 So, there's two parts to this talk. The main part is going to focus on the title that we put in the program, and the precursor part is going to go over the course that I've worked on with my partner Lucy Yang, getting started with self-sovereign identity, so that hopefully as people trickle in from lunch, those who wanted to hear all about the open standards won't miss that part. So, this is the outline for part one, which is why do this course, who's the intended audience, the intended goals, and the course highlights along with an outline that we'll walk through. So, why do we need this class? Well, for starters, we need to have good digital systems to manage our identity. COVID was a prompt for a lot of some of this work to accelerate, but the community that I've been part of and leading has been gathering and considering how humans, how we can manage digital identities since 2005. We started the Internet Identity Workshop. And coming out of this community, we believe the SSI is a great way to enable good digital identity systems. With my research, sort of trying to contextualize SSI relative to earlier identity systems, it's become really clear to me that the way organizations manage the identities of the humans that they interact with are core part of institutional memory. And our question that we have now as these institutional memories that used to be kept on paper are transitioning to digital is how does the memory of the institutions work and how do the humans who are connecting into those institutions interact with them in a way that's respectful of them and respectful of the needs that we have of humans in our dignity with our data, right? And so, SSI is a tool, a part of a toolkit, I think, of how we rewire and work together. And as its standards and technology matures, SSI is on its way to becoming a key part of Internet infrastructure. And we'll get to the details of why that is when I walk through the standards in part two. So, the audience for this class is decision makers, both in business and government, trying to understand what SSI is and how to make decisions about it. Technologists who are seeking a high-level overview of SSI and guidance on where to look for more information. And the general public who want understand how these digital identity systems work and how SSI is trying to make a difference. I think this is actually an underestimated audience for this. I think there's the industry. Can I move somewhere to have less feedback? Because I'm hearing it in, or can you turn the volume of the audio down? I'm loud enough for them to hear, but the listening audience needs to... Okay, thank you. I appreciate it. So, the general public is an important audience for this, particularly as the fear about digital identity increases, the conspiracy theories grow, and it's really important that we are able to communicate clearly about how these systems work and contrast them with other systems that I actually share some of their concerns and worries about. The course is not providing a single source of truth, but rather a framework of thinking and doing about these technologies. It's fast-moving. So, we wrote the course in a way that the core essence of it won't be different a year from now. So, we also frame SSI as both a concept, a set of principles that we go over, along with the standards and technology and tools. So, we give a framework for how you can understand initial investments and how to get started with your organization, think about future research, avoid misconceptions about SSI, and find the right places to pursue further technical knowledge if you want it. So, at a high level, we look at the complexity of identity and identity systems, and you'll see that when I walk through the chapters of the class. The first two chapters don't even get to SSI at all. They lay out what is digital, what is identity for starters, what is digital identity, and how to think about it. The whys of the technology, so really helping to translate the technical decisions that have been made over these last seven years as this technology developed for decision makers to be able to think about the implications, both for their own businesses and broader society, and touching on the practicality of early implementations, sharing our observations of what works and what doesn't, and around approaching the early implementation. I think one of the things I've really enjoyed about working with Lucy is her business background and really thinking about like, you know, we say this in some of our presentations, there are really use cases everywhere, but where, what are the use cases that bring business value and are small enough to implement in the short term so you can get the business value and then grow from there as opposed to giant grand visions that, you know, they're fabulous, but you can't like build them, you know, in a month. So, this is the course outline, the basics of identity and digital identity. We put links into some of the key papers that have influenced the community like the functional identity paper by Joe Andrew. We go over my book and the domains of identity. We look at the identity spectrum, which is sort of thinking about how on the one hand you have pseudonymity, on the other hand you have super verified, and there's a bunch of stuff in the middle, it's not one or the other. And some core vocabulary like authentication, authorization, these just words that we use in identity that may mean something different in sort of everyday English. The second chapter is looking at the evolution of digital identity systems specifically and the kind of history of how we got to now with computers, which is and how identity works inside of them, which is sort of by accident, like the first computers did not have accounts, the next generation was doing time sharing, so needed accounts, so they created the username and password, and then we got stuck with that paradigm for like decades. SSI and things like FIDO are trying to break us out of that paradigm, but it's it's a challenge because it's deeply embedded in that history. We look at the history of paper-based identity systems and I just recently released a paper called Seeing Self-Saw and Identity in Historical Context that tries to link, look at this history of computer technology, the history of paper-based identity technology, and makes the case that SSI is where those two paradigms can meet in a good way as opposed to a conflicting way. Then on chapter three, we get to the introduction of SSI. What are the core principles that have been outlined for the business folks? We cover public key cryptography 101 because if you don't understand crypto at some conceptual level, none of this makes any sense. In public key infrastructure, which goes with that, key technical building blocks, and then touching on ecosystems and governance along with where to go and participate and find all the open standards. Chapter four looks at the growing adoption of SSI to solve real-world problems, so we consider how it's beneficial and how applying, using SSI for people organization things is slightly different, but you can use it for all three of those. We look at how SSI fits into what some folks are calling the dynamic data economy. It's one thing to do signed packages of data in very public credentials, but what does the data mean and how do you go find that in the universe of ontologies to help parse whatever is in those credentials? We talk about key SSI initiatives across the world, which all sprinkle in some of those highlights when we get into the standards and talking about where they're getting adopted, looking at the challenges with adoption and touching on subjects like guardianship and SSI. So this is where, for example, a parent is managing the credentials of their child or an adult child is managing the credentials of an elder parent, those types of these cases. What are the key considerations for implementing SSI? Where is your ecosystem at and how to think about SSI as really an ecosystem play? It's not about you solving the problems internally or enterprise. It's how do you communicate things you know about to other parties who want to share that information with third and fourth and fifth parties that aren't you and you don't really want to have a business with relationships with those fourth and fifth parties, so you can use these standards to support that. Evolution or revolution, that's a great question. Some in our community have been advocating for revolution for a long time. I think we need to stick with the evolution track. Really highlighting the distinction between open source and open standards, thinking about how questions to ask potential vendors in the space and trends, money trends, like where is the business happening? And this is the final chapter. Other important things to know, how does SSI relate to Web 3 decentralized web technologies, contextualizing the sort of blockchain as an option but not a requirement. What's happening with cryptocurrency relative to SSI and closing out with the all important not every digital identity system is a conspiracy theory. So I'll pause now for questions and answers about the course outline that I just shared. Where do you go to sign up on the LF website? If you go to LF training and you search for it, you'd be able to find it. Okay, that's how you sign up. Okay, so I'll repeat that for the folks who can't hear. It's also on the edX platform. So if you go there and search for self sovereign identity, you can find it there. Great. Okay, so now I'll get to the heart of this is this is sort of what you will what's covered in chapter. I think it was four of the of the the course understanding self sovereign identity, open standards and open source. So open standards really are an incredible thing that we almost often barely notice, right? They are the basis of the modern world. And this is a book about stand two books about standards that I quite like. The subtitle of that the book standards is recipes for reality. And the reason that they are that we have some weights here that are standardized is if we had to haggle about what measuring system we use to go and buy our groceries or get gasoline in our cars, that would be like a whole other level of trying to figure out what we mean. So the fact that governments around the world are like, this is what a milliliter is. And this is what a gram is means that we don't have to have that argument. It's just a standard we can all rely on. And so we have standards for transportation. We have standards for time, which wasn't standardized until the railroad came about when you had a different time zone for every city. Standards for communication internationally began to be developed in 1865 with the invention of the telegraph and the undersea cables. We have standards for the internet that were sort of created in these university labs in the beginning in the 60s and really growing throughout the 70s and then hosted in the internet engineering task course. We have standards for the web, HTML and CSS are the ones you know about. But there's, I like to think about open standards as kind of like the original public goods. So there's all this chatter these days about digital public goods. They're great. And we've had some happening for a really long time. This is a book that I actually found at Strand's bookstore in New York I think the year we started the internet identity workshop and it really made clear to me the importance of this work that we have around standards. And it's really the subtitle that's important. How control exists after decentralization. And it makes the argument that protocols not only are what humans are making to interact with, but what life makes to interact with. So DNA is a protocol for encoding proteins that make up life. Hormones that circulate through our bodies are protocols that tell different parts of our bodies to do different things. Protocols are really deep in a kind of way that goes beyond what we decide to make up about them. But we also now with computer technology get to decide what the protocols are. So we have a missing layer on the internet. There are no protocols that define user identifiers separate from the application or a particular domain. And there are no protocols to express attributes about people that are portable between contacts without a pre-existing connection. So that is the core problem that has motivated the community I've led since 2005 at the internet identity workshop is like, how do we get that to work? And I think SSI has a lot of the key components. Are you going to take a photo of what these are up on the internet? So this kind of stepping back to the original place where I got inspired by this work was a white paper called the augmented social network white paper. And it was published in two sets in three. It said, look, we've got organizations and we've got individuals. And how do they interact? And a community that gathered in 1999, so consider this question around how environmental groups collaborated. They met in the Bay Area, right? So tech is sort of percolating there earlier than everywhere else. And they came up with really two terrible answers, which is they could be one giant portal and all the people who cared about the environment could join it. But then the organizations would lose autonomy. Or they could stay isolated. They clearly chose this because Facebook built that, right? But they were thinking about it. And instead they were like, what if organizations have identities and people had identities? And we had protocols that helped the people and the organizations both be first class objects on the network and get connected to each other. And that's how you would what's called the bipartite network, two different kind of layers or types of actors in it. And so self sovereign identity is really what actually can provide this connection protocols between people and organizations. So the first core standard that I want to talk about is decentralized identifiers, which were approved by the W3C over the objections of Apple, Google and Mozilla. You want to read about all that political hoo-ha, you can, it's entertaining. But before we get into explaining how they work, let's just walk quickly through how digital identifiers are managed today. So on the one hand, we have private namespaces. So Twitter handles, LinkedIn accounts, Gmail addresses. So when you have identifiers in these namespaces, you are at the affect of the owner of the namespace. You can often communicate only internally into the namespace with the exception of email, which is based on an open standard to communicate across domains. So they're not great. We also have, uh-oh, did this slide, there's missing slides. Okay, sorry. We also have globally managed registries. So these are like domain name addresses, phone number systems, IP addresses. They are broadly accessible, but you pay rent. Oh, we've got spelling errors on here. Oh, well, you pay rent to keep your identifier. If you don't pay your domain name bill or your phone number bill, you lose it. You're at the affect and the governance of those global namespaces. They are globally resolvable, which is good. So we want to figure out how we get that. They're the basis of global communications network, but they also have emerging security and fraud concerns. So how are decentralized identifiers different? Any entity can create one using software that they control and they have an infinitely large namespace. So let's look at one. This is an example of a decentralized identifier. It has a schema, a method, we'll get to methods in a second, but there's more than one. So you have to articulate it and then whatever your method specific identifier is, and they can be used to refer to any subject, a person, organization, data model, abstract entity thing. And the identifier is generated by the controller of the dead. Like you generate them so there's a lot you can have as many as you want. They're not scarce and you're not getting assigned them. Each decentralized identifier comes with two numbers, public key, private key, the private key you obviously keep private and don't share with anyone. And the public key can be shared. We'll talk about how they're shared in this with the IDs in a second. But what's important to understand and contrast this with is the way cryptocurrency addresses are handled. So cryptocurrency addresses are just that or a hash of that. And the folks who were developing decentralized identifiers and I was there the very first time they whiteboarded it all out were like, that's too fragile for lifelong identifiers. We need to have an abstraction between the identifier and the key material so that you can rotate keys over time and maintain the identifier as a persistent thing that can be referenced over potentially the lifetime of humans. And if we believe in corporate personhood and entityhood, let's call it anyhood, that may be even right. Entityhood as opposed to first like, I don't think they should be people, but they exist. It's like, what are they? So you have this model. It's well understood as key value pair. So you have a decentralized identifier. And with every decentralized identifier comes the did document, which is a JSNLD document describing the entity identified by the did. And what is an did document? First, you have the did itself for self description. You have a set of public keys for verification. The set of authentication protocols. So this is like which cryptographic curves you use to do authentication against the public keys. Potentially, if you want a set of service endpoints for interaction. So where's the URL or other endpoint that you go and talk to the owner of this did? A timestamp for audit history and a signature for integrity. So this is what did document looks like. It comes in two parts. We'll look at the second part next. So you have the did, the public keys, the signature, the cryptographic algorithm that you use for authentication, the service endpoint. So this is pointing at a URL when it was created, updated, and the signature which would be using the signature would be created with a private key associated with the public key on the previous page. Yes. No, no, it's, yes. I don't know. Look at, but it does not have to be a URL. It's just an endpoint. This is a diagram from the specification itself. So you have the did identifies the did subject. You can create a did URL from the did. This points at the did document, which remember we just went through that has the public keys, service endpoints, etc. The did controller. So the entity that has the private keys can change this record if they want, like rotate their keys, change the service endpoint, etc. To go and find a did document, you would ping a did resolver and we'll talk about one of the universal resolver that this has to do this. And then you have a did method, which we'll talk about next as well, which generates the did and is used by the did resolver to go and find said did document. So in the reality and spirit of decentralization, the did standard does not define a did method, but a kind of MVP for a did method. This was partly what Apple and Google ejected to. They wanted to know, how do you do it? And the specific, the, the charter for the group said, we're not defining a did method. We're defining how to define a did method. And there is a registry of did methods. Right now there is over a hundred. Anyone can add to it. On the other hand, because there's a hundred, there's probably one that solves the problem you want to solve. So go look through that registry first. And you can add more, like for example, you might have an IOT type of did method and you want to add more fields to your did document for the particular use case. So you can say in our did method, we have field like A, B, C and D additionally to the core ones that you have to have. So a did method spec defines a syntax of that really long number. The core elements of a did document, like I just said, you can add more elements to it. How you create, read, update and delete the did document for a target system. Many dids are globally resolvable. Some did methods anchor to public blockchains. And some are on existing infrastructure like did web that uses existing DNS. So the US government is issuing digital green cards. They're using did web because they trust their own DNS infrastructure to host those dids. So there are many that are globally resolvable. Did PKH leverages crypto addresses. And if is building a universal resolver. Some dids are non-public. So two of these methods are did peer, which we'll get to when we get to did com later and did key, which just leverages public private key pairs as like the public key as the identifier in a did document for one sort of one time use credentials. So dids are identifiers that are globally resolvable, decentralized and have associated public keys and endpoints, which gets you this new thing we haven't had on the web before, which is why this is really cool, which is resolvable, decentralized public key infrastructure. That's why this is different and new and cool. And their deep infrastructure, which is essential to reset the foundation to go beyond private namespaces and the image on the missing slide globally managed registries. So who cares about really long numbers, right? I know a lot of you do, but it doesn't really solve more problems. So verifiable credentials are part of how we can leverage decentralized identifiers. So another frame for them is assigned portable digital proof. And they have three core components, credential metadata, claims, proofs. And with a verifiable credential, the issuer package us up this information, signs it with their private key, potentially associated with their did document that we talked about before, and gives it to the wallet of an individual who now has a verifiable credential. You can think of this much like you get credentials in your wallet from entities, they are signed because they're on fancy paper or really great plastic. So that's step one. And then on the next part, we have a verifiable presentation, which is presentation made metadata information about the claims in the verifiable credential and assigned proof. And so that's this part. So the holder does some cryptography and proves to the verifier that they in fact hold the verifiable credential. They do not actually transport the verifiable credential because the verifier could do a replay attack and then use the verifiable credential, right? So part of this is to prove that you hold the credential but not share the actual credential. So we, you know, the in one of the innovations that gets us this is widely used is it stops identity theft fraud because knowing information about you is not enough to be you only if you have the actual verifiable credential in your digital wallet, can you do a real verifiable presentation? They can get the information you share in the verifiable presentation, like your name and your address and stuff, social security number here in the US. But knowing that information isn't enough to assert to an entity who cares enough to check the signatures on this that you are you. So we have issuer holder verifier and this is where you you go and put your decentralized identifier if you're the issuer and the did doc and if you're the verifier you go fetch it and now you can do the math to check that this is really a good verifiable credential. So they it's broadly expressive and it has a huge range of use cases. This is what the US permanent resident card looks like who's the issuer current status subject. What does the issuer assert about the subject and the signature did calm. We can have a peer to peer commons ownership of social graph. I have to go fast because they told me there's five minutes and I won't really want to get the open source stuff. So did comes really cool. Check it out. So you can leverage the qualities of did to create peer to peer secure peer to peer communications channels basically is the point of this. And you could potentially use these communications channels to transport verifiable credentials in between issuers holders and verifiers. And you can see whole ecosystems working. I borrowed these slides these images from Phil Winley who I co-organized the Internet Identity Workshop with. I really I'm going to just flash these at you which is okay because this is an overview of you've got this sort of personal data source store space. I co-chair a working group that hosts these two standards encrypted data vaults and decentralized web nodes which is like where do you put where do you put the verifiable credentials in a secure way that isn't on your phone in a wallet thing. So we need kind of cloud infrastructure that's oriented towards people. We also have a set of standards around object capabilities which is how do you access how do you provide access to things not going to get into it. And this is looking at a detailed overview of an ecosystem where this piece is sort of what comes next after you've got that architecture going how do you know whether you should believe anything. So you need governance, governance authorities and trust registries of like who is a higher education institution in California where I live. Should I believe the student asserting that they graduated from the school actually came from that school how do I know because you have to go look up the dids and these types of things to figure out who's who. And governance frameworks are the kind of agreements that you would form to manage these ecosystems and trustor IP is kind of where they're thinking about these next level order designs. And then bonus you have one trust registry in a governance framework you need directories of trust registry. So my colleague Lucy Yang is working with the global COVID certificate network to build this up of like how do you find the directories that solve a certain problem across different jurisdictions. So we have three centers of gravity doing all of the key work on decentralized identity standards, the credentials community group of the W3C, the decentralized identity foundation of which Chris is the communications director here in the audience and trustor IP foundation. We have open source projects in SSI within hyperledger foundation, which had their global summit earlier this week, you have hyperledger Aries, which is focused on the agent or the wallet part of the ecosystem hyperledger indie, which is a ledger set of tooling and hyperledger Ursa, which is holding the cryptographic libraries for that. One of the things I found interesting is that so many of the other open source projects are almost unknown to other folks. So this is a kind of menu of places to go look for other open source code bases. You have YOLOCOM, which is a company based in Germany, and they're leading in, they're part of three different consortiums out of the four consortiums in Germany building up SSI networks. Spruce ID is doing really excellent work in the United States, some of which is relating to state governments. Verite is a set of code that's been developed by Center, which is the entity that holds the largest U.S. dollar stable coin. It's co-owned by Coinbase and Circle, but they need, they need EKYC and they hired one of the best people in the industry, came Hamilton Duffy. TBD is TBD. It's coming, but the company formerly known as Square has become Block and they're active in this space. You have the Universal Resolver, which I mentioned already. The Digital Credentials Consortium, which is, I think at this point, it's like a dozen global universities like UC Berkeley and MIT and several in Europe building a learner wallet. And here in Europe, you have two key places to go look for code that are doing a lot of work, EBSI and the ESIF Lab, the important part of this part. So these are all great places to go and look for open source code in this space. And I'll close by inviting you all to come to the Internet Identity Workshop. We host this every six months. The next one's coming up in November, November 15 to 17. You're all very, very welcome to join us there. And this is me and my information if you want to connect more. So thank you very much.