 Hi, welcome. Thank you for joining us with Start Simple to Scale Decentralized Identity. With me today is RJ Reiser, Chief Revenue Officer at Liquid Avatar Technologies, and Ken Ebert, who is CTO at ndco.tech. We're here to talk today about how you can take open source code in Hyperledger Aries, nd and Ursa along with the Linux Foundation Public Health Cardia Project and build yourself a commercial solution. And so with me today, RJ and Ken are going to talk about their experience doing just that. We hope that our time today will prove to be instructional and also inspirational as you start down this path and journey towards your commercial solutions. And so where I want to start with is the beginning. The beginning of it all, RJ, just under a year ago, we didn't even know each other. And now we're like BFFs. So I wanted to have our audience understand where you were a year ago and what you were considering doing before you maybe even realize these code bases exist. Just to let the people who may be new to this space understand where the starting point is. Yeah, so so Liquid Avatar, the company that that I'm in charge of our business development is focused on identity and identity solutions. And it was how do you identify who you are in person and also online. We always had this challenge of how do you truly have a secure format where when you say you are who you are. There is that high level of trust there's a high assurance level. And we were doing in a way just like when you would log in and go to any exchange you would take photos of your selfie and photo of your credential. And then that would allow you to get into your account and it was just saved by a login and a password. But is that really truly the most secure way to secure your identity. And as we started digging into it and we were just another me too with a lot of different companies out there, we found that there is actually a better way to prove who you are online. And it was when I was introduced your organization and find out some of the things that you're working on and introduced to all these open source products. Open source codes open source communities that I realized there is a better way to do it it's a paradigm shift. There's a new way that you can now secure your identity, and it's one and done you don't have to keep doing it over and over and over for each organization that you want to work with you do it once. And then use that verifiable credential moving forward. So can I'm going to ask you to reminisce. I actually think it was around Christmas time that we first started talking to RJ in fact I even think RJ it may have been the day after Christmas. I was, if not Christmas day. I was on a ski trip. Yes, family vacation, and it was just grinding on me that I knew that there was this a new solution out there we need to figure it out and you guys picked up the picked up the phone and we're willing to take a call so yeah I mean so when you're celebrating Pandemic Christmas you're like sure why not why not do a call and talk to someone so can you know setting the scene it was right after Christmas snow on the ground and RJ calls and he talks about his vision but also where he is and not quite sure where to go with it. Where do you take someone who is in that position what conversations do you start having as it relates to the open source code that's available to people. The first step is to try to articulate the goals of where you want to go in and I think RJ is really good at describing long term goals and then chopping those up into smaller bite sized chunks so that he's not trying to eat the elephant all at once. And by looking at the long term goal of establishing strong identity that can be reused in multiple places with multiple clients, then looking at, but what are the tools that are going to get us to where we want to go. And I think that we started evaluating some of the open source projects and looked at the different roles that are involved in an ecosystem verifiable credentials typically are anchored with an issuer. The issuer is the one who says, I'm going to make a statement about you this is your email address for instance that's a very simple credential. I'm going to verify your email address and issue a credential from the issuer to the holder the holders usually the end user or person persons like to move around they use mobile phones more frequently now than any other type of device for interacting with the internet and their, their online presence. And then there are verifiers people who need to know that information about you and need to trust it. And so looking at that we've tried to identify, what are the pieces that are going to match up in the ecosystem that RJ was envisioning. And how can we possibly get there in the shortest amount of time. The issuing agent was a fairly easy choice areas cloud agent Python matched up very nicely with the, the criteria that RJ was trying to find. We had a pretty good idea of how to work with the verifiers using that same type of cloud agent, but the mystery was a little bit in in the requirements for their mobile use case. They wanted to make what were some of the criteria RJ that you set out for your mobile users. Yeah, so with our mobile users. It actually goes back to us on a couple panels. And I was on a couple panels with with senators, it was definitely a fish out of water. So talking about the policies that are coming out whether it's in Europe, US and in Canada, it puts the, the power of the data in the hands of the user. So our mobile device needed to make sure that there wasn't a central authority that had the control. It was that the user was in full control they decide who gets to see the data, who doesn't. And then what's the best part about it is, if I share data with somebody if one of our users shares data with somebody. How do you follow that process the right to be forgotten. And this is the foundation that we can get to that point. Now this is this is one of the ones that are on the roadmap a little bit further out. But working with all together the open source community in DTO, we have it specced out and it's the next one in line. So, to summarize, it's the control of the data goes to the user that was the biggest criteria. So, so in looking at the agents that were out there, one of the things that you wanted to do is to make it super easy for the end user and you wanted to look at wallet recovery as well. And so for those two reasons you looked at a, what do we need to do to make a custodial type of approach for initial late agent launch. This gave you a couple of advantages but there were some missing pieces in the open source most of it's there. You're 100% right. I don't mean to jump in but that was the other one that's the control, but isn't part of the control the layer down is, if I lose my phone, whoever has my phone has the control now right or do I have to start all over and get all new identities. So, it's putting the control in the hands where it's not tied to the mobile device. It is an account in the cloud that you can go back to and you can get access to it from any device. And that that, and the initial target was to use a mobile phone to control the agent that represents the end user the end user is in complete control of their data all the time. But if they use a mobile device, then they can control the back end agent that represents them, and they can store their credentials there safely, it can be backed up in an encrypted form for them. If they lose their phone, they only have to reestablish that they are who they say they are a new phone that can control their agent again. So looking at that there were a couple of pieces missing out of the open source solution so we identified the minimum viable product that would make that happen, but that that was kind of the building blocks of getting started to take what was already available in the open source and bring that into the vision that Liquid Avatar and RJ had to provide that in a very friendly and usable form to the mobile end user. Well, and I think for those who are new or just entering the decentralized identity or SSI space is that if you were to t-shirt size the visions of what they want it's a triple XL. But also the complexity of this space matches the size and it may even be a four or five acts. And so it's really hard when you're faced with a really grand vision and a really absolutely disruptive changing technology and then you map it against a very confusing space to begin with. And then you add on another layer and you say okay an open source code you need you know they start hearing names like Aries and Ursa and Andy and they're like I'm still trying to figure out how I accomplished my vision. Can where I guess maybe RJ that was like at the point where you had to start making decisions on how you tackle your vision, and then can. What are the stepping stones that you would encourage those who are joined us today to who may be in a similar position to start working through so RJ. Yeah, um, you know, early in my career, I didn't understand open source code or why you'd want to do it. It is baffling to me. But when you start to attack the problem set that we have right now with digital identity and security around it, I realized the value and the importance of the open source code. It is so large of a task and such a large challenge that it's not one company that's going to do it. You need to make sure a that you give back to the community so the community continues to grow. But that it creates the standard that everyone can build to, and when everyone builds the standard, then you have something that can scale. So if I have a digital identity in one location, using in one closed loop ecosystem because that's where they're starting right. But how do I use it when I extend outside of that ecosystem. So we need these open standards that everyone can build to and everyone agrees to comes to a consensus right. I found that that was the only way we're going to do it. We couldn't do it alone. We, we had to rely on all these different organizations. And these open standards to move it forward and realize our vision. So one of the advantages of the open source code bases is that you have a community of developers. If you look at the hyper ledger Indie areas and Ursa code bases, there are over 450 contributors to that set of code. That's, that's more than the staff that your typical organization has to devote to something like this. But given those contributions from all of those people working together, you can create something that's quite incredible. The open source is the foundation of what you do. And then there's some customization that needs to occur on top of it so that it matches your specific use case and gets tailored to the to the way that you want to use it so that the foundation of open source with some customization on top of it equals a product that is got part of it maintained by an open source community to guarantee that interoperability and part of it that is your unique offering that is has got the fingerprint or the the image of liquid into it. It's our differentiator right it's why are they going to use our solution versus another one. And it's built on that open source so you can plug in play and it's interoperable and I know we're going to talk about our interoperable that we just had the other day right. But it's also being able to provide added features of a user experience that we believe that our users want to help grow that community because the one piece that was just an announcement out of Ontario that's focused on all these open source protocols. Now, once the the government entities are starting to adopt it. We have all these companies out here that are building to it, and also the differentiation of adding to it. How do we get the users engaged. How is it going to be easy for them. I sit here and to this day I can't explain to my kids with blockchain is and I try a million different ways, and they still look at me goes I don't get it. So it's, we shouldn't be talking about that piece it's as simple as a QR code, and then that the security level behind it will make it will will will create an environment where you don't have to worry that your identity is getting stolen. Okay, let's talk about the sausage making here the good, right. You made a commitment open source was the direction that you were going. And the whole purpose of why we're here is, here we go. So basically, the secret sauce into how you made so much progress between the day after Christmas, and this point today so the middle of our story is the sausage making and this is the recipe. So can do you want to share everyone the recipe. Take one part cloud agent, one part network or ledger that sits underneath it one part mediator agent. Add some custom UIs on top, and walla you will have a delicious delicious closed loop ecosystem. A closed loop ecosystem is a great place to start because you, if you just build, for instance, the part that's probably the most interesting to liquid avatar that the mobile agents and the ability to interact with those customers. You don't have the pieces of an issuer or a verifier in order to have some fully usable system you have to look at all of the players, make sure that there's software provided for each of them so they can participate, and then bring them all together into a functioning system. The beauty of the system that liquid avatar now has is that the DCO validator nodes that the blockchain that underpins that all is not something they had to write code for. That's something that's already there and anyone can take advantage of the, the cloud agents were written in the open source community in the areas community and are available for anybody to adapt. The mediator agent that in DCO stood up to to polish and make work well, and the mobile agent is now an open source project as well. But you can't just take the open source agents plunk them down in their vanilla form and expect it to match closely the solution that any individual company is looking for so it's taking the evaluating the open source agents, seeing what's missing, or what should be uniquely presented to the user in a specific workflow, so that it's very easy for them to use, and it's very easy for the, the other partners involved in the system the issuing agents and the verifiers to take a look at how that data is going to be issued in the first place how do you determine who to issue it to, and then how do those verifiers know how to use it in order to establish their business reason not, not the cryptography, not the commenus Latensky signatures at the very bottom of the stack. That doesn't matter to the end users they want to know that that's there and they can trust it, but they don't want to know the details of how cryptography functions work they want to know. How does it change my life can I log in without a password now or can I establish my identity when I go to apply for a loan or when I check out at the grocery store. That's what they want to know and that's I think where RJ's vision has focused. RJ I don't want to give away the end of the story that you survived open source sausage making but can you talk to us about your experience going through this, and perhaps maybe the, the biggest aha moments through the process. Yeah, so there's quite a few of them, actually, but I wanted to add on with with Ken, and this is going to this is going to date me but I remember being freshly out of school, and was working for a large fortune 500 company, and they were teaching me how to get access to the Internet how to tunnel it, and it wasn't really the Internet, it was the Internet. And we had the company had its own little Internet that we can play in. And the reason why they didn't plug into the Internet is because they didn't understand it enough it wasn't developed enough it wasn't mature enough, and the security risks. So we'd come to the Internet, do the company policy processes then we can leave the Internet and there's always lots of training about what environment you're in and what you can do. Well, that was phase one for the Internet and when it moved to the next level, we don't have Internet's anymore. Now, it's matured enough where you do have Internet. The Internet's aren't a process you have to go through. That's what I kind of the analogy I use for the closed loop ecosystems. There are so many altruistic individuals in all of these open source communities that want to build the product that's going to be perfect for every possible scenario. And, you know, you sit in these meetings and you're trying to push things forward and get something started and you realize that, you know, we want to support those, and we'll always be there to support them, but we got to get started. Working with all of our partners and especially Ken and Heather, you know, let's start with a closed loop ecosystem. We have all of the parts. And what I mean the parts not necessarily the products because we have the products, but we have the partners. The partners that are asking us to help build out these solutions around testing for PCR tests and using it at work environments. And it was like, wait a minute, we let's start with this closed loop, where we do an invite only to the labs, invite only to the businesses or the venues and get it working and work out all the bugs and the kinks which we've done. Now it's time to go to the next level, which is we have an open invite. I was in a meeting in one of these open source communities, and I said, anyone that wants to partner with us and move this closed loop ecosystem forward, we welcome you. Okay, everyone's invited, because then now it starts growing, and then we start building out some of the other processes that allow us to go from an internet to the internet. I want to back it up one step prior to that, because I think that it was, it's important to look at as we try to put our closed loop system together that we start with prototypes and trials at that early stage. There's two good reasons for doing that. One is that you can see it in action. And then instead of trying to explain it with words, you can explain it with, look, here's how it works right now. And that discussion, both internal to the company to explain it from the technology side to the marketing and business sides, and then also external to the company to the new partners that you want to bring on board, or to have a new customer is really critical to go through a very simple prototype of what you're trying to do, and a very small MVP, and then put it out in a trial basis and as that happens, new use cases will pop up faster than you can imagine and we'll get added to your list of cool things to add. But you're already in the position of receiving feedback from the internal company people, the partners, the end users, you're starting to gather that momentum around the initiative. And it helps prove its credibility and get the feedback that you need so that you're not introducing a product that missed the mark, you're already engaged with all of those people, and they're providing feedback along the development cycle. Once you get into production. That's a great step, then you can look at the process of scaling and making it broader more users. A great problem to have is we have so many users that the servers are starting to bog down what do we do next. That's a great problem to address at that point. But the idea of taking it from very small and demonstrable steps and then scaling it out is I think you've you've you've done an excellent job of that in both internally in your own company and with your partners that you've been showing this to us as the technology has been growing and maturing. So now can someone who's joined us here and is looking for to understand what is in the open source community is it applies to decentralized identity. How do they go figure that out. So the open source communities, typically the living ones have typically have repo, a GitHub repo or something like that where that repository where the code is stored. Typically documentation is available there, they may have a wiki, or they may have a website that's associated with it to help explain how new people can participate. They typically have working groups a main working group and perhaps sub working groups that focus on specific problems or issues that need to be addressed in the community. Those meeting frequencies are typically on a weekly or every other week cycle, so that work is done outside of the meetings. The group gets together to discuss or demonstrate the contributions that they're making, or to resolve questions, and then minutes are kept. There's recordings of the meetings that you can watch, but that allows for people to participate in the discussion. Don't be shy about going and participating in one of those meetings and listening first, and then asking questions, and then contributing as you as you gain deeper understanding of what's going on. So typically also either slack or rocket chat some type of a chat mechanism or an email thread where you can go ask questions, or you can find out or listen to the conversation that's going on there and find out more about how the open source community is working, but typically those those are open to the rules of whatever open source community the hyper ledger community is open to all. So I look to that because I just lived it over the last two years. Right. And I and also RJ to talk to it from a Chief Revenue Officer you have a business side role. So I'm interested in hearing your perspective over the last year. So, so for me it was it was just getting the white papers they do such a great job of getting the community together to to put together a document that explains what their goals are how they're building it so my first recommendation is go to those different sites, download their white paper and read their white paper, not just once, put notes on it and read it a second time. Right. I would be sitting there at baseball games in between innings reading, you know, reading these white papers, and you learn so much, then attend the meetings, and just be a fly on the wall. Listen, you'll find the players in each of the organizations, and you'll be shocked at how friendly and inviting these individuals are, because they want you to help, they want you to participate. I've met some of the most creative and generous individuals in these organizations, where I know it's going to be lifelong friendships and they're going to say hey can you help out with this can you guys build a template for this. I'm going to ask you to chair one of the committees. And once that happens. It's in your blood now you're just part of it. And then everybody just continues to share right because it's an open source community where we want all, you know, companies to move forward. That's what I recommend. What's a challenge in the open source community is figuring out what the business model is right we, we all have, you know, whether a board of directors or shareholders, but we all have to answer the bottom line. And that is the channel challenge in these communities, these communities aren't to discuss that right. I mean it's clear from day one in the different aspects and mandates that especially with Linux is that you're not to talk about pricing you're not to talk about project or collusion or anything so it's this isn't the platform for it. But as you build and find companies that are doing the same things as you, there's partnerships to be developed. And from those partnerships, you can you can find the different business models and that's that's what we're doing. Let's move out the excitement that was yesterday and that was Cardia interopathon. And just for folks who have not heard of Cardia Cardia is an open source project to spur the exchange of health credentials that is hosted by the Linux foundation, in DCO and CEDA, SITA, the airline technology provider made the initial contribution of that code to the open source community. Liquid avatar found themselves in a place where they needed to have verifiable health credentials as a part of their solution, and therefore joined the open source community of Cardia became steering committee member. I think RJ you didn't even know this was happening until Cardia was announced and you were all in, and you were able to incorporate Cardia and that open source code into your solution. And so Ken, do you want to talk about what the interopathon, the goal of it was yesterday and then RJ, you were on the front you had a front row seat and you were the one out testing and tell us about your experience then. So Cardia is a relatively new project and an open source terms, it's only been in existence for several months, typically as a project gets started. You have maintainers of the code you establish your meetings and then, sometimes six months or more later you start to do your interop events to try to test interoperable solutions and prove that they work together. We're on an accelerated schedule at the Cardia project, and we decided to host an interop event very early in the project's life cycle, an interop event is where you have both a reference implementation that shows how the code might be implemented, and then you have solutions from different vendors, or governments or universities or whoever wants to bring their solutions and test them to test against both the reference implementation and then test against each other to find out where the interoperability is strong and where it might be weak or where there's friction points in the system that need either better definition or more code development to make it work smoother. The interop event typically starts off fairly small, they're usually held on a regular basis quarterly or semi annually for the slow moving projects. But the idea is to get people together frequently as the code evolves and matures and test out that how well they work together. You expect to find some roaring successes and you expect to find some dismal failures that's part of an interop. If you don't set the goals high enough everything just works fine and it's too simple, and you haven't really stressed the system to find the weak points in an interop event you are trying to find where the products don't work well together and push the envelope to further progress and mature the product lines. So we held that we had a number of companies show up. It was an exciting event RJ you want to talk about how, from your perspective, what it looked like it. Yeah, it was really exciting. I mean, the analogy I like to use is like a preseason game right we're all getting ready to to leverage verifiable credentials but we need to test it we need to have that scrimmage those preseason games and that's that's what it was. So there were a number of companies that came out. And we all tested the various so that trust triangle that you just showed so we have their wallets issuers and verifiers. So we all used our three different pieces with each other. We found the small groups and you got to share your screen and and scan QR codes and leverage the foundation that's given to us through cardio right so you mentioned the whole cardio and the health project. I can't be an expert on all vaccinations. And what's really neat about these open source project is I can though participate and add value. And in the cardio group as I sit here and I look, there's experts from, you know, W3C and verifiable credentials. There's experts from, you know the health industry to understand the different codes that go in different vaccinations, because it's not just one vaccinations all vaccinations. There's the research that we as an individual company would have to go through would be, you know, just a huge hurdle and barrier, but through open source, we can contribute to building out what that schema is that would meet all the different vaccinations that are out and also the different locations around the world. So being a part of that group and then using that schema that still it still can be updated and grow and mature just like everything else. But it gives us that line in the sand where we start, and then it's the scrimmage time let's everyone else that's built into these verifiable credentials that have these different ecosystems and different partners. Let's try the interoperability because it's the user that has the control. So let's plug and play and we did it and it was a lot of fun. I think I, I did demos and interoperability with four to six different companies. And most of the time it worked, it worked really, really well. We found two or three challenges that were back to the drawing board to fix. But that's, that's part of it right that's that's exactly what happens in preseason. So as we bring this conversation to an end, I want to take what you saw and experienced in the interopathon, where you witnessed multiple companies actually able to be interoperable and share credentials amongst each other. And then I want to roll in the announcement from the government of Ontario and their vision for their digital identity system. So first I'll start with you RJ. When you combine those two experiences that just happened, what do you see for the future of open source decentralized identity technology. I see the, the instead of concept, I see reality now. Right, so there's two pieces companies that haven't even talked to each other as some of these folks I haven't even met. They were able to create an exchange verifiable credentials that had all of this security from blockchain and cryptographic security right then couple that with the fact that government agencies are now really realizing that they have to set the precedents to make the tough decisions on how companies can use open standards in order to meet the government requirements that they have around PAPIDA or GDPR. So it's, it's for me it's very exciting that everything's finally coming together what we've been working on for year plus if not a lot longer than that some folks but our company year and a half. And that now it's come to fruition where we can actually use the technology. And at the same time, you have the government of Ontario, Ontario, the province, releasing a press release saying we will have a verifiable credential and all of the standards that they mentioned are the standards that we've been building on since day one. And Ken, what's the future. I think that Ontario has laid out a good foundation for where they want to go a good roadmap. They're looking at both the existing technologies that are already functional today that companies such as liquid avatar are already building on top of and delivering today. And they're also looking forward to the next iteration of, of version two of the did come protocol and they're looking forward to new signature formats as the cryptography is made more efficient and stronger. They're looking at a good solution now and they're looking at a roadmap of where to the next steps in the, in the maturity of the technology going, but I think they've also laid out some interesting core principles that align with both legal frameworks and regulatory frameworks that control how technology should interact with people how what is the private privacy preservation policy. How are people to be treated. How do they control their own identity and their own credentials in in a growing and evolving ecosystem. I think the government's announcement also indicates that there are many self organizing communities of credentials being established, but as long as they're following these standards than the other solutions that are also built on similar standards can interrupt and effectively have a broad network effect of being able to use a credential that was originally a driver's license credential only for the use in driving can now be used for establishing a bank account or identity, proofing for proof of employment and other other use cases that are not the initial use case that was targeted, but make for a life similar to our, our hard credentials that we have in our wallets are plastic cards and paper credentials that we have now, to be able to use those and control those in a similar way so that we can use those identity credentials that are stored in our digital wallets, and have those same type of ad hoc interactions, as well as the ones that were originally planned in the ecosystem design in the beginning. I'm excited. I want to thank everyone for joining us. This is Ken Ebert, CTO of Indecio Tech, RJ Reiser, Chief Revenue Officer at Liquid Avatar Technologies. I'm Heather Dahl, CEO of Indecio Tech. We just spent over a half hour talking about how you can start simple to build your decentralized identity solution. I want to thank you for joining us. And now we will move into the question and answer portion of this session. Thank you. Thank you.