off a little bit here and People can probably catch up and and or they'll get a copy of the recording anyways if they missed the beginning Sounds good perfect So just a quick Who are we? I'm I'm Darrell O'Donnell I'm a couple of years ago. I've been around the space for this Decentralized identity SSI for well, I think before it was a term But a few years ago I did something was atypical was very odd for me to do which is I issued the wallet report We did that out of frustration Anybody who's read it. It's a long documents 80 90 pages But Drummond who I've known for many many years is the author along with Alec Brookshatt an editor of the Self-sovereign identity book Drummond was kind enough to create a condensed version of the report with me Which comprises chapter nine of that and drum you want to do a quick introduction for yourself? Yeah, sure as you can see on this screen. I'm at every name. I'm chief trust officer I've been working in this decentralized digital identity and digital trust space For 25 years now actually on I've been to every single one of the internet identity workshops They just had number 33. That's twice a year. So that's that's a lot of those and I work heavily on the The protocols involved, you know up and down the the stack and then also on the side of governance and governance frameworks so Love this and and it was a joy when we were when we're writing the self-sovereign identity book the I just said chapter on digital wallet agents Just put Daryl's name on it and said Daryl. We just need to condense that great big report. I didn't realize how challenging that would be because 85 90 pages of it was really dense But I think it it might been it's one of the best chapters in the book because of all the meat from that Daryl Well, thank you and drum you may want to throw your video on I'm not sure if you Know I might try it a couple times, but it says the host has stopped it Whatever that Yeah, so if the host will let me turn it on I don't know how I I don't know how to do that Okay, well Yeah, I'm not seeing where where I can change that so We just have to live with it. It's mostly we're gonna be using the deck most of the time anyways Let me just try one more thing here Sure, and well what we do that. Well, I give a shout out to Tim Balma who's in our audience who's also a contributor to another one of my favorite chapters in the book about SSI in Canada and And thanks for the link Tim. Yes, we're waving at you too I think Dave Roberts. I'm not sure if he's named in the book, but he's one of the authors there as well Yeah, so as I say Tim Tim and Dave excellent chapter on you know all the considerations for you know going into the Trust frameworks in Canada and the and the architecture that they've developed. I can't say enough about about that perfect Okay, you think I figured out the video while you were talking there. So good Fill in so I can do that So just real quickly go on and I'm Wow, I'm really not sure why that just did that Fairly a copy of the animation So we're gonna do a quick quick introduction here to the overall space by Drummond We're gonna talk a little bit about the landscape kind of where wallets are This is a kind of a fast hard-hitting webinar. We're only gonna be here for an hour both from and unfortunately We might be able to go a few minutes past the top of the hour But both of us have a pretty hard stop. I've got a board meeting to go to and drum I think you're you're doing another webinar or something. No, actually the W3C T-Pack their annual meeting is this week and the the session on verifiable credentials starts immediately after this Webinar, so that's where I'm gonna be right then definitely needs needs attention We'll talk a little bit about the Kind of good segue there for what where did the wall report get what did it get wrong as well as what did it get? Right and in there is some of the standards work that really does need some attention But also in that same vein, we're gonna talk about, you know, what kind of surprised us since the wall report has dropped It's been two and a half years Time has flown by and there's a few things there that Really kind of Surprised and I guess maybe in hindsight shouldn't be surprising but we'll see and then we have a Q&A And if you have any questions, just keep in mind fire him in through the chat or use the the Q&A button and drumming And I will monitor that so drum. Do you want to just give a quick color commentary on the? The whole reason why we're doing an update I know we didn't even talk about this in our prep session yesterday, but hey, off to you sure I You know, I imagine everyone on this webinar is aware that the topic of you know SSI and Decentralized digital identity decent decentralized digital trust infrastructure has grown pretty hot I like to point out that in Gartner's hype cycle that most folks are probably familiar with every emerging technology They put on the hype cycle Decentralized digital identity is right at the peak right now In fact, it's just on the other side of the peak as in oh you guys are about to head into the trough of disillusionment and I've been there a few times before that's a very it's like, you know look around for your parachute. I Feel somewhat differently about This space And I'm not saying we're not gonna go through trust disillusionment. I think we are you know, we're one of things I appreciate about the wallet report is it's very Matter-of-fact about where we really are and what we really need to get through And Darrell, I think you called it quite well in terms of some of the challenges that were there What we've seen Even at the time we were writing your chapter in the book based on the wallet report That was you know, that was about a year after the report. It came out. We were working on the chapter Already things had moved along and so the standards are moving at decentralized identifiers very fable credentials The infrastructure the utilities at layer one You know wallets agents are at layer two These are the four, you know overall layers of the trust of our P stack that folks sort of widely agree on Credentials and credential innovation is really happening massively But that tie-in and dependency on the wallet is is really coming out and then the the demand that layer four for For the applications and digital trust ecosystems That's what's driving everything and we're seeing a lot of innovation there that is also putting, you know demands on on the wallets, so I just think the space has moved fast and if you were to keep the wallet report up Darrell You'd have to practically be a full-time job Yeah, given anyone who knows me. I can't stand writing reports. So that's just not gonna happen But what that said it is something that we're looking at doing more often is keep these updates going and also perhaps bring in Some people who love writing reports that we can guide and stuff because it was I kind of had temper tantrums While I did it it was that was very childish about it So just jump into things quick outcomes What we want you to get out of this is to get an understanding of where has the landscape kind of shifted since the wallet report was pushed out But also get an idea of where changes have had have are either have already happened or Beginning to happen because some of them are some interesting forces that are really kind of shifting some things I'm gonna take that one question from Mr. Sean Bohan. This is Darrell should write more reports great idea. Yeah, I'm just gonna answer that live. No Okay So the wall report started off and one of the things that we discussed with the group that was we were creating this with Which range from IIW rebooting web of trust to various other venues as well as the kind of the the team that was Supporting the effort is that we weren't going to get into the history of the wallets in the history of wallets has not really changed It is a long history that report really covered it off. That's where that animation came from by the way drama But it's really mostly carnage the history from Microsoft passport through to Pretty much every major credit card major bank got into the top of wallet fight about five ten years ago in most of those organizations wallets or I know Mastercard had a master pass is that is a word that shall not be spoken in there There are stars from this stuff because tens of millions of dollars if not hundreds of millions of dollars were spent and Nothing came of it really and or what came of it was just a tiny Whiff of the of the potential But now we're looking and seeing digital wallets that are everywhere Ranging from in the SSI space I would call them the developer centric generic wallets These are the ones that you can put multiple credentials multiple connections and if you're not a developer you'd have no idea what you're even looking at We're seeing these in banking apps embedded into credit card crypto Apple recently adding MDL mobile drivers license support as well as vaccination passport best vaccination credentials in the Apple wallet I'm from Canada and we've got multiple provinces who have issued out both Card like wallet apps for our citizens as well as tools for the verifiers if I go to see a movie or a restaurant I still need to use those right now. Actually not even still need We're just starting to use them in in in starting in Ontario where I'm based Regardless the history is messy and it's still messy. So this kind of Wall report was written to kind of stop the the hand waving and understand all of the dimensions I don't don't pretend that we covered them all But a large number of the dimensions of what we have to think about and just how big the digital wallet space is So we're gonna go through quickly just you know, what did the report get wrong and right in I'm hoping this report doesn't move Okay, good. It didn't move yet And we'll go through these in more detail But I just wanted to rip through them really quickly one is and drum and I will do kind of a to use the term he Point he used yesterday is we're gonna use a sports thing with anyone who knows me I'm not a sports person unless it's like rugby or something I'm gonna do the play-by-play and he's gonna do the color commentary We'll kind of do that anyone who's you know worked with us in the past know that Drummond is kind of my work wife. We've spent I spend more time with drum and sometimes I do with my family So on the agents we got a fair bit wrong and we'll explain why because actually we got a fair bit right But overall I would say we were wrong The concept in the report Both the both versions of the report and I'll speak to what that means a little bit later Is that the single purpose wallet apps? We were right on that. Those are out there again We'll get more detail in a moment The prevalence of cloud and custodial wallets kind of got that wrong it was mentioned But not to the level of detail that I think we're what we're seeing in the wild What I'm now calling premature interoperability and premature standardization we got right It wasn't as strong in the report, but we'll speak a little bit to that and then trust registries We got very right and very wrong in many different ways So jump in on the on the eight. Oh there goes that animation It comes back That's what I get for doing it's the only time I've ever done a different through the trust registries webinar Made the thing move. It's only something I've ever done that I should have known the agents The left-hand side of this you're sort of seeing a cut and paste of image of the actual report Which speaks about the various different types of agents whether that be messaging or a health agent or home security or a buying a data use consent agent None of these things exist the agents that exist are really Quite crude Some are very important one for example is recent very recent work on The mediator agent everybody else mediator is simply the cloud agent that lets you know How do you talk to my phone? How does it talk to that up until these mediator agents came out? These were very vendor specific That's great. It's basically stored forward messaging agent That's not really where we are looking on the report on the agents drum any idea why you think that is that we haven't hit the ground running on building real purposeful agents as opposed to infrastructure level I'll give you two reasons one is not surprising. Hey, you got to build bottom up, right? It's hard to build the functionality I mean we're gonna talk about special purpose wallets and and I would actually argue that some of the some of the special purpose Wallets are taking functionality that will eventually be in agents But they're just doing it as a dedicated app and it's gonna move into the agent The other reason I think is also pretty straightforward, which is We need it. We need to have the agent agent communications protocol established and The good news is as you know did calm v2 is right around the corner We saw demonstrations at IW and I personally believe did calm is going to be the universal agent agent fact That's what it was originally called and then when it became clear it was gonna be did that did that's where the term did calm came from So I think as soon as that comes out, we'll start seeing that function will move up, but you're right It's right now. It's just mediators Yeah So I will talk a little bit more about this drum. I think part of it is we Part of us to your point is infrastructure. It's the basic Lego blocks that we need to build upon I think we've also been somewhat distracted by that premature interoperability, which is his own topic which we'll get into just a minute I would also say this is by the way a bullet point I added after we spoke, but I'd also say that some of this comes down to the The approach that the the our community has taken and I'm as guilty as any Of the technical purity of the SSI side We have been pushing the destination of you know sovereign has its principles of SSI the sovereign principles of SSI That all of them must be met at once and it's really really hard. I think the solutions that are out there right now have been Going in eyes wide open and the ones that are working meaning they have functioning agents at least and functioning tooling Are allowing and waiting for the full principles to be going it to be you know more pure later when necessary As opposed to us looking at the real business problems that we're trying to solve what is the actual problem we're trying to solve and how do we bring SSI Decentralized identity to bear upon those problems and we'll speak to a couple. She's really one example that comes up in a couple places As we go to the next slides of it There we go So one of the predictions in the report was that single purpose apps So a wallet that you may not even realize is a wallet Became sorry my zoom is now deciding to jump all over the screen for some reason perfect You may have an app that has an SSI wallet and you have no idea you've no clue that there's a Didcom connection in there and there's one or more or zero or more Credentials that are being used to do certain things. We've seen banking apps In credit Union space where they have an SSI wallet. It's absolutely silent to the member What they've done is they have a didcom connection. They have a credential that is silently checked After you onboarded to make sure that it really is you because they are experiencing really unbelievable levels of mobile banking fraud A good example of this might be a digital identity credential for a company This is to sign into two things inside of a company. E status has been doing this internally other groups have been doing this with more I would say broader business We're also seeing some governments right now there's about eight or nine maybe 10 governments right now that are creating kind of you call them a wallet app but really it's more of Digital identity app from the government because they're learning to explore the space and really doing a single purpose application is the only way they can really look at it Before I jump into bonafide member pastor how many thoughts on the why single purpose versus generic whoops has it has jumped ahead No, I I really do agree. I think again, ironically it is The solve a business problem solve a specific problem The fastest way to do that is with a specific app and yes it's got wallet functionality it's it's it's going to head in the direction of SSI decentralized identity but I don't it doesn't doesn't really surprise me I often bring up Darrell, you know the example of when when the web first started You know companies and folks and so oh wow we're going to start using a website they all thought they needed their own browser Right and then it began to become clear oh no you actually want it to be generic function I think we're going to go through the same kind of curve it'll start to become clear oh You're issuing credentials and you're issuing credentials you're issuing credentials you're not going to want a separate app all the time for for that you actually want it might been you're going to want both You want credentials to work on specific apps and you want generic wallets and they're going to they're going to work together. Yeah. And I think it's actually just kind of a good unplanned segue into the next sort of single purpose app which I want to bring up which is bonafide a former client of ours of mine. Produce member pass and last thing I said I said the last thing you want to do is build your own wallet, however, you need to build your own wallet, because in the long term this is going to become something that the developers consume, whether it be sitting in the Android and iOS stack itself, or there is some generic wallet capability that one can consume will speak a little bit about how how some groups are actually doing that right now building some real heavy infrastructure. But the bonafide member pass side really is a dead simple application. It establishes a did come connection and it issues a member pass credential. What's interesting is the learning that had been over creating this and this is something we deployed operationally I was the contract CTO. I think we deployed it operationally in January 2020 had been working before that but now there's about 20 credit unions who are using this system. Turns out the credential wasn't as important and this is something that I think the space is missing a little bit is everyone talks about credential credential credential because what we're actually using. This is an example about every credit union has their own logos for real is almost is asking almost as gax sorry the exact same question. Hey, are you on the phone with the call center from happy members credit union or unify financial credit union. Are you standing at the brain are you in the branch at long and main. Yes or no. They're asking this question because that is the fraud attack vector. And they don't need to credential for that because the did come channel is by definition authenticated and there are messaging protocols that allow you to exchange a simple question with yes now you get back a digitally cryptographically signed version of what the question was and how I answered it. And this has really changed a couple things one of the biggest learnings that happened there was and keep in mind that we're in in in many ways SSI zealots. Moving towards this member pass and see ledger the company behind which is now bonafide is one of the original supporters of sovereign and invested heavily in the space. New that there were two things happening here one that the credit union was on one side and the member was on the other, and that they were peers. Yet, we ended up falling into our own trap, because we're selling to the credit unions the feature that you'll really know what your member. And then that's important, absolutely critical that's the fraud attack vector, but we missed on a survey and I've probably probably heard me say this before folks. You get the surveys eight you know pick from one through four ABC ranked from nine to 10 at the end of every survey there's a obligatory question that never generates a signal, is there anything else you'd like to add. This is the only case I saw where that signal was better than the whole survey, and it bases everybody said something to the following. As a member, I can't tell you how happy am to know it's really the credit union. We've forgotten the two way part of this of this equation. That's did come that to me is the what the single purpose apps are proving to us. But to German to your point we started all all of us started with generic developer apps, move to the single purpose and we're going to move over time back to generic question comes when and I don't have an answer on that things are moving slower on on some of the fronts. Well, I just want to actually double down on your last point there, Darryl on that slide. And I'll just say, I've been saying for a while that the big the big win and SSI, you know, credentials are fantastic but it's the connections, it's a did calm messaging that, you know, private personal channel is is, you know what I caught when you're talking about individuals it's a private business channel when it's business to business or with a with a thing but you know a simple way to put it is back when some of us are old enough to remember right email was a killer app of the Internet right that's what I think did come to killer app of what we now call SSI decentralized identity and and the wallets and agents are necessary to have those did calm connections that's what you're doing it's it's wallet wallet it's did the did communications. I just, you know, a year from now Darryl will do this podcast and be the did come right, because I totally and so the fact that with with member pass it turned out to be the authenticated connection. I really think that reinforces the credentials will get more and more important and your point about. Well, you actually need need both parties right today we don't have that on the web right we find out there's a lock on the browser if there's a certificate on that server but you know it's a very asymmetric relationship when we both have credentials and we can exchange in both direction I mean phishing is going to be a thing of the past. Yeah, it's going to be almost comical really you think you're my bank okay. I'm just going to run through a couple quick questions here that relates Karen yeah you raised you know it seems single purpose are effective within verticals totally. That's where the single purpose apps really really shine. When you get into more generic ones where you have ecosystems talking to each other that's where we're going to get into the huh my vertical app doesn't fit here anymore, we need to go a little more general. I'll just kind of mentioned we're getting to folks we're getting some great questions in the q amp a and you know I think we'll have plenty of time to get to them don't don't think we're not paying attention. I knew there were going to be a ton of great questions. Yeah, I think we'll dive into the a few of these these these these. Yeah, some of these questions are going to be a little probably a little harder to answer but I'm looking at I think we can start answering all of them but I'd like if you don't mind drum and run through. Yeah, we are because I think we might cover off some of them, but they get into the nitty gritty especially on the, the single purpose and the crypto stuff on the wallet apps. So cloud custodial wallets is an area that we kind of didn't really see coming to the same level as which they have a happened. This being that customers are requesting kind of a no app option, they want to have a cloud or custodial wallet where someone is taking care of this. I actually met with a different with the relatively large identity organization yesterday and actually use this exact slide that we created while we talk talk yesterday drumming the problems I see behind this one is is simple is great. That's that's fantastic you're improving the situation. It gets difficult quickly because you can't get the same level of assurance and security when you're sitting with a cloud custodial wallet for a couple of reasons one is it's hard to prove it's actually me accessing that that wallet, and you may fall right back down to using a password. Someone may say I heard someone say well it's instead it's a pin in a passcode I'm like. Really. Okay, great. That's wildly different than that. Realization was. Yeah, maybe that's not any better. This is an area where I don't have a problem compromising on some of the SSI principles because if you're heading in the right direction you can't be perfect. And I would argue we're not certain that you know 10 years from now that we will we may look back and say we didn't quite quite have the principles nailed, but we're heading in the right direction. But I'm finding that some of them are in this answers one of the questions of that's in there is about SSI is where's the line between addressing current business needs and being misleading meaning someone says where SSI basis like to use a technical phrase horseshit. You're you're a scammer. Basically, this is where things get a little bit funky. Part of the question would be well who's in charge of that cloud is it is it the vendor. Who's in my relationship or is it really a third party that we both kind of trust the wall reports spoke to for example, I actually when it comes to digital assets that exist only in my wallet as opposed to those that are on chain and recoverable. I actually want someone involved in my life whether that be an insurance company a telco a bank, a specialized provider who's going to do that backup and make sure that it's really secure to recover my backup so that doesn't become my attack factor. I have no problem with third parties being involved when they're adding value. The question in my mind is, when you're leaving the power on the side of the vendor, it becomes a little bit tougher on that one drama any thoughts on that. Oh man I have a ton of thoughts on this but I'll keep it really short. I, and I'm glad you brought up that last bullet. We have seen, you know, market evidence. As I mentioned yesterday, Dale when we were talking, every name put our initial work and still our major focus has been edge wallets right wallets on your local device your your smartphone. Because it, it's implementing one of the key design principles were finishing in a paper for the trust RP Foundation keys at the edge. Right. That's the safest place to have your keys. Now, given that there are many, what we're seeing as many, many cases, and I divide them into two groups. One is transitional. The other one is, they just simply don't have the option they they don't have the connection they don't have the device. They are displaced populations are just there's you know and I'd say that's maybe as much as a quarter or a third of humanity is still going to be in a position for our lifetimes of not being able to have that they're going to need those cloud and custodial wallets. And so we're seeing more and more demand for that we have it on our roadmap to add more robust support for that. The second key point I'll make is the way to think about this that will be in my opinion and I've had this for a long time and I'm feeling more and more strongly about it all the time. It will be compatible with principles SSI the security issues we're going to have to work through but the way to make it compatible one word fiduciary right that cloud wallet or custodial wallet provider has to be in the same kind of fiduciary position that your bank or your credit union. Is in in terms of serving as your, you know, talk about agent, your ultimate agent in terms of giving you control of that ensuring you have control, and the real test will be that final bullet portability. Can you move from one, you know, custodial or cloud wallet provider to another one. And of course, can you always have the choice of moving it to your local device right the refugee that finally, you know, moves to a new situation can they take all those credentials. All those did that they've established relationships, and then finally move them into their own devices and and and not have to depend on that so anyway that's enough said on that one. You know, actually, that point you raised the fiduciary in the in the dovetails into one of the questions that Timo was asked is, he's wondering what a what your thoughts are when it takes a generic walls really take off does it need to be an OS level thing, meaning built into iOS and Android, or is there another way another vendor that we can pull this off without requiring and or capitulating to that's my phrase, not not team was to Apple and Google. The cloud actually lets us start to ask the question, where does my stuff need to be, because here's the business problem. If I ask you for right now a coven credential and identity. Right now those are two distinct applications and neither can answer both questions. Now we have this really screwy and just it's just to my mind, it's a dead duck we can't do it of. Oh, let me pull out my driver's license app and show it to you and you've got a passport app and, and I've got oh and I've got a vaccine app and I got a piece of paper you can drum got a piece of paper. It's useless. But if our phones could basically say yep, I'm in control of that and I'm going to make sure that one there's a biometric tie that I know that this is Darrell, as opposed to someone else. And it may reach to the cloud and come back and it might be a local cash if you're offline that type of stuff was probably an intermediate step or we have the cloud and it may stay there. Or the operating system vendors have to come in. John Jordan did a really good I don't have the slide handy but a really good deep thinking with another gentleman out in BC Peter Watkins that we need to be able to do two things. Our devices must be able to respond with attributes or claims from one or more credentials, which means you need a single service responding on your device otherwise you get this terrible UX. But then he gets into that what does that mean. So the second piece of confidentiality and privacy. The second piece being is it when he used the analogy of going to the doctor's office. So two things fall out of that one is it the communication the existence of the communications should not require a third party unless we agree. The doctor's office I don't need to tell you that if I decide to tell you that and decide might mean, hey, I'm sending $10,000 to drum and that's private $10,001. I'm going to break the law. If I don't have a third party involves that's my choice. I could break the law probably shouldn't. The second piece there is that no one knows the contents of what we discussed so if I went to the doctors you didn't know about it but even if I did tell you went to the doctors. It's not your business what what we discussed, unless I decide, again, for whatever reasons, the details of what that is so money analogy maybe has to be the amount of money and source of funds and was KYC AML done. So I might help on on team aside. So here's one where I got ranted on it I I w is what I call premature interoperability and premature standardization. My view is that we're still in the very earliest of stages if I take one standard that everyone says right now. That we're compatible with the W3C verifiable credentials spec went great. There's at least four variants there and I there is no conformance test. So when you tell me that as an architect or business type. I don't even know what you're saying all I know is you're, you're saying you're part of the standard but it is a very low utility for me. I need to get to the point where those standards are much more predictable we understand the privacy impacts for example on the W3C verifiable credentials spec, but even the spec itself says hey great. Here's this, this this thing. Wow. It's a mini DV tape I don't even know why I have it on my desk. I can tell you the exact format of what this is and stuff like that but if you don't this is really great actually analogy. I don't have the camera for it anymore. I don't know how to put it in the camera. I don't know how to take it out I don't know how to press play. Same thing goes for the credential. Here's an old bank card of mine. I can hand you the if I don't know how how to offer it to you. If you don't know how to ask it from me. If you don't know how to offer it to me. The format of this is absolutely utterly irrelevant. We're great. We're starting on that but people have prematurely jumped in on the standard side thinking it's solving the problems and it's not. So what ends up happening is this concept of interoperability is elusive and ill for ill defined. And it causes business confusion which again goes back to the single purpose app. Just get your own stuff working get your own ecosystem working but head towards where things are. So what's happening right now is many organizations drum and I should have brought up and it occurred to me as we went through the single purpose app I should have brought up the I add a use cases where someone is picking a stack and I'll jump in and introduce I add and then if you could speak to it sure because I want to be the one introducing it saying I add a and its partners said we're picking the ever name stack to meet our business needs. Can you explain why they did that drum and what they're getting out of it. I think the short answer is. It's a, you know, it's, it's, it's a stack, it is based on you know hyperledger and the areas protocols. I think the most important thing in their decision was that it fully implements a non creds zero large proof credentials, and that give the, you know, it's fully fully decentralized and give passengers complete control over their digital wallets they needed to meet the highest you know at their international airline association I have to meet the highest privacy standards in the world for all the airlines. And they, you know, it's one of those unusual cases where the business driver was to actually be, you know, call it full SSI. And they remain, you know, steadfastedly. That's, that's what their requirements are. Well, I'll be the play devil's advocate a little bit. They're still picking a vendor, and they're tied to every now. Let's not kid ourselves. But what's really cool about it is those I had a travel passes have a very short life. So as the standards and interrupt become more clear, you can transition away and I would never know that hey to two years ago I use and I had a travel pass wouldn't work anywhere else, but now they work everywhere. I wish she baby step this along as opposed to something that's really, really long lived, like a driver's license that I want to make sure is under control which actually kind of a nice segue again. It's like I plan this from it. We're seeing governments around the globe right now pick stacks. They're typically picking open source stack. And quickly we're seeing, I don't know how many governments right now. There are governments in Canada, Germany, Finland, Netherlands, Spain, using picking different stacks. The most common one right now is hyper ledger areas hyper ledger indie. The reason for that is to me in my view at least is a couple of things nations are exerting their own digital sovereignty. They've recognized quickly that the big tech companies. One are now geopolitical players I was tweeting out about in Bremer as a beautiful article in foreign affairs on what that means and what it could become. But countries, whether that be the national level or regional level are realizing that they need to get control of this for their citizens for their own purposes. So what they're doing is standardizing on a very limited set of use cases, very limited set of things that they're issuing to you. We've seen drivers licenses come out. We've seen new identity cards come out. Hey, here's your photo. That's a term we use, you know, can I can I buy, can I buy booze type of thing, as well as an address, very simple credential useful in many different contexts, not extremely high assurance meaning that no one's going to die because I used it. No one's going to collapse a business because I used it, but it can start to make my life easier more important. We can learn what those real interactions are at the points of engagement that that's where the interoperability is absolutely crucial. And that that pattern happened. And to me, this pattern of picking a stack, whether that be I add a saying we're going commercial on this, and knowing they have a way out. Like, I've always said and I've been a thorn in the side of ever name at times for my clients in that my statement has always been, I must be able to remove you as a partner. It can't be open heart surgery and risky and, but it also can't be just like taking advantage of this is where we're in bed together we're doing something but I cannot have you hold my business my client's business in danger. You're a partner because you're the best partner you can be let's work on that the minute becomes I needed to divorce you well now we're in a whole different conversation. But what I'm really liking to see is this alignment is starting to happen and it's happening on a couple other fronts, one of which is the agent agent discussion which became Harper ledger areas. And part of did calm it kind of forked off into what I'll be doing me messaging families. It also a diff so diff has did calm. It also has this thing wacky pecs web and credential interface presentation exchange. Exactly you got it. So some people love the name. I think it needs some marketing people behind it. Regardless what's really cool is we have two different groups hyper ledger areas management hyper ledger aligns really really well with crossover IP Foundation was drumming and I are both founders of a line's really really well with wacky pecs, because we're getting to the point of hey I need to show you this credential. Here you go. You need to request a credential. Here you go. We're starting to answer the right questions and that's where the interoperability standardization is going to happen I think. Next one the last one I think it is drama is the trust registries which I thought I had been so critically, you know, this is absolutely totally required. The wall report talked about it but I forgot that parts of it were private. There were two reports, those who have read the wall report. Lots of people have and thank you for the feedback again not writing another one. There were actually two. The sponsors, the folks that worked with me on that we threw in a bunch of money and time and they threw money and time in received a private report. It was aimed specifically at what does this all mean to you. The trust registry was mentioned in the in the public wall report, but the context and why it mattered on a business level was mentioned in much more detail on the private report. But in essence, let's cover off and drum, do you want to run through the quick trust triangle here or do you want me to run through it. You go ahead. This is, yeah, I think, yeah, go ahead. Perfect. So the whole concept, anybody in SSI probably has seen this too many times when I'm going to show you where something something falls down a little bit. So as an issue where I issue a variable credential, a driver's license to a holder. Okay. So drum and you've got a driver's license that I've issued to you. And later a verifier is going to say hey drum and I need to I need to see your driver's license makes a request for a proof gets that and says cool. I trust the issuer, but do you. And this is the Sankrishan I don't think it's on the call but he's, he would be here waiting for me to say, turns out I'm a high school student from new Brunswick who is selling fake drivers licenses on the internet for $20 a piece. You have no idea that this public did is anchored to a real institution. Is it this high school kid who's issuing this out. So how do we know, how's the verifier know the issuer is authoritative. And in the good health password we did at the beginning of the year. We got to start answering another question is, should I give this private information because right now the vaccine information it really is in many ways, private health information, should I give this information to the verifier. Are they trusted to see and consume this this becomes more and more important to use that same driver's license analogy. And this one gets beaten up too much in the SSI space. How do I know I should give my full driver's license to someone at a bar, because they should be asking for an age majority, are you old enough to drink. If they asked for the full I might want to say hey no you're not a law enforcement person you're not a government official. I'm actually going to report you to my ecosystem privacy folks. So here's what we realized it in drum and I think drum and you and Charlie Charlie from Mastercard at the time. Realize it's really a trust diamond, because there needs to be a governance authority that is managing the issuers managing the verifiers, potentially, which alludes to a question of manual asked about the cryptographic health of a remote wallet, potentially managing the holders and the wallets. They may actually need to do this. And they do this by publishing a governance framework and here's the hint that governance framework is absolutely critical. It tells you, you know, one, where do I get the list of the dids, or later down the road where do I get the list of how do I know what the credential looks like that the governance authority says you are a bonafide issuer, you can trust this to some extent. Um, I kind of jumped through this one and now I've got a bad slide. We're running out of time drum and how about I, wow, we got lots of questions too. I'm going to burn through this one but just part of the question we did this in member pass over two years ago, which is why I'm disappointed that the report didn't raise the importance of a trust or disease so much. We answered the question all credit union issues a member a member pass credential is presented to typically another credit union or actually most commonly their own credit unions this one's really easy does the did match that's they know that. But now they're starting to answer the question because they do shared branching is I can walk from unified financial into a desert financial credit union and take money out of my unified account. They want to know was that really a unified credential that's why we built at what's called the member pass trust registry which is the public did sir listed, there's an allow list that says, here's this and by the way here's who it is. And if you need to get into their NCUA file on their credit their national credit union registration, you can do so. And that one's anchored down to sovereign. I think the next slide drum really is Q&A, and we got a lot. Yeah, totally. I just relative to trust registries. I want to point out the folks, and I'll put the link in the, in the chat. Darrell and I co chaired coming out of the good health password. I was at trust over IP and and produced. We're aiming for, you know, 45 days it took us closer to 90 but we have a trust registry protocol spec that is in review right now. It's, it's, you know, it's like V1 lowest common denominator but, you know, should take care of both those basic use cases that Darrell was talking about. And we see, you know, a lot of evolution there. I know there's probably someone on the call it's gonna say well what about just chaining credentials, and we're like yep, you can do that to both are passed to the same end result. And as Darrell says, we just need to build up, you know, not prematurely go too far but get the working solutions in place and we'll work it out. So, tons of great questions there I don't know how you want to jump through. I think Karen I think is asked a really good question is, you know, how do you allow for an appointed governance authority to manage things but I'm going to kind of twist the question around a little bit Karen hopefully I'll answer it. You know, for a credential can bring value and aggregate but also provide benefit for a single person like I'm not even sure this will answer the question but but think about the concept of issuing a digital driver's license or the physical one. Okay. Interestingly enough, I received a new driver's license last night this is expired. The government right now, this is from I live in Ontario the government right now is considering down the path they've announced this they're going to be issuing digital versions of these things. And what does it mean and what does it mean in liability terms and stuff or right now I've been using my driver's license around the world with various rental car agencies. No formal agreement and no liability exists between Hertz in Utah and the province of Ontario, zero connection but its utility unto itself I'm carrying a what's known as a driver's license, what's also interesting with this one is it's expired. I really use this to get into a bar if someone was ever. You know I'm guessing it's a policy choice if they're asking me for for if I'm old enough to drink or not. There's lots of different utilities there on the governance authorities which if they keep it nice and simple, we can start to do a lot with these credentials with very light governance on top of these types of things much or Karen if that answer your question hoping it kind of does. Any questions you wanted to dive in on. Oh, there's some menu is asked twice different questions about I like the succinct this how can want to test the cryptographic health of a remote wallet, and earlier on. You know, from multi purpose walls, how do you get cryptographic up at station at test station of the cryptographic health of the wallet. We're relying on a third party unmanaged wallet of unknown cryptographic quality. Two things I want to say about that one. The first one is yes. We definitely need governance frameworks that establish privacy security requirements for wallets that are certified, in which case, the wallet is actually you know the wallet is a thing from which you can request a credential. That's point one that sort of gets to the point of well how how far down will it go with the wallet be you know we're sort of we're at the app stage then we got the browser stage and we got the OS stage. I do believe eventually you're going to move down to the OS I don't know exactly how long it will take, but I think those those attestations will get stronger and stronger as you move down. I think we need also I would also add on the on that. How do you trust the wallet question. You also need to know you know what are we trusting. One of the learnings we had drumming when I was, you know, CTO for CEO ledger bonafi. We were using connect me in a variant of white labeled version of connect me. And it has a capability of doing a backup and recovery, which seems totally normal until you realize a credit union or bank is like what hang on a second. You can move phones without me knowing. Now whether that's a valid question or not. It leads need some discussion, but the business cases they're trying to solve which is a major fraud vector it's called family fraud, where I take mom's phone back it up. Either I've and I restore it and she has no idea that I'm approving transactions on my phone, not hers. So this is whole thing can I move things in between. I'm working with the government right now that that is one of the flags we need to set is the it works on this device only. And the analogy there is hey it's the same as if I, if I lose my physical wallet, or if I buy a new wallet I may have to do a painful process I mean buying new wallets a little different but I lose it. I have to go and get the credentials again will get better in that but those rules of the road is where the governance becomes important is am I allowed to move my credential around yes or no. I am into which wallets in the report we jokingly, and I've used this a lot is, you know, do I trust Bubba's wallet best user experience. We've been told it's really really secure but every time it does something this kind of elusive another leakage team oh your leakage question. Every time I do something it sends information to North Korea. I think it's really not a good idea to use Bubba's wallet. And I'd like to know how that gets. How do we test the conformance I'll be set the conformance criteria. How do we accredit that conformance criteria, which on the high security side the high assurance credentials we're going to end up with a small limited list I think of wallet providers, because it's hard. Those high assurance credentials, no one's going to make money, making that wallet they're going to make money on the fact what it enables that wallet is going to be really hard to build. Well the other other key point here is that, as I like to put it there, there are two things you as a verifier, the higher assurance you need the two things you need to know, you need to know the wallet secure, although I want to point out one other thing is a lot of folks focus on wallet security without realizing that credentials are digitally signed and pass through the wallet. Okay, so, you know, I'm saying wallet security is not important you have to control your keys and your keys, but you can't compromise a credential by compromising the wallet, right, you could get access to credential but you're not going to be able to turn around and, you know, so I just want to point that out. But the key is, you don't want to actually lock credentials to the device, in most cases, because people change devices and they're going to we're going to absolutely and we are already starting to tackle multi device I use, you know, I use encrypted messaging apps on all my devices, and I can switch between them and I need to be able to do that we need to be able to do that with wallets. The other part of the the other leg there is the is the person or you need to be able to authenticate you need liveness detection. And that's getting better and better they're, you know, most of the solutions on the market are proprietary. But again, like you said, Darrell, it's hard, but there are solutions and we're integrating them. Evermins evermins working with MasterCard and integrating and we're going to be rolling that out. So we can start to have really high quality liveness detection and give verifiers the assurance they're looking for. Good. Greg's asked a question about and I'll start with this one maybe you can finish up with the drum and is, how do you reconcile centralized governance authority in the decentralized world. I'm going to push back on the premise. There's nothing that's fully decentralized, nothing on the planet is a question of where the decentralization points and are you tolerating them. So let's take a very trivial example. And actually I just read about this on Twitter. Someone shows up with a driver's license in in Utah, let's go back down to Utah I had a really weird experience there but we'll talk about that. And shows her driver's license and is told why I don't accept that driver's license without a passport. I was looking at their driver's license and wondering what the heck is going on turns out the young, assuming young or just uneducated ignorant person behind the counter, didn't realize New Mexico was part of the United States. That system is decentralized. It is issue I am carrying and using my credential that was issued by a centralized authority. Sure, but I'm using it with hurts because they want to see a proof I'm allowed to drive they don't need that other than their insurance purposes. There's a whole reasons of why and how they use they also use credit cards to know that I'm a real person with actually some life behind me to because that's what they don't necessarily charge it yet. Because I can pay cash for my rental car but they'll still ask for credit card. The worlds are decentralized in their own different ways. When you push into defy and and get into the realm of more and more and more decentralized. You're still going to end up with something that says oh hang on a second here. I'm a resident of Canada. I'm a citizen of Canada. I just transferred $150,000 USD to someone offshore turns out they're a terrorist. That's a totally decentralized transaction. I'm still liable under the law of funding terrorism so how are you going to jive those two. You can, you can't separate them. You can go and live on an island perhaps and you know do some C studying they're still going to come down with rules that you have to follow that your little centralization bubble. How do you force apart the massive centralization that ends up happening when everything is being tracked by a single bank is my institution doing my whole life. And then I move countries and realize that Barclays in the UK is not Barclays in the US and now I don't exist. That's the centralization points which are not logical. They're dangerous. Not that that's you know, I mean that's a hell of a problem if I've gone 10 years into the gain world of using Barclays and I move countries. I have doubt just collapsed my whole digital existence. So it's a question of where are you centralizing and tolerating versus hoping decentralization is going to solve all the problems it's not. It's going to break apart some of the problems and make them much more I mean much more soluble. I've read it enough. Well I love Scott Perry's quote in the in the chat decentralized equals a million centralized governing authorities linked to the web of trust. I strongly agree with you, Darryl anyone who says decentralization means zero centralization I just don't think that's actually how society works. We're not going to get rid of governments. You know, we could change the ratio of things and that's what we're going to be doing but it's it's a matter of I mean people don't refer to this right the way we've been having our identity for a long time as oh this is highly centralized yes the credentials in this wallet are issued by institutions that have developed trust and that's why they work. One thing I like to point out is, folks say oh well SSI can't work, because you insist on decentralization we go no you're going to have credentials from trusted authorities, but then they think oh well SSI is just about that and know it. The whole infrastructure is going to support the new decentralized forms of producing trust right that don't have to rely on on centralized institution. The whole spectrum is going to work. If we get the standards right if we get the infrastructure right so that's that's what we need to do. I know we're out of time. I knew they're going to be waiting more questions we can answer Darryl. There's definitely loads of questions one of them is really I think good maybe maybe to close on, which is what do you think about the European Commission proposal for revision regarding EIS, which really and to paraphrase you know really opens the door to SSI. To me, I think it's amazing and what we're seeing similar in announcements in the Canadian governments and other governments all around. The recognizing that that SSI is actually much more aligned with how they've been doing things in the past. They give me a passport that I use, they give me a driver's license that I use. They need to know it's me in order to provide me with services. Quick one. When COVID hit and the Canadian economy collapsed. If you were living in BC or Alberta and applied for federal benefits and had a digital identity. You got your benefits within seconds wasn't measured in minutes. It was measured in check this box we know who you are. See you later. You didn't have to work in the physical was measured in weeks or months. Governments want to serve their citizens in their own particular way. The SSI world is much more natural, and avoids them as john Jordan says, avoids the temptation of surveillance. Governments don't even want the ability to surveil that you're using your driver's license at a casino to get into a bar, or to use it for whatever purpose they just wanted your there that is used for driving. And you may use it for other purposes. They don't want that information. But yeah drum I need to jump on on to a board meeting. How about you. Yeah, I know I, I, it's like, we have to do this on a regular basis, Darrell, because there's so many good questions and the space is moving so fast, I want to thank everyone who's come together to, you know, to focus on this topic. I want to reinforce, I'll say it again, digital wallets and the empowerment that they represent for individuals and businesses and devices and the whole, you know, decentralized digital trust infrastructure they are at the very center. So, this is critical next week where every name is going to be giving a webinar on the, you know, the issues at W3C with the did spec being objected to by guess who Google, Apple Mozilla, only three. Why, we're going to get right down to, you know, questions and issues like that this is a war for, you know, it's the wallet wars, and boy we need that to turn out right. Perfect. Well, drumming I'd like to thank you for joining me on this and folks will be sending out an email to everybody linked to this link to the deck. I'll include as well the trust registry webinar which is just a month ago. Probably about it I think for now. Thanks a ton and if we'll also go through the questions and see if just fundamentally something we missed. Yeah, I'm very happy to do it and we'll we keep going. It's a journey and we've we're still you know, we're at the end of the beginning how's that. Yep. Awesome. Well thanks a ton folks I'm going to stop the share and you guys all keep being awesome. You too Darryl. Thanks very much. You bet.